Abstract
We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys that the KDC would normally generate to encrypt the service requests of this client, hence defeating confidentiality as well. The discovery of this attack caused the IETF to change the specification of PKINIT and Microsoft to release a security update for some Windows operating systems. We discovered this attack as part of an ongoing formal analysis of the Kerberos protocol suite, and we have formally verified several possible fixes to PKINIT—including the one adopted by the IETF—that prevent our attack.
Cervesato was partially supported by the Qatar Foundation under grant number 930107, with early aspects of this work supported by ONR under Grant N00014-01-1-0795. Jaggard was partially supported by NSF Grants DMS-0239996 and CNS-0429689, and by ONR Grant N00014-05-1-0818. Scedrov was partially supported by OSD/ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795 and OSD/ONR CIP/SW URI “Trustworthy Infrastructure, Mechanisms, and Experimentation for Diffuse Computing” through ONR Grant N00014-04-1-0725. Additional support from NSF Grants CNS-0429689 and CNS-0524059. Tsay was partially supported by ONR Grant N00014-01-1-0795 and NSF grant CNS-0429689.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5) (2005), http://www.ietf.org/rfc/rfc4120
Thomas, M., Vilhuber, J.: Kerberized Internet Negotiation of Keys (KINK) (2003), http://ietfreport.isoc.org/all-ids/draft-ietf-kink-kink-06.txt
Microsoft: Security Bulletin MS05-042 (2005), http://www.microsoft.com/technet/security/bulletin/MS05-042.mspx
Strasser, M., Steffen, A.: Kerberos PKINIT Implementation for Unix Clients. Technical report, Zurich University of Applied Sciences Winterthur (2002)
CERT: Vulnerability Note 477341 (2005), http://www.kb.cert.org/vuls/id/477341
Yu, T., Hartman, S., Raeburn, K.: The perils of unauthenticated encryption: Kerberos version 4. In: Proc. NDSS 2004 (2004)
Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Formal Analysis of Kerberos 5. Theoretical Computer Science 367, 57–87 (2006)
Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Specifying Kerberos 5 Cross-Realm Authentication. In: Proc. WITS 2005, ACM Digital Lib. pp. 12–26 (2005)
Kemmerer, R., Meadows, C., Millen, J.: Three systems for cryptographic protocol analysis. J. Cryptology 7, 79–130 (1994)
Meadows, C.: Analysis of the internet key exchange protocol using the nrl protocol analyzer. In: Proc. IEEE Symp. Security and Privacy, pp. 216–231 (1999)
Mitchell, J.C., Shmatikov, V., Stern, U.: Finite-State Analysis of SSL 3.0. In: Proc. 7th USENIX Security Symp., pp. 201–216 (1998)
Backes, M., Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.K.: Cryptographically Sound Security Proofs for Basic and Public-key Kerberos. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, Springer, Heidelberg (2006)
IETF: Public Key Cryptography for Initial Authentication in Kerberos (1996–2006) RFC 4556. Preliminary versions available as a sequence of Internet Drafts at, http://tools.ietf.org/wg/krb-wg/draft-ietf-cat-kerberos-pk-init/
De Clercq, J., Balladelli, M.: Windows 2000 authentication, Digital Press (2001), http://www.windowsitlibrary.com/Content/617/06/6.html
Cable Television Laboratories, Inc.: PacketCable Security Specification Technical document PKT-SP-SEC-I11-040730 (2004)
Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen Message Attacks. SIAM J. Computing 17, 281–308 (1988)
Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2, 107–125 (1992)
Canetti, R., Krawczyk, H.: Security Analysis of IKE’s Signature-Based Key-Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)
Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Clark, J., Jacob, J.: On the security of recent protocols. Information Processing Letters 56, 151–155 (1995)
Abadi, M., Needham, R.: Prudent Engineering Practice for Cryptographic Protocols. IEEE Trans. Software Eng. 22, 6–15 (1996)
Raeburn, K.: Encryption and Checksum Specifications for Kerberos 5 (2005), http://www.ietf.org/rfc/rfc3961.txt
Cervesato, I.: Typed MSR: Syntax and Examples. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, Springer, Heidelberg (2001)
Durgin, N.A., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset Rewriting and the Complexity of Bounded Security Protocols. J. Comp. Security 12, 247–311 (2004)
Backes, M., Pfitzmann, B., Waidner, M.: A Composable Cryptographic Library with Nested Operations. In: Proc. CCS 2003, pp. 220–230. ACM, New York (2003)
Sprenger, C., Backes, M., Basin, D., Pfitzmann, B., Waidner, M.: Cryptographically sound theorem proving. In: Proc. CSFW 2006, pp. 153–166 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, JK., Walstad, C. (2007). Breaking and Fixing Public-Key Kerberos. In: Okada, M., Satoh, I. (eds) Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues. ASIAN 2006. Lecture Notes in Computer Science, vol 4435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77505-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-77505-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77504-1
Online ISBN: 978-3-540-77505-8
eBook Packages: Computer ScienceComputer Science (R0)