Full agreement in BAN kerberos

The paper analyzes BAN Kerberos - a timestamp based key distribution protocol with mutual agent authentication. The protocol is formalized in the strand spaces model and it is shown that BAN Kerberos guarantees the strongest form of authentication in Lowe's hierarchy of authentication specifications [Lowe, 1997] - full agreement on all data items.

[1]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[2]  Giampaolo Bella,et al.  Inductive verification of cryptographic protocols , 2000 .

[3]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[5]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[6]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[7]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[8]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[9]  Jerome H. Saltzer,et al.  Kerberos authentication and authorization system , 1987 .

[10]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .