Corpus ID: 2912439

Nonce-based Kerberos is a Secure Delegated AKE Protocol

  title={Nonce-based Kerberos is a Secure Delegated AKE Protocol},
  author={Jorg Schwenk},
  journal={IACR Cryptol. ePrint Arch.},
  • Jorg Schwenk
  • Published 2016
  • Computer Science
  • IACR Cryptol. ePrint Arch.
Kerberos is one of the most important cryptographic protocols, first because it is the basisc authentication protocol in Microsoft’s Active Directory and shipped with every major operating system, and second because it served as a model for all Single-Sign-On protocols (e.g. SAML, OpenID, MS Cardspace, OpenID Connect). Its security has been confirmed with several Dolev-Yao style proofs [1–12], and attacks on certain versions of the protocol have been described [13,14]. However despite its… Expand
A Reduction-Based Proof for Authentication and Session Key Security in 3-Party Kerberos
A reduction-based security proof of Kerberos authentication and key establishment is given, showing that it is a secure authentication protocol under standard assumptions on its encryption scheme and that the hash of the main session key is also a secure session key under Krawczyk’s generalization of the authenticated and confidential channel establishment (ACCE) model. Expand
This is the full version . A Modular Security Analysis of EAP and IEEE 802 . 11
We conduct a reduction-based security analysis of the Extensible Authentication Protocol (EAP), a widely used three-party authentication framework. EAP is often found in enterprise networks where itExpand
A Modular Security Analysis of EAP and IEEE 802.11
A reduction-based security analysis of the Extensible Authentication Protocol EAP is conducted, showing that the main EAP construction, considered as a 3P-AKE protocol, achieves a security notion which is called AKE$$^w$$ under the assumption that the EAP method employs channel binding. Expand
Public-Key Cryptography - PKC 2017 - 20th IACR International Conference on Practice and Theory in Public-Key Cryptography, Amsterdam, The Netherlands, March 28-31, 2017, Proceedings, Part II
This framework provides an abstraction of dual system paradigms over composite-order graded multilinear encoding schemes in a black-box manner and achieves succinctness, meaning that the key and ciphertext sizes are less than or proportional to corresponding circuit sizes. Expand


HMQV: A High-Performance Secure Diffie-Hellman Protocol
HMQV is presented, a carefully designed variant of MQV that provides the same superb performance and functionality of the original protocol but for which all the MqV's security goals can be formally proved to hold in the random oracle model under the computational Diffie-Hellman assumption. Expand
Provable-Security Analysis of Authenticated Encryption in Kerberos
The authors take a close look at Kerberos' encryption, and they confirm that most of the options in the current version provably provide privacy and authenticity, although some require slight modifications which they suggest. Expand
On the Security of TLS-DHE in the Standard Model
The notion of authenticated and confidential channel establishment ACCE is defined as a new security model which captures precisely the security properties expected from TLS in practice, and the combination of the TLS Handshake with data encryption in the TLS Record Layer can be proven secure in this model. Expand
Provably secure session key distribution: the three party case
This paper provides the first treatment of session key distribution in the three-party setting of Needham and Schroeder in the complexity-theoretic framework of modern cryptography, assuming the (minimal) assumption of a pseudorandom function. Expand
Breaking and fixing public-key Kerberos
We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate KerberosExpand
Analysing the Combined Kerberos Timed Authentication Protocol and Frequent Key Renewal Using CSP and Rank Functions
This paper presents an application of rank functions approach to an authentication protocol that combines delaying the decryption process with timed authentication while keys are dynamically renewed under pseudo-secure situations. Expand
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
A formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that allows for simple modular proofs of security is presented. Expand
Formal Modeling and Analyzing Kerberos Protocol
This work formalizes the Kerberos protocol using CSP methods, and can prove that the system protected by the protocol is indeed secure as it declared. Expand
Misplaced trust: Kerberos 4 session keys
  • Bryn Dole, S. Lodin, E. Spafford
  • Computer Science
  • Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security
  • 1997
The difficulty of generating good random numbers, the mistakes that were made in implementing Kerberos Version 4, and the breakdown of software engineering that allowed this flaw to remain unfixed for ten years are discussed. Expand
Stronger Security of Authenticated Key Exchange
This work extends the Canetti-Krawczyk model for AKE security by providing significantly greater powers to the adversary and introduces a new AKE protocol called NAXOS to prove that it is secure against these stronger adversaries. Expand