Corpus ID: 506682

Computationally Sound Mechanized Proof of PKINIT for Kerberos ∗

@inproceedings{Blanchet2007ComputationallySM,
  title={Computationally Sound Mechanized Proof of PKINIT for Kerberos ∗},
  author={Bruno Blanchet and Aaron D. Jaggard and Jesse Rao and Andre Scedrov and Joe-Kai Tsay},
  year={2007}
}
Here we report initial results on the formalization and analysis, using the CryptoVerif tool [4, 5, 6], of the public-key extension to the Kerberos protocol, PKINIT [10]. This protocol provides a good test case for analysis techniques because it incorporates many different protocol design elements: symmetric and asymmetric encryption, digital signatures, and keyed hash functions. We are able to prove, using CryptoVerif’s interactive mode, secrecy and authentication properties for PKINIT at the… Expand

Figures from this paper

Breaking and fixing public-key Kerberos
We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate KerberosExpand
Computationally sound mechanized proofs for basic and public-key Kerberos
We present a computationally sound mechanized analysis of Kerberos 5, both with and without its public-key extension PKINIT. We prove authentication and key secrecy properties using the proverExpand

References

SHOWING 1-10 OF 14 REFERENCES
A Computationally Sound Mechanized Prover for Security Protocols
  • B. Blanchet
  • Computer Science
  • IEEE Transactions on Dependable and Secure Computing
  • 2008
TLDR
This work presents a new mechanized prover for secrecy properties of security protocols that provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions. Expand
A Computationally Sound Mechanized Prover for Security Protocols
  • B. Blanchet
  • Computer Science
  • IEEE Trans. Dependable Secur. Comput.
  • 2008
TLDR
This work presents a new mechanized prover for secrecy properties of security protocols that provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions. Expand
Automated Security Proofs with Sequences of Games
TLDR
This paper presents the first automatic technique for proving not only protocols but also primitives in the exact security computational model, and illustrates the use of the new tool with the proof of a quite famous asymmetric primitive: unforgeability under chosen-message attacks of the Full-Domain Hash signature scheme under the (trapdoor)-one-wayness of some permutations. Expand
Breaking and fixing public-key Kerberos
We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate KerberosExpand
Computationally Sound Mechanized Proofs of Correspondence Assertions
  • B. Blanchet
  • Computer Science
  • 20th IEEE Computer Security Foundations Symposium (CSF'07)
  • 2007
TLDR
A new mechanized prover for showing correspondence assertions for cryptographic protocols in the computational model that can handle a wide variety of cryptographic primitives, including shared- and public-key encryption, signatures, message authentication codes, and hash functions. Expand
Formal analysis of Kerberos 5
TLDR
This work enabled proving that Kerberos supports the expected authentication and confidentiality properties, and that it is structurally sound; these results rely on a pair of intertwined inductions. Expand
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
TLDR
This work considers two possible notions of authenticity for authenticated encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relates them to the standard notions of privacy IND-CCA and NM-CPA by presenting implications and separations between all notions considered. Expand
Password-Based Authenticated Key Exchange in the Three-Party Setting
TLDR
The authors present a natural generic construction of a 3- party PAKE protocol from any 2-party PAke protocol and prove its security, which is the first provably secure PAKE Protocol in the 3-party setting. Expand
A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols
We prove properties of a process calculus that is designed for analysing security protocols. Our long-term goal is to develop a form of protocol analysis, consistent with standard cryptographicExpand
Computationally sound compositional logic for key exchange protocols
We develop a compositional method for proving cryptographically sound security properties of key exchange protocols, based on a symbolic logic that is interpreted over conventional runs of a protocolExpand
...
1
2
...