Specifying Kerberos 5 cross-realm authentication

Cross-realm authentication is a useful and interesting component of Kerberos aimed at enabling secure access to services astride organizational boundaries. We present a formalization of Kerberos 5 cross-realm authentication in MSR, a specification language based on multiset rewriting. We also adapt the Dolev-Yao intruder model to the cross-realm setting and prove an important property for a critical field in a cross-realm ticket. Finally, we document several failures of authentication and confidentiality in the presence of compromised intermediate realms. Although the current Kerberos specifications disclaim responsibility for these vulnerabilities, the associated security implications must be highlighted for system administrators to decide whether to adopt this technology and to aid designers with future development.

[1]  Max I. Kanovich,et al.  Specifying Real-Time Finite-State Systems in Linear Logic , 1998, COTIC.

[2]  Butler W. Lampson,et al.  A Global Authentication Service without Global Trust , 1986, 1986 IEEE Symposium on Security and Privacy.

[3]  Paul Syverson,et al.  Dolev-Yao is no better than Machiavelli , 2000 .

[4]  Giampaolo Bella,et al.  Inductive verification of cryptographic protocols , 2000 .

[5]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  Virgil D. Gligor,et al.  On Inter-Realm Authentication in Large Distributed Systems , 1993, J. Comput. Secur..

[7]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[8]  David J. Goodman,et al.  Personal Communications , 1994, Mobile Communications.

[9]  Andre Scedrov,et al.  Formal analysis of Kerberos 5 , 2006, Theor. Comput. Sci..

[10]  John C. Mitchell,et al.  Multiset rewriting and the complexity of bounded security protocols , 2004, J. Comput. Secur..

[11]  Andre Scedrov,et al.  A formal analysis of ome properties of kerberos 5 using MSR , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[12]  Iliano Cervesato Typed MSR: Syntax and Examples , 2001, MMM-ACNS.

[13]  Jason Garman Kerberos: The Definitive Guide , 2003 .

[14]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[15]  Mark-Oliver Stehr,et al.  Representing the MSR Cryptoprotocol Specification Language in an Extension of Rewriting Logic with Dependent Types , 2004, WRLA.

[16]  Elvinia Riccobene,et al.  Formal Analysis of the Kerberos Authentication System , 1997, J. Univers. Comput. Sci..

[17]  T. A. Parker,et al.  A secure European system for applications in a multi-vendor environment (the SESAME project) , 1993 .

[18]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[19]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[20]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[21]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.