ABSTRACT
Public key Kerberos (PKINIT) is a standardized authentication and key establishment protocol which is used by the Windows active directory subsystem. In this paper we show that card-based public key Kerberos is flawed. In particular, access to a user's card enables an adversary to impersonate that user even after the adversary's access to the card is revoked. The attack neither exploits physical properties of the card, nor extracts any of its secrets.
- A. Roy, A. Datta, and J. Mitchell. Formal proofs of cryptographic security of diffie-hellman-based protocols. In G. Barthe and C. Fournet, editors, Trustworthy Global Computing, volume 4912 of Lecture Notes in Computer Science, pages 312--329. Springer Berlin/Heidelberg, 2008. Google ScholarDigital Library
- C. Neuman, T. Yu, S. Hartman, and K. Raeburn. The Kerberos Network Authentication Service (V5). RFC 4120 (Proposed Standard), July 2005.Google Scholar
- V. Shoup and A. D. Rubin. Session key distribution using smart cards. In Advances in Cryptology - EUROCRYPT '96, International Conference on the Theory and Application of Cryptographic Techniques, Saragossa, Spain, May 12--16, 1996, Proceeding, pages 321--331, 1996. Google ScholarDigital Library
- L. Zhu and B. Tung. Public Key Cryptography for Initial Authentication in Kerberos (PKINIT). RFC 4556 (Proposed Standard), June 2006.Google Scholar
Index Terms
- Security implications in Kerberos by the introduction of smart cards
Recommendations
An anonymous ID-based remote mutual authentication with key agreement protocol on ECC using smart cards
SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied ComputingIn recent times, Debiao et al. proposed an ID-based user authentication with key agreement protocol on elliptic curve cryptography (ECC). Conversely, our analysis shows that their scheme contains various security limitations such as many logged-in users'...
An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System
Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, ...
Toward a secure Kerberos key exchange with smart cards
Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user's card enables an adversary to impersonate ...
Comments