Abstract
We present a computational analysis of basic Kerberos with and without its public-key extension PKINIT in which we consider authentication and key secrecy properties. Our proofs rely on the Dolev–Yao style model of Backes, Pfitzmann, and Waidner, which allows for mapping results obtained symbolically within this model to cryptographically sound proofs if certain assumptions are met. This work was the first verification at the computational level of such a complex fragment of an industrial protocol. By considering a recently fixed version of PKINIT, we extend symbolic correctness results we previously attained in the Dolev–Yao model to cryptographically sound results in the computational model.
Similar content being viewed by others
References
The AVISPA tool for the automated validation of internet security protocols and applications. In: Proceedings of the Computer-aided Verification (CAV). Springer, 2005. http://www.avispa-project.org (2005)
Abadi, M., Jürjens, J.: Formal eavesdropping and its computational interpretation. In: Proceedings of TACS, pp. 82–94 (2001)
Abadi, M., Rogaway, P.: Reconciling two views of cryptography: The computational soundness of formal encryption. In: Proceedings of the 1st IFIP International Conference on Theoretical Computer Science, LNCS, vol. 1872, pp. 3–22. Springer (2000)
Backes, M.: A cryptographically sound Dolev-Yao style security proof of the Otway-Rees protocol. In: Proceedings of ESORICS, LNCS, vol. 3193, pp. 89–108. Springer (2004)
Backes, M., Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K.: Cryptographically sound security proofs for basic and public-key Kerberos. In: Proceedings of ESORICS, pp. 362–383 (2006)
Backes, M., Jacobi, C.: Cryptographically sound and machine-assisted verification of security protocols. In: Proceedings of the 20th STACS, LNCS, vol. 2607, pp. 675–686. Springer (2003)
Backes M., Pfitzmann B.: A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol. J. Sel. Areas Commun. 22(10), 2075–2086 (2004)
Backes, M., Pfitzmann, B.: Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In: Proceedings of CSFW’04, pp. 204–218, June 2004
Backes M., Pfitzmann B.: Relating symbolic and cryptographic secrecy. IEEE Trans. Dependable Secur. Comput. 2(2), 109–123 (2005)
Backes, M., Pfitzmann, B.: On the cryptographic key secrecy of the strengthened Yahalom protocol. In: Proceedings of 21st IFIP International Information Security Conference (SEC), pp. 233–245, May 2006
Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations (extended abstract). In: Proceedings of the CCS’03, pp. 220–230 (2003)
Backes, M., Pfitzmann, B., Waidner, M.: Symmetric authentication within a simulatable cryptographic library. In: Proceedings of ESORICS’03, LNCS, vol. 2808, pp. 271–290. Springer (2003)
Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. IACR Cryptology ePrint Archive, Report 2003/015, http://www.eprint.iacr.org/, January 2003
Bella, G., Paulson, L.C.: Kerberos Version IV: inductive analysis of the secrecy goals. In: Proceedings of ESORICS’98, LNCS, vol. 1485, pp. 361–375. Springer (1998)
Bella G., Riccobene E.: Formal analysis of the Kerberos authentication system. J. Univers. Comput. Sci. 3(12), 1337–1381 (1997)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Proceedings of CRYPTO ’93, LNCS vol. 773, pp. 232–249. Springer (1994)
Blanchet, B.: A computationally sound mechanized prover for security protocols. In: Proceedings of the 27th IEEE Symposium on Security & Privacy (2006)
Blanchet, B., Jaggard, A.D., Jesse, R., Scedrov, A., Tsay, J.-K.: Refining computationally sound mechanized proofs for Kerberos, 2009. http://www.infsec.uni-trier.de/fcc2009/
Blanchet, B., Jaggard, A.D., Scedrov, A., Tsay, J.-K.: Computationally sound mechanized proofs for basic and public-key Kerberos. In: ASIACCS’08, pp. 87–99 (2008)
Boldyreva, A., Kumar, V.: Provable-security analysis of authenticated encryption in Kerberos. In: IEEE Symposium on Security and Privacy (2007)
Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A.: An Analysis of Some Properties of Kerberos 5 Using MSR. In: Proceedings of CSFW’02 (2002)
Butler F., Cervesato I., Jaggard A.D., Scedrov A., Walstad C.: Formal analysis of Kerberos 5. Theor. Comput. Sci. 367(1–2), 57–87 (2006)
Cable Television Laboratories, Inc. PacketCable Security Specification. Technical document PKT-SP-SEC-I11-040730 (2004)
Canetti, R.: Universal composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Syposium on Foundations of Computer Science (FOCS 2001), pp. 136–145. IEEE Computer Society, October 2001
Canetti, R., Gajek, S.: Universally composable symbolic analysis of Diffie–Hellman based key exchange. Cryptology ePrint Archive, Report 2010/303, 2010. http://www.eprint.iacr.org/
Canetti, R., Herzog, J.: Universally composable symbolic analysis of cryptographic protocols (the case of encryption-based mutual authentication and key exchange). In: Proceedings of the 3rd Theory of Cryptography Conference (TCC) (2006)
Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K., Walstad, C.: Breaking and fixing public-key Kerberos, 2006. Presented at WITS’06 (2006)
Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K., Walstad, C.: Breaking and fixing public-key Kerberos. In: Proceedings of ASIAN’06, LNCS, vol. 4435 (2006)
Cervesato I., Jaggard A.D., Scedrov A., Tsay J.-K., Walstad C.: Breaking and fixing public-key Kerberos. Inf. Comput. 206(2–4), 402–424 (2008)
Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Specifying Kerberos 5 Cross-Realm Authentication. In: Proceedings of WITS’05, pp. 12–26 (2005)
Cervesato, I., Meadows, C., Pavlovic, D.: An encapsulated authentication logic for reasoning about key distribution protocol. In: Proceedings of CSFW-18, pp. 48–61, Aix-en-Provence, France, 20–22 June 2005. IEEE Computer Society Press
Comon-Lundh, H., Cortier, V.: Computational soundness of observational equivalence. In: Proceedings of the 15th ACM Conference on Computer and Communications Security CCS 2008. ACM Press (2008)
Cortier, V., Warinschi, B.: Computationally sound, automated proofs for security protocols. In: Proceedings of ESOP-14, pp. 157–171 (2005)
Datta, A., Derek, A., Mitchell, J., Shmatikov, V., Turuani, M.: Probabilistic polynomial-time semantics for a protocol security logic. In: Proceedings of ICALP, pp. 16–29. Springer LNCS 3580 (2005)
Datta, A., Derek, A., Mitchell, J., Warinschi, B.: Key exchange protocols: Security definition, proof method, and applications. In: Proceedings of the IEEE CSFW-19, Venice, Italy, 2006. IEEE Press (2006)
De Clercq, J., Balladelli, M.: Windows 2000 authentication. http://www.windowsitlibrary.com/Content/617/06/6.html, 2001. Digital Press (2001)
Dolev D., Yao A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)
Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., Schwenk, J.: Universally Composable Security Analysis of TLS. In: Proceedings of the 2nd International Conference on Provable Security (ProvSec 2008), Lecture Notes in Computer Science, vol. 5324, pp. 313–327. Springer (2008)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game—or—a completeness theorem for protocols with honest majority. In: Proceedings of STOC, pp. 218–229 (1987)
Goldwasser S., Micali S.: Probabilistic encryption. J. Comput. Syst. Sci. 28, 270–299 (1984)
Guttman, J.D., Thayer Fabrega, F.J., Zuck, L.: The faithfulness of abstract protocol analysis: message authentication. In: Proceedings of CCS-8, pp. 186–195 (2001)
He, C., Mitchell, J.C.: Security analysis and improvements for IEEE 802.11i. In: Proceedings of NDSS’05 (2005)
Herzog, J., Liskov, M., Micali, S.: Plaintext awareness via key registration. In: Proceedings of CRYPTO, pp. 548–564. Springer LNCS 2729 (2003)
IETF. Public Key Cryptography for Initial Authentication in Kerberos, 1996–2006. Sequence of Internet drafts available from http://www.tools.ietf.org/wg/krb-wg/draft-ietf-cat-kerberos-pk-init/
Impagliazzo, R., Kapron, B.M.: Logics for reasoning about cryptographic constructions. In: Proceedings of FOCS, pp. 372–381 (2003)
Laud, P.: Semantics and program analysis of computationally secure information flow. In: Proceedings of ESOP, pp. 77–91 (2001)
Laud, P.: Symmetric encryption in automatic analyses for confidentiality against active adversaries. In: Proceedings of the Symposium Security and Privacy, pp. 71–85 (2004)
Meadows, C.: Analysis of the internet key exchange protocol using the NRL Protocol Analyzer. In: Proceedings of the IEEE Symposium Security and Privacy, pp. 216–231 (1999)
Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. In: Proceedings of TCC, pp. 133–151. Springer LNCS 2951 (2004)
Microsoft. Security Bulletin MS05-042. http://www.microsoft.com/technet/security/bulletin/MS05-042.mspx, August 2005
Mitchell, J., Mitchell, M., Scedrov, A.: A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In: Proceedings of FOCS, pp. 725–733 (1998)
Mitchell, J., Ramanathan, A., Scedrov, A., Teague, V.: A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols. Theor. Comput. Sci. 353(1–3) (2006)
Neuman C., Ts’o T.: Kerberos: An authentication service for computer networks. IEEE Commun. 32(9), 33–38 (1994)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5), July 2005. http://www.ietf.org/rfc/rfc4120
Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proceedings of the S&P, pp. 184–200 (2001)
Roy, A., Datta, A., Derek, A., Mitchell, J.C.: Inductive proofs of computational secrecy. In: Biskup, J., Lopez, J. (Eds.), ESORICS, Lecture Notes in Computer Science, vol. 4734, pp. 219–234. Springer (2007)
Roy, A., Datta, A., Mitchell, J.C.: Formal proofs of cryptographic security of Diffie–Hellman-based protocols. In: Barthe, G., Fournet, C., (Eds.), TGC, Lecture Notes in Computer Science, vol. 4912, pp. 312–329. Springer (2007)
Sprenger, C., Backes, M., Basin, D., Pfitzmann, B., Waidner, M.: Cryptographically sound theorem proving. In: Computer Security Foundations Workshop (CSFW06), pp. 153–166. IEEE Computer Society, July 2006
Sprenger, C., Basin, D.: Cryptographically-sound protocol-model abstractions. In: Computer Security Foundations (CSF ’08). IEEE Computer Society (2008)
The Internet Engineering Task Force. http://www.ietf.org
Zhu, L., Tung, B.: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), June 2006. http://www.ietf.org/rfc/rfc4556
Author information
Authors and Affiliations
Corresponding author
Additional information
Backes was partially supported by the German Research Foundation (DFG) under grant 3194/1-1. Cervesato was partially supported by ONR under Grant N00014-01-1-0795 and by the Qatar Foundation under grant number 930107. Jaggard was partially supported by NSF Grants DMS-0239996, CNS-0429689, and CNS-0753492, and by ONR Grant N00014-05-1-0818. Scedrov was partially supported by OSD/ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795 and OSD/ONR CIP/SW URI “Trustworthy Infrastructure, Mechanisms, and Experimentation for Diffuse Computing” through ONR Grant N00014-04-1-0725. Scedrov was also partially supported by ONR Grant N00014-07-1-1039 and by NSF Grants CNS-0524059 and CNS-0830949 and CNS-0429689. This material is based upon work supported by the MURI program under AFOSR Grant No: FA9550-08-1-0352. Tsay was partially supported by ONR Grant N00014-01-1-0795 and NSF grant CNS-0429689. A preliminary version of this work appeared as [5].
Rights and permissions
About this article
Cite this article
Backes, M., Cervesato, I., Jaggard, A.D. et al. Cryptographically sound security proofs for basic and public-key Kerberos. Int. J. Inf. Secur. 10, 107–134 (2011). https://doi.org/10.1007/s10207-011-0125-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-011-0125-6