Formal analysis of Kerberos 5

Saved in:
Bibliographic Details
Title: Formal analysis of Kerberos 5
Authors: Butler, Frederick1 fbutler@math.wvu.edu, Cervesato, Iliano2 iliano@cmu.edu, Jaggard, Aaron D.3 adj@math.tulane.edu, Scedrov, Andre4 scedrov@math.upenn.edu, Walstad, Christopher4 cwalstad@seas.upenn.edu
Source: Theoretical Computer Science. Nov2006, Vol. 367 Issue 1/2, p57-87. 31p.
Subjects: Computer network protocols, Computer network security, Computer science, Systems design
Abstract: Abstract: We report on the detailed verification of a substantial portion of the Kerberos 5 protocol specification. Because it targeted a deployed protocol rather than an academic abstraction, this multiyear effort led to the development of new analysis methods in order to manage the inherent complexity. This enabled proving that Kerberos supports the expected authentication and confidentiality properties, and that it is structurally sound; these results rely on a pair of intertwined inductions. Our work also detected a number of innocuous but nonetheless unexpected behaviors, and it clearly described how vulnerable the cross-realm authentication support of Kerberos is to the compromise of remote administrative domains. [Copyright &y& Elsevier]
Copyright of Theoretical Computer Science is the property of Elsevier B.V. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
Description
Abstract:Abstract: We report on the detailed verification of a substantial portion of the Kerberos 5 protocol specification. Because it targeted a deployed protocol rather than an academic abstraction, this multiyear effort led to the development of new analysis methods in order to manage the inherent complexity. This enabled proving that Kerberos supports the expected authentication and confidentiality properties, and that it is structurally sound; these results rely on a pair of intertwined inductions. Our work also detected a number of innocuous but nonetheless unexpected behaviors, and it clearly described how vulnerable the cross-realm authentication support of Kerberos is to the compromise of remote administrative domains. [Copyright &y& Elsevier]
ISSN:03043975
DOI:10.1016/j.tcs.2006.08.040