skip to main content
10.1145/1368310.1368326acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Computationally sound mechanized proofs for basic and public-key Kerberos

Published: 18 March 2008 Publication History

Abstract

We present a computationally sound mechanized analysis of Kerberos 5, both with and without its public-key extension PKINIT. We prove authentication and key secrecy properties using the prover CryptoVerif, which works directly in the computational model; these are the first mechanical proofs of a full industrial protocol at the computational level. We also generalize the notion of key usability and use CryptoVerif to prove that this definition is satisfied by keys in Kerberos.

References

[1]
M. Abadi and P. Rogaway. Reconciling two views of cryptography (the computational soundness of formal encryption). In First IFIP, volume 1872 of LNCS. Springer, Aug. 2000.
[2]
M. Abdalla, P.-A. Fouque, and D. Pointcheval. Password-Based Authenticated Key Exchange in the Three-Party Setting. IEE Proc. Information Security, 153(1), 2006.
[3]
A. Armando et al. The Avispa tool for the automated validation of internet security protocols and applications. In CAV 2005, volume 3576 of LNCS. Springer.
[4]
M. Backes, I. Cervesato, A. D. Jaggard, A. Scedrov, and J.-K. Tsay. Cryptographically Sound Security Proofs for Basic and Public-key Kerberos. In ESORICS 2006, volume 4189 of LNCS. Springer, September 2006.
[5]
M. Backes, B. Pfitzmann, and M. Waidner. A Composable Cryptographic Library with Nested Operations. In CCS'03. ACM, 2003.
[6]
G. Bella and L. C. Paulson. Using Isabelle to Prove Properties of the Kerberos Authentication System. In DIMACS'97, Workshop on Design and Formal Verification of Security Protocols (CD-ROM), 1997.
[7]
G. Bella and L. C. Paulson. Kerberos Version IV: Inductive Analysis of the Secrecy Goals. In ESORICS'98, volume 1485 of LNCS. Springer, 1998.
[8]
M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In CRYPTO'96, volume 1109 of LNCS. Springer, 1996.
[9]
M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In ASIACRYPT 2000, volume 1976 of LNCS. Springer, December 2000.
[10]
S. M. Bellovin and M. Merritt. Limitations of the Kerberos Authentication System. In USENIX Conference Proceedings, Winter 1991.
[11]
B. Blanchet. A computationally sound mechanized prover for security protocols. IEEE Transactions on Dependable and Secure Computing. To appear. Technical report version available at http://eprint.iacr.org/2005/401.
[12]
B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In CSFW-14, June 2001.
[13]
B. Blanchet. A Computationally Sound Mechanized Prover for Security Protocols. In IEEE Symposium on Security and Privacy, May 2006.
[14]
B. Blanchet. Computationally sound mechanized proofs of correspondence assertions. In CSF 2007, July 2007.
[15]
B. Blanchet and D. Pointcheval. Automated Security Proofs with Sequences of Games. In CRYPTO 2006, volume 4117 of LNCS. Springer, Aug. 2006.
[16]
A. Boldyreva and V. Kumar. Provable-security analysis of authenticated encryption in Kerberos. In IEEE Symp. Security and Privacy, 2007.
[17]
F. Butler, I. Cervesato, A. D. Jaggard, A. Scedrov, and C. Walstad. Formal Analysis of Kerberos 5. Theoretical Computer Science, 367(1--2), 2006.
[18]
R. Canetti and J. Herzog. Universally composable symbolic analysis of mutual authentication and key exchange protocols. In TCC'06, volume 3876 of LNCS. Springer, March 2006.
[19]
I. Cervesato, A. D. Jaggard, A. Scedrov, J.-K. Tsay, and C. Walstad. Breaking and fixing public-key Kerberos. Information and Computation, FCS-ARSPA'06 Special Issue. To appear.
[20]
V. Cortier and B. Warinschi. Computationally sound, automated proofs for security protocols. In ESOP'05, volume 3444 of LNCS. Springer, Apr. 2005.
[21]
A. Datta, J. Mitchell, and B. Warinschi. Computationally Sound Compositional Logic for Key Exchange Protocols. In CSFW'06, July 2006.
[22]
C. He, M. Sundararajan, A. Datta, A. Derek, and J. C. Mitchell. A modular correctness proof of TLS and IEEE 802.11i. In CCS'05. ACM, November 2005.
[23]
IETF. Public Key Cryptography for Initial Authentication in Kerberos, 1996--2006. RFC 4556. Preliminary versions available as a sequence of Internet Drafts at http://tools.ietf.org/wg/krb-wg/draft-ietf-cat-kerberos-pk-init/.
[24]
A. D. Jaggard, A. Scedrov, and J.-K. Tsay. Computationally Sound Mechanized Proof of PKINIT for Kerberos. Abstract presented at FCC'07.
[25]
P. Laud. Secrecy Types for a Simulatable Cryptographic Library. In CCS 2005, May 2005.
[26]
P. D. Lincoln, J. C. Mitchell, M. Mitchell, and A. Scedrov. A probabilistic poly-time framework for protocol analysis. In CCS-5, November 1998.
[27]
P. D. Lincoln, J. C. Mitchell, M. Mitchell, and A. Scedrov. Probabilistic polynomial-time equivalence and security protocols. In FM'99, volume 1708 of LNCS. Springer, Sept. 1999.
[28]
G. Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. In TACAS'96, volume 1055 of LNCS. Springer, 1996.
[29]
C. Meadows. Analysis of the Internet Key Exchange Protocol using the NRL Protocol Analyzer. In IEEE Symp. Security and Privacy, 1999.
[30]
C. A. Meadows. The NRL protocol analyzer: An overview. Journal of Logic Programming, 26(2), 1996.
[31]
Microsoft. Security Bulletin MS05-042. http://www.microsoft.com/technet/security/bulletin/MS05-042.mspx, August 2005.
[32]
J. Mitchell, A. Ramanathan, A. Scedrov, and V. Teague. A Probabilistic Polynomial-Time Process Calculus for the Analysis of Cryptographic Protocols. Theoretical Computer Science, 353(1--3), 2006.
[33]
J. C. Mitchell, V. Shmatikov, and U. Stern. Finite-State Analysis of SSL 3.0. In 7th USENIX Security Symp., pages 201--216, 1998.
[34]
C. Neuman, T. Yu, S. Hartman, and K. Raeburn. The Kerberos Network Authentication Service (V5), July 2005. http://www.ietf.org/rfc/rfc4120.
[35]
K. Raeburn. Encryption and Checksum Specifications for Kerberos 5. http://www.ietf.org/rfc/rfc3961.txt, Feb. 2005.
[36]
A. Roy, A. Datta, A. Derek, and J. C. Mitchell. Inductive proofs of computational secrecy. In ESORICS 2007, volume 4734 of LNCS. Springer, Sept. 2007.
[37]
A. Roy, A. Datta, and J. C. Mitchell. Formal proofs of cryptographic security of Diffie-Hellman-based protocols. In TGC'07, Nov. 2007. To appear.
[38]
C. Sprenger, M. Backes, D. Basin, B. Pfitzmann, and M. Waidner. Cryptographically Sound Theorem Proving. In CSFW 2006, July 2006.

Cited By

View all
  • (2023)Qerberos: A Protocol for Secure Distribution of QRNG Keys2023 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR57506.2023.10224969(36-41)Online publication date: 31-Jul-2023
  • (2022)KerberosGuide to Internet Cryptography10.1007/978-3-031-19439-9_14(341-352)Online publication date: 26-Nov-2022
  • (2018)Formal Security Proof of CMAC and Its Variants2018 IEEE 31st Computer Security Foundations Symposium (CSF)10.1109/CSF.2018.00014(91-104)Online publication date: Jul-2018
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications security
March 2008
399 pages
ISBN:9781595939791
DOI:10.1145/1368310
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 March 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Kerberos
  2. PKINIT
  3. automatic verification
  4. computational model
  5. key usability

Qualifiers

  • Research-article

Funding Sources

Conference

Asia CCS '08
Sponsor:

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)17
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Qerberos: A Protocol for Secure Distribution of QRNG Keys2023 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR57506.2023.10224969(36-41)Online publication date: 31-Jul-2023
  • (2022)KerberosGuide to Internet Cryptography10.1007/978-3-031-19439-9_14(341-352)Online publication date: 26-Nov-2022
  • (2018)Formal Security Proof of CMAC and Its Variants2018 IEEE 31st Computer Security Foundations Symposium (CSF)10.1109/CSF.2018.00014(91-104)Online publication date: Jul-2018
  • (2017)Formal Computational Unlinkability Proofs of RFID Protocols2017 IEEE 30th Computer Security Foundations Symposium (CSF)10.1109/CSF.2017.9(100-114)Online publication date: Aug-2017
  • (2017)Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols2017 IEEE 30th Computer Security Foundations Symposium (CSF)10.1109/CSF.2017.7(68-82)Online publication date: Aug-2017
  • (2017)Mechanizing the Proof of Adaptive, Information-Theoretic Security of Cryptographic Protocols in the Random Oracle Model2017 IEEE 30th Computer Security Foundations Symposium (CSF)10.1109/CSF.2017.36(83-99)Online publication date: Aug-2017
  • (2016)Extension of Kerberos with X.509 and Integration of Elliptic Curve Cryptography in AuthenticationInternational Journal of Communications, Network and System Sciences10.4236/ijcns.2016.91204609:12(603-612)Online publication date: 2016
  • (2016)Probabilistic Functions and Cryptographic Oracles in Higher Order LogicProceedings of the 25th European Symposium on Programming Languages and Systems - Volume 963210.1007/978-3-662-49498-1_20(503-531)Online publication date: 2-Apr-2016
  • (2015)Complementary Synthesis for Encoder with Flow Control MechanismACM Transactions on Design Automation of Electronic Systems10.1145/279407921:1(1-26)Online publication date: 2-Dec-2015
  • (2015)A Finite-Point Method for Efficient Gate Characterization Under Multiple Input SwitchingACM Transactions on Design Automation of Electronic Systems10.1145/277897021:1(1-25)Online publication date: 2-Dec-2015
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media