Article

Extended Abstract: Provable-Security Analysis of Authenticated Encryption in Kerberos

Authors:

Alexandra Boldyreva,

Virendra KumarAuthors Info & Claims

SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy

Pages 92 - 100

https://doi.org/10.1109/SP.2007.19

Published: 20 May 2007 Publication History

Publisher Site

Abstract

Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Many works have analyzed its security, identifying flaws and often suggesting fixes, thus helping the protocol's evolution. Several recent results present successful formal-methodsbased verification of a significant portion of the current version 5, and some even imply security in the computational setting. For these results to hold, encryption in Kerberos should satisfy strong cryptographic security notions. However, neither currently deployed as part of Kerberos encryption schemes nor their proposed revisions are known to provably satisfy such notions. We take a close look at Kerberos' encryption and confirm that most of the options in the current version provably provide privacy and authenticity, some with slight modification that we suggest. Our results complement the formal-methods-based analysis of Kerberos that justifies its current design.

Cited By

View all

(2017)A privacy-enhanced access log management mechanism in SSO systems from nominative signaturesInternational Journal of Applied Cryptography10.1504/IJACT.2017.0893733:4(394-406)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1504/IJACT.2017.089373
Boldyreva ALychev RYu TDanezis GGligor V(2012)Provable security of S-BGP and other path vector protocolsProceedings of the 2012 ACM conference on Computer and communications security10.1145/2382196.2382254(541-552)Online publication date: 16-Oct-2012
https://dl.acm.org/doi/10.1145/2382196.2382254
Barbosa MFarshim P(2009)Security Analysis of Standard Authentication and Key Agreement Protocols Utilising TimestampsProceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology10.1007/978-3-642-02384-2_15(235-253)Online publication date: 19-Jun-2009
https://dl.acm.org/doi/10.1007/978-3-642-02384-2_15
Show More Cited By

Index Terms

Extended Abstract: Provable-Security Analysis of Authenticated Encryption in Kerberos

Recommendations

Shared Generation of Authenticators and Signatures (Extended Abstract)
CRYPTO '91: Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology

Often it is desired that the power to sign or authenticate messages is shared. This paper presents methods to collectively generate RSA signatures, provably secure authenticators and unconditionally secure authenticators. In the new schemes, l ...
Extended Abstract: Forward-Secure Sequential Aggregate Authentication
SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy

Wireless sensors are employed in a wide range of applications. One common feature of many sensor settings is the need to communicate sensed data to some collection point or sink. This communication can be direct (to a mobile collector) or indirect - via ...
An efficient identification scheme based on permuted kernels (extended abstract)
CRYPTO '89: Proceedings on Advances in cryptology

In 1985 Goldwasser Micali and Rackoff proposed a new type of interactive proof system which reveals no knowledge whatsoever about the assertion except its validity. The practical significance of these proofs was demonstrated in 1986 by Fiat and Shamir, ...

Comments

Information & Contributors

Information

Published In

SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy

May 2007

362 pages

ISBN:0769528481

Publisher

IEEE Computer Society

United States

Publication History

Published: 20 May 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

(2017)A privacy-enhanced access log management mechanism in SSO systems from nominative signaturesInternational Journal of Applied Cryptography10.1504/IJACT.2017.0893733:4(394-406)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1504/IJACT.2017.089373
Boldyreva ALychev RYu TDanezis GGligor V(2012)Provable security of S-BGP and other path vector protocolsProceedings of the 2012 ACM conference on Computer and communications security10.1145/2382196.2382254(541-552)Online publication date: 16-Oct-2012
https://dl.acm.org/doi/10.1145/2382196.2382254
Barbosa MFarshim P(2009)Security Analysis of Standard Authentication and Key Agreement Protocols Utilising TimestampsProceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology10.1007/978-3-642-02384-2_15(235-253)Online publication date: 19-Jun-2009
https://dl.acm.org/doi/10.1007/978-3-642-02384-2_15
Gajek SLiao LSchwenk JDamiani EProctor S(2008)Stronger TLS bindings for SAML assertions and SAML artifactsProceedings of the 2008 ACM workshop on Secure web services10.1145/1456492.1456495(11-20)Online publication date: 31-Oct-2008
https://dl.acm.org/doi/10.1145/1456492.1456495
Blanchet BJaggard AScedrov ATsay JAbe MGligor V(2008)Computationally sound mechanized proofs for basic and public-key KerberosProceedings of the 2008 ACM symposium on Information, computer and communications security10.1145/1368310.1368326(87-99)Online publication date: 18-Mar-2008
https://dl.acm.org/doi/10.1145/1368310.1368326
Paterson KWatson G(2008)Immunising CBC Mode Against Padding Oracle AttacksProceedings of the 6th international conference on Security and Cryptography for Networks10.1007/978-3-540-85855-3_23(340-357)Online publication date: 10-Sep-2008
https://dl.acm.org/doi/10.1007/978-3-540-85855-3_23
Roy ADatta AMitchell J(2007)Formal proofs of cryptographic security of Diffie-Hellman-based protocolsProceedings of the 3rd conference on Trustworthy global computing10.5555/1793574.1793597(312-329)Online publication date: 5-Nov-2007
https://dl.acm.org/doi/10.5555/1793574.1793597

Abstract

Cited By

Index Terms

Recommendations

Shared Generation of Authenticators and Signatures (Extended Abstract)

Extended Abstract: Forward-Secure Sequential Aggregate Authentication

An efficient identification scheme based on permuted kernels (extended abstract)

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations