Cryptology ePrint Archive: Report 2006/219
Cryptographically Sound Security Proofs for Basic and Public-Key Kerberos
Michael Backes and Iliano Cervesato and Aaron D. Jaggard and Andre Scedrov and Joe-Kai Tsay
Abstract: We present a computational analysis of basic Kerberos with and without its public-key extension PKINIT in which we consider authentication and key secrecy properties. Our proofs rely on the Dolev--Yao-style model of Backes, Pfitzmann, and Waidner, which allows for mapping results obtained symbolically within this model to cryptographically sound proofs if certain assumptions are met. This work was the first verification at the computational level of such a complex fragment of an industrial protocol. By considering a recently fixed version of PKINIT, we extend symbolic correctness results we previously attained in the Dolev--Yao model to cryptographically sound results in the computational model.
Category / Keywords: cryptographic protocols / Kerberos, computational analysis, authentication, key secrecy
Date: received 29 Jun 2006, last revised 28 Jan 2010
Contact author: adj at dimacs rutgers edu
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Note: Revised full version. This updates the formalization of the certificates binding keys to principals.
Version: 20100129:013431 (All versions of this report)
Short URL: ia.cr/2006/219
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]