A Browser-Based Kerberos Authentication Scheme

  • Sebastian Gajek
  • Tibor Jager
  • Mark Manulis
  • Jörg Schwenk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5283)


When two players wish to share a security token (e.g., for the purpose of authentication and accounting), they call a trusted third party. This idea is the essence of Kerberos protocols, which are widely deployed in a large scale of computer networks. Browser-based Kerberos protocols are the derivates with the exception that the Kerberos client application is a commodity Web browser. Whereas the native Kerberos protocol has been repeatedly peer-reviewed without finding flaws, the history of browser-based Kerberos protocols is tarnished with negative results due to the fact that subtleties of browsers have been disregarded. We propose a browser-based Kerberos protocol based on client certificates and prove its security in the extended formal model for browser-based mutual authentication introduced at ACM ASIACCS’08.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kerberos: The network authentication protocol, http://web.mit.edu/Kerberos/
  2. 2.
    Allen, C., Dierks, T.: The TLS protocol — version 1.1. Internet proposed standard RFC 4346 (2006)Google Scholar
  3. 3.
    Backes, M., Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K.: Cryptographically sound security proofs for basic and public-key kerberos (2006)Google Scholar
  4. 4.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Conference on Computer and Communications Security, pp. 62–73. ACM Press, New York (1993)Google Scholar
  6. 6.
    Boldyreva, A., Kumar, V.: Provable-security analysis of authenticated encryption in kerberos (2007)Google Scholar
  7. 7.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS, pp. 136–145. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  8. 8.
    Dhamija, R., Tygar, J.D., Hearst, M.A.: Why phishing works. In: CHI, pp. 581–590. ACM Press, New York (2006)Google Scholar
  9. 9.
    Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., Schwenk, J.: Universally composable security analysis of tls—secure sessions with handshake and record layer protocols. Cryptology ePrint Archive, Report 2008/251 (2008)Google Scholar
  10. 10.
    Gajek, S., Manulis, M., Sadeghi, A.-R., Schwenk, J.: Provably secure browser-based user-aware mutual authentication over tls. In: ASIACCS, pp. 300–311. ACM Press, New York (2008)CrossRefGoogle Scholar
  11. 11.
    Gajek, S., Schwenk, J., Xuan, C.: On the insecurity of microsoft’s identity metasystem cardspace (HGI TR-2008-004) (2008)Google Scholar
  12. 12.
    Groß, T.: Security analysis of the SAML single sign-on browser/artifact profile. In: Annual Computer Security Applications Conference. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  13. 13.
    Groß, T., Pfitzmann, B.: Saml artifact information flow revisited. Research Report RZ 3643 (99653), IBM Research (2006)Google Scholar
  14. 14.
    Jonsson, J.: Security proofs for the RSA-PSS signature scheme and its variants. Cryptology ePrint Archive, Report 2001/053 (2001)Google Scholar
  15. 15.
    Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: CCS 2007, pp. 58–71. ACM, New York (2007)Google Scholar
  16. 16.
    Kirda, E., Krügel, C., Vigna, G., Jovanovic, N.: Noxes: a client-side solution for mitigating cross-site scripting attacks, pp. 330–337 (2006)Google Scholar
  17. 17.
    Kormann, D., Rubin, A.: Risks of the Passport single sign-on protocol. Computer Networks 33(1–6), 51–58 (2000)CrossRefGoogle Scholar
  18. 18.
    Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, pp. 184–200 (2001)Google Scholar
  20. 20.
    Pfitzmann, B., Waidner, M.: Analysis of liberty single-signon with enabled clients. IEEE Internet Computing 7(6), 38–44 (2003)CrossRefGoogle Scholar
  21. 21.
    Shoup, V.: OAEP reconsidered. J. Cryptology 15(4), 223–249 (2002)MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    Stamm, S., Ramzan, Z., Jakobsson, M.: Drive-by pharming, pp. 495–506 (2007)Google Scholar
  23. 23.
    Stuart Schechter, A.O., Dhamija, R., Fischer, I.: The emperor’s new security indicators. In: Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  24. 24.
    W3C. Document object model (DOM) (2005), http://www.w3.org/DOM

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Sebastian Gajek
    • 1
  • Tibor Jager
    • 1
  • Mark Manulis
    • 2
  • Jörg Schwenk
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-UniversityBochumGermany
  2. 2.UCL Crypto GroupLouvain-la-NeuveBelgium

Personalised recommendations