Skip to main content
SpringerLink
Log in

Toward a secure Kerberos key exchange with smart cards

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user’s card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary’s access to the card is revoked. In this paper, we extend Shoup’s key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. The SC acronym can be interpreted as smart card.

  2. The following proofs can also be performed in the standard model by assuming that the decisional Diffie–Hellman (DDH) problem is hard and assuming that the function \(F\) represents a randomly selected function from a family of pair-wise independent hash functions (see [27, Section 5.3] for a discussion).

  3. It is, however, important to note that while the security parameters \(k_s\) and \(k_d\) are controlled by the user of the protocol by selecting longer key sizes and DH groups, the lengths of nonces are fixed to 32-bits.

  4. In the original PKINIT protocol, this assertion does not hold. In particular, using the attack described in Sect. 4.1, an adversary can cause \(I_{i,j}\) to establish a key that is distinguishable from a random one; more precisely, the adversary knows the exact value of that key, as shown in Theorem 1. Moreover, since this adversary does not issue an \({AccessSC }(i')\) query after the \(({InitUser },{}i',{}{ID })\), our simulator cannot simulate this adversary as this would require issuing an illegal \({compromise }\) query.

References

  1. Anderson, R.J., Needham, R.M.: Robustness principles for public key protocols. In: Advances in Cryptology—CRYPTO, volume 963 of Lecture Notes in Computer Science, pp. 236–247. Springer (1995)

  2. Backes, M., Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K.: Cryptographically sound security proofs for basic and public-key Kerberos. Int. J. Inf. Secur. 10(2), 107–134 (2011)

    Article  Google Scholar 

  3. Bella, G.: Inductive verification of smart card protocols. J. Comput. Secur. 11(1), 87–132 (2003)

    Google Scholar 

  4. Bellare, M., Canetti, R., Krawczyk H.: A modular approach to the design and analysis of authentication and key exchange protocols. Cryptology ePrint Archive, Report 1998/009 (1998)

  5. Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, STOC’95, pp. 57–66. ACM (1995)

  6. Bellovin, S.M., Merritt, M.: Limitations of the Kerberos authentication system. Comput. Commun. Rev. 20, 119–132 (1990)

    Article  Google Scholar 

  7. Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Crytography and Coding, volume 1355 of Lecture Notes in Computer Science, pp. 30–45. Springer (1997)

  8. Blanchet, B., Jaggard, A.D., Scedrov, A., Tsay, J.-K.: Computationally sound mechanized proofs for basic and public-key Kerberos. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 87–99 (2008)

  9. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)

    Article  Google Scholar 

  10. Burrows, M., Kaufman, C., Lampson, B., Abadi, M., Abadi, M.: Authentication and delegation with smart-cards. In: Science of Computer Programming, pp. 326–345 (1992)

  11. Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC, pp. 235–244. ACM (2000)

  12. Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K., Walstad, C.: Breaking and fixing public-key Kerberos. Information and Computation, 206(2–4):402–424, 2008. Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA ’06)

  13. Datta, A., Derek, A., Mitchell, J.C., Roy, A.: Protocol composition logic (PCL). Electron. Notes Theor. Comput. Sci. 172, 311–358 (2007)

    Article  MathSciNet  Google Scholar 

  14. de Clerq, J.: Microsoft TechNet: Smart Cards. Available at: http://technet.microsoft.com/en-us/library/dd277362.aspx (2011)

  15. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard) (2008)

  16. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  17. Gong, L., Needham, R., Yahalom, R.: Reasoning about belief in cryptographic protocols. In: Proceedings 1990 IEEE Symposium on Research in Security and Privacy, pp. 234–248. IEEE Computer Society Press (1990)

  18. Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Standards Track) (2010)

  19. Mavrogiannopoulos, N., Pashalidis, A., Preneel, B.: Security implications in Kerberos by the introduction of smart cards. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS). ACM (2012)

  20. MIT Kerberos Consortium. PKINIT configuration. Available at: http://k5wiki.kerberos.org/wiki/Pkinit_configuration (2011)

  21. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). RFC 4120 (Proposed Standard) (2005)

  22. Paulson, L.C.: Isabelle: The next 700 theorem provers. arXiv, preprint cs/9301106 (2000)

  23. Roy, A., Datta, A., Mitchell, J.: Formal proofs of cryptographic security of Diffie-Hellman-based protocols. In: Barthe, G., Fournet, C. (eds.) Trustworthy Global Computing, volume 4912 of Lecture Notes in Computer Science, pp. 312–329. Springer (2008)

  24. Schneier, B., Shostack, A.: Breaking up is hard to do: modeling security threats for smart cards. In: First USENIX Symposium on Smart Cards (1999)

  25. Schoenmakers, B.: Personal communication

  26. Shay, R., Komanduri, S., Kelley, P.G., Leon, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F.: Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS ’10, pp. 2:1–2:20. ACM (2010)

  27. Shoup, V.: On formal models for secure key exchange. IACR ePrint archive 1999/012 (1999)

  28. Shoup, V., Rubin, A.D.: Session key distribution using smart cards. In: Advances in Cryptology—EUROCRYPT, pp. 321–331. Springer (1996)

  29. Ylonen, T., Lonvick, C.: The Secure Shell (SSH) Protocol Architecture. RFC 4251 (Proposed Standard) (2006)

  30. Zhu, L., Tung, B.: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT). RFC 4556 (Proposed Standard), (2006)

Download references

Acknowledgments

The authors would like to thank Alfredo Rial, Berry Schoenmakers and the anonymous referees for their comments which improved this manuscript. This work was supported in part by the Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT Vlaanderen) SBO project, the Research Council KU Leuven: GOA TENSE (GOA/11/007), by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy).

Author information

Authors and Affiliations

  1. Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001 , Leuven-Heverlee, Belgium

    Nikos Mavrogiannopoulos, Andreas Pashalidis & Bart Preneel

Authors
  1. Nikos Mavrogiannopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Pashalidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bart Preneel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikos Mavrogiannopoulos.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mavrogiannopoulos, N., Pashalidis, A. & Preneel, B. Toward a secure Kerberos key exchange with smart cards. Int. J. Inf. Secur. 13, 217–228 (2014). https://doi.org/10.1007/s10207-013-0213-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-013-0213-x

Keywords

Search

Navigation