Skip to main content
SpringerLink
Log in

Cryptographically sound security proofs for basic and public-key Kerberos

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

We present a computational analysis of basic Kerberos with and without its public-key extension PKINIT in which we consider authentication and key secrecy properties. Our proofs rely on the Dolev–Yao style model of Backes, Pfitzmann, and Waidner, which allows for mapping results obtained symbolically within this model to cryptographically sound proofs if certain assumptions are met. This work was the first verification at the computational level of such a complex fragment of an industrial protocol. By considering a recently fixed version of PKINIT, we extend symbolic correctness results we previously attained in the Dolev–Yao model to cryptographically sound results in the computational model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. The AVISPA tool for the automated validation of internet security protocols and applications. In: Proceedings of the Computer-aided Verification (CAV). Springer, 2005. http://www.avispa-project.org (2005)

  2. Abadi, M., Jürjens, J.: Formal eavesdropping and its computational interpretation. In: Proceedings of TACS, pp. 82–94 (2001)

  3. Abadi, M., Rogaway, P.: Reconciling two views of cryptography: The computational soundness of formal encryption. In: Proceedings of the 1st IFIP International Conference on Theoretical Computer Science, LNCS, vol. 1872, pp. 3–22. Springer (2000)

  4. Backes, M.: A cryptographically sound Dolev-Yao style security proof of the Otway-Rees protocol. In: Proceedings of ESORICS, LNCS, vol. 3193, pp. 89–108. Springer (2004)

  5. Backes, M., Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K.: Cryptographically sound security proofs for basic and public-key Kerberos. In: Proceedings of ESORICS, pp. 362–383 (2006)

  6. Backes, M., Jacobi, C.: Cryptographically sound and machine-assisted verification of security protocols. In: Proceedings of the 20th STACS, LNCS, vol. 2607, pp. 675–686. Springer (2003)

  7. Backes M., Pfitzmann B.: A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol. J. Sel. Areas Commun. 22(10), 2075–2086 (2004)

    Article  Google Scholar 

  8. Backes, M., Pfitzmann, B.: Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In: Proceedings of CSFW’04, pp. 204–218, June 2004

  9. Backes M., Pfitzmann B.: Relating symbolic and cryptographic secrecy. IEEE Trans. Dependable Secur. Comput. 2(2), 109–123 (2005)

    Article  Google Scholar 

  10. Backes, M., Pfitzmann, B.: On the cryptographic key secrecy of the strengthened Yahalom protocol. In: Proceedings of 21st IFIP International Information Security Conference (SEC), pp. 233–245, May 2006

  11. Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations (extended abstract). In: Proceedings of the CCS’03, pp. 220–230 (2003)

  12. Backes, M., Pfitzmann, B., Waidner, M.: Symmetric authentication within a simulatable cryptographic library. In: Proceedings of ESORICS’03, LNCS, vol. 2808, pp. 271–290. Springer (2003)

  13. Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. IACR Cryptology ePrint Archive, Report 2003/015, http://www.eprint.iacr.org/, January 2003

  14. Bella, G., Paulson, L.C.: Kerberos Version IV: inductive analysis of the secrecy goals. In: Proceedings of ESORICS’98, LNCS, vol. 1485, pp. 361–375. Springer (1998)

  15. Bella G., Riccobene E.: Formal analysis of the Kerberos authentication system. J. Univers. Comput. Sci. 3(12), 1337–1381 (1997)

    MATH  Google Scholar 

  16. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Proceedings of CRYPTO ’93, LNCS vol. 773, pp. 232–249. Springer (1994)

  17. Blanchet, B.: A computationally sound mechanized prover for security protocols. In: Proceedings of the 27th IEEE Symposium on Security & Privacy (2006)

  18. Blanchet, B., Jaggard, A.D., Jesse, R., Scedrov, A., Tsay, J.-K.: Refining computationally sound mechanized proofs for Kerberos, 2009. http://www.infsec.uni-trier.de/fcc2009/

  19. Blanchet, B., Jaggard, A.D., Scedrov, A., Tsay, J.-K.: Computationally sound mechanized proofs for basic and public-key Kerberos. In: ASIACCS’08, pp. 87–99 (2008)

  20. Boldyreva, A., Kumar, V.: Provable-security analysis of authenticated encryption in Kerberos. In: IEEE Symposium on Security and Privacy (2007)

  21. Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A.: An Analysis of Some Properties of Kerberos 5 Using MSR. In: Proceedings of CSFW’02 (2002)

  22. Butler F., Cervesato I., Jaggard A.D., Scedrov A., Walstad C.: Formal analysis of Kerberos 5. Theor. Comput. Sci. 367(1–2), 57–87 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  23. Cable Television Laboratories, Inc. PacketCable Security Specification. Technical document PKT-SP-SEC-I11-040730 (2004)

  24. Canetti, R.: Universal composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Syposium on Foundations of Computer Science (FOCS 2001), pp. 136–145. IEEE Computer Society, October 2001

  25. Canetti, R., Gajek, S.: Universally composable symbolic analysis of Diffie–Hellman based key exchange. Cryptology ePrint Archive, Report 2010/303, 2010. http://www.eprint.iacr.org/

  26. Canetti, R., Herzog, J.: Universally composable symbolic analysis of cryptographic protocols (the case of encryption-based mutual authentication and key exchange). In: Proceedings of the 3rd Theory of Cryptography Conference (TCC) (2006)

  27. Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K., Walstad, C.: Breaking and fixing public-key Kerberos, 2006. Presented at WITS’06 (2006)

  28. Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K., Walstad, C.: Breaking and fixing public-key Kerberos. In: Proceedings of ASIAN’06, LNCS, vol. 4435 (2006)

  29. Cervesato I., Jaggard A.D., Scedrov A., Tsay J.-K., Walstad C.: Breaking and fixing public-key Kerberos. Inf. Comput. 206(2–4), 402–424 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  30. Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Specifying Kerberos 5 Cross-Realm Authentication. In: Proceedings of WITS’05, pp. 12–26 (2005)

  31. Cervesato, I., Meadows, C., Pavlovic, D.: An encapsulated authentication logic for reasoning about key distribution protocol. In: Proceedings of CSFW-18, pp. 48–61, Aix-en-Provence, France, 20–22 June 2005. IEEE Computer Society Press

  32. Comon-Lundh, H., Cortier, V.: Computational soundness of observational equivalence. In: Proceedings of the 15th ACM Conference on Computer and Communications Security CCS 2008. ACM Press (2008)

  33. Cortier, V., Warinschi, B.: Computationally sound, automated proofs for security protocols. In: Proceedings of ESOP-14, pp. 157–171 (2005)

  34. Datta, A., Derek, A., Mitchell, J., Shmatikov, V., Turuani, M.: Probabilistic polynomial-time semantics for a protocol security logic. In: Proceedings of ICALP, pp. 16–29. Springer LNCS 3580 (2005)

  35. Datta, A., Derek, A., Mitchell, J., Warinschi, B.: Key exchange protocols: Security definition, proof method, and applications. In: Proceedings of the IEEE CSFW-19, Venice, Italy, 2006. IEEE Press (2006)

  36. De Clercq, J., Balladelli, M.: Windows 2000 authentication. http://www.windowsitlibrary.com/Content/617/06/6.html, 2001. Digital Press (2001)

  37. Dolev D., Yao A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  38. Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., Schwenk, J.: Universally Composable Security Analysis of TLS. In: Proceedings of the 2nd International Conference on Provable Security (ProvSec 2008), Lecture Notes in Computer Science, vol. 5324, pp. 313–327. Springer (2008)

  39. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game—or—a completeness theorem for protocols with honest majority. In: Proceedings of STOC, pp. 218–229 (1987)

  40. Goldwasser S., Micali S.: Probabilistic encryption. J. Comput. Syst. Sci. 28, 270–299 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  41. Guttman, J.D., Thayer Fabrega, F.J., Zuck, L.: The faithfulness of abstract protocol analysis: message authentication. In: Proceedings of CCS-8, pp. 186–195 (2001)

  42. He, C., Mitchell, J.C.: Security analysis and improvements for IEEE 802.11i. In: Proceedings of NDSS’05 (2005)

  43. Herzog, J., Liskov, M., Micali, S.: Plaintext awareness via key registration. In: Proceedings of CRYPTO, pp. 548–564. Springer LNCS 2729 (2003)

  44. IETF. Public Key Cryptography for Initial Authentication in Kerberos, 1996–2006. Sequence of Internet drafts available from http://www.tools.ietf.org/wg/krb-wg/draft-ietf-cat-kerberos-pk-init/

  45. Impagliazzo, R., Kapron, B.M.: Logics for reasoning about cryptographic constructions. In: Proceedings of FOCS, pp. 372–381 (2003)

  46. Laud, P.: Semantics and program analysis of computationally secure information flow. In: Proceedings of ESOP, pp. 77–91 (2001)

  47. Laud, P.: Symmetric encryption in automatic analyses for confidentiality against active adversaries. In: Proceedings of the Symposium Security and Privacy, pp. 71–85 (2004)

  48. Meadows, C.: Analysis of the internet key exchange protocol using the NRL Protocol Analyzer. In: Proceedings of the IEEE Symposium Security and Privacy, pp. 216–231 (1999)

  49. Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. In: Proceedings of TCC, pp. 133–151. Springer LNCS 2951 (2004)

  50. Microsoft. Security Bulletin MS05-042. http://www.microsoft.com/technet/security/bulletin/MS05-042.mspx, August 2005

  51. Mitchell, J., Mitchell, M., Scedrov, A.: A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In: Proceedings of FOCS, pp. 725–733 (1998)

  52. Mitchell, J., Ramanathan, A., Scedrov, A., Teague, V.: A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols. Theor. Comput. Sci. 353(1–3) (2006)

  53. Neuman C., Ts’o T.: Kerberos: An authentication service for computer networks. IEEE Commun. 32(9), 33–38 (1994)

    Article  Google Scholar 

  54. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5), July 2005. http://www.ietf.org/rfc/rfc4120

  55. Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proceedings of the S&P, pp. 184–200 (2001)

  56. Roy, A., Datta, A., Derek, A., Mitchell, J.C.: Inductive proofs of computational secrecy. In: Biskup, J., Lopez, J. (Eds.), ESORICS, Lecture Notes in Computer Science, vol. 4734, pp. 219–234. Springer (2007)

  57. Roy, A., Datta, A., Mitchell, J.C.: Formal proofs of cryptographic security of Diffie–Hellman-based protocols. In: Barthe, G., Fournet, C., (Eds.), TGC, Lecture Notes in Computer Science, vol. 4912, pp. 312–329. Springer (2007)

  58. Sprenger, C., Backes, M., Basin, D., Pfitzmann, B., Waidner, M.: Cryptographically sound theorem proving. In: Computer Security Foundations Workshop (CSFW06), pp. 153–166. IEEE Computer Society, July 2006

  59. Sprenger, C., Basin, D.: Cryptographically-sound protocol-model abstractions. In: Computer Security Foundations (CSF ’08). IEEE Computer Society (2008)

  60. The Internet Engineering Task Force. http://www.ietf.org

  61. Zhu, L., Tung, B.: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), June 2006. http://www.ietf.org/rfc/rfc4556

Download references

Author information

Authors and Affiliations

  1. Saarland University, Saarbrücken, Germany

    Michael Backes

  2. Carnegie Mellon University, Doha, Qatar

    Iliano Cervesato

  3. Colgate University, Hamilton, NY, USA

    Aaron D. Jaggard

  4. Rutgers University, New Brunswick, NJ, USA

    Aaron D. Jaggard

  5. University of Pennsylvania, Philadelphia, PA, USA

    Andre Scedrov

  6. LSV, ENS Cachan & CNRS & INRIA, Cachan Cedex, France

    Joe-Kai Tsay

Authors
  1. Michael Backes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Iliano Cervesato
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aaron D. Jaggard
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andre Scedrov
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Joe-Kai Tsay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joe-Kai Tsay.

Additional information

Backes was partially supported by the German Research Foundation (DFG) under grant 3194/1-1. Cervesato was partially supported by ONR under Grant N00014-01-1-0795 and by the Qatar Foundation under grant number 930107. Jaggard was partially supported by NSF Grants DMS-0239996, CNS-0429689, and CNS-0753492, and by ONR Grant N00014-05-1-0818. Scedrov was partially supported by OSD/ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795 and OSD/ONR CIP/SW URI “Trustworthy Infrastructure, Mechanisms, and Experimentation for Diffuse Computing” through ONR Grant N00014-04-1-0725. Scedrov was also partially supported by ONR Grant N00014-07-1-1039 and by NSF Grants CNS-0524059 and CNS-0830949 and CNS-0429689. This material is based upon work supported by the MURI program under AFOSR Grant No: FA9550-08-1-0352. Tsay was partially supported by ONR Grant N00014-01-1-0795 and NSF grant CNS-0429689. A preliminary version of this work appeared as [5].

Rights and permissions

Reprints and permissions

About this article

Cite this article

Backes, M., Cervesato, I., Jaggard, A.D. et al. Cryptographically sound security proofs for basic and public-key Kerberos. Int. J. Inf. Secur. 10, 107–134 (2011). https://doi.org/10.1007/s10207-011-0125-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-011-0125-6

Keywords

Search

Navigation