Skip to main content
SpringerLink
Log in

Breaking and Fixing Public-Key Kerberos

  • Conference paper
Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues (ASIAN 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4435))

Included in the following conference series:

Abstract

We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys that the KDC would normally generate to encrypt the service requests of this client, hence defeating confidentiality as well. The discovery of this attack caused the IETF to change the specification of PKINIT and Microsoft to release a security update for some Windows operating systems. We discovered this attack as part of an ongoing formal analysis of the Kerberos protocol suite, and we have formally verified several possible fixes to PKINIT—including the one adopted by the IETF—that prevent our attack.

Cervesato was partially supported by the Qatar Foundation under grant number 930107, with early aspects of this work supported by ONR under Grant N00014-01-1-0795. Jaggard was partially supported by NSF Grants DMS-0239996 and CNS-0429689, and by ONR Grant N00014-05-1-0818. Scedrov was partially supported by OSD/ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795 and OSD/ONR CIP/SW URI “Trustworthy Infrastructure, Mechanisms, and Experimentation for Diffuse Computing” through ONR Grant N00014-04-1-0725. Additional support from NSF Grants CNS-0429689 and CNS-0524059. Tsay was partially supported by ONR Grant N00014-01-1-0795 and NSF grant CNS-0429689.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5) (2005), http://www.ietf.org/rfc/rfc4120

  2. Thomas, M., Vilhuber, J.: Kerberized Internet Negotiation of Keys (KINK) (2003), http://ietfreport.isoc.org/all-ids/draft-ietf-kink-kink-06.txt

  3. Microsoft: Security Bulletin MS05-042 (2005), http://www.microsoft.com/technet/security/bulletin/MS05-042.mspx

  4. Strasser, M., Steffen, A.: Kerberos PKINIT Implementation for Unix Clients. Technical report, Zurich University of Applied Sciences Winterthur (2002)

    Google Scholar 

  5. CERT: Vulnerability Note 477341 (2005), http://www.kb.cert.org/vuls/id/477341

  6. Yu, T., Hartman, S., Raeburn, K.: The perils of unauthenticated encryption: Kerberos version 4. In: Proc. NDSS 2004 (2004)

    Google Scholar 

  7. Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Formal Analysis of Kerberos 5. Theoretical Computer Science 367, 57–87 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  8. Cervesato, I., Jaggard, A.D., Scedrov, A., Walstad, C.: Specifying Kerberos 5 Cross-Realm Authentication. In: Proc. WITS 2005, ACM Digital Lib. pp. 12–26 (2005)

    Google Scholar 

  9. Kemmerer, R., Meadows, C., Millen, J.: Three systems for cryptographic protocol analysis. J. Cryptology 7, 79–130 (1994)

    Article  MATH  Google Scholar 

  10. Meadows, C.: Analysis of the internet key exchange protocol using the nrl protocol analyzer. In: Proc. IEEE Symp. Security and Privacy, pp. 216–231 (1999)

    Google Scholar 

  11. Mitchell, J.C., Shmatikov, V., Stern, U.: Finite-State Analysis of SSL 3.0. In: Proc. 7th USENIX Security Symp., pp. 201–216 (1998)

    Google Scholar 

  12. Backes, M., Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.K.: Cryptographically Sound Security Proofs for Basic and Public-key Kerberos. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, Springer, Heidelberg (2006)

    Google Scholar 

  13. IETF: Public Key Cryptography for Initial Authentication in Kerberos (1996–2006) RFC 4556. Preliminary versions available as a sequence of Internet Drafts at, http://tools.ietf.org/wg/krb-wg/draft-ietf-cat-kerberos-pk-init/

  14. De Clercq, J., Balladelli, M.: Windows 2000 authentication, Digital Press (2001), http://www.windowsitlibrary.com/Content/617/06/6.html

  15. Cable Television Laboratories, Inc.: PacketCable Security Specification Technical document PKT-SP-SEC-I11-040730 (2004)

    Google Scholar 

  16. Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen Message Attacks. SIAM J. Computing 17, 281–308 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  17. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2, 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  18. Canetti, R., Krawczyk, H.: Security Analysis of IKE’s Signature-Based Key-Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  19. Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  20. Clark, J., Jacob, J.: On the security of recent protocols. Information Processing Letters 56, 151–155 (1995)

    Article  MATH  Google Scholar 

  21. Abadi, M., Needham, R.: Prudent Engineering Practice for Cryptographic Protocols. IEEE Trans. Software Eng. 22, 6–15 (1996)

    Article  Google Scholar 

  22. Raeburn, K.: Encryption and Checksum Specifications for Kerberos 5 (2005), http://www.ietf.org/rfc/rfc3961.txt

  23. Cervesato, I.: Typed MSR: Syntax and Examples. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, Springer, Heidelberg (2001)

    Google Scholar 

  24. Durgin, N.A., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset Rewriting and the Complexity of Bounded Security Protocols. J. Comp. Security 12, 247–311 (2004)

    Article  Google Scholar 

  25. Backes, M., Pfitzmann, B., Waidner, M.: A Composable Cryptographic Library with Nested Operations. In: Proc. CCS 2003, pp. 220–230. ACM, New York (2003)

    Google Scholar 

  26. Sprenger, C., Backes, M., Basin, D., Pfitzmann, B., Waidner, M.: Cryptographically sound theorem proving. In: Proc. CSFW 2006, pp. 153–166 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carnegie Mellon University, Qatar

    Iliano Cervesato

  2. Tulane University, USA

    Aaron D. Jaggard

  3. University of Pennsylvania, USA

    Andre Scedrov, Joe-Kai Tsay & Christopher Walstad

Authors
  1. Iliano Cervesato
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aaron D. Jaggard
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andre Scedrov
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joe-Kai Tsay
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christopher Walstad
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Mitsu Okada Ichiro Satoh

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, JK., Walstad, C. (2007). Breaking and Fixing Public-Key Kerberos. In: Okada, M., Satoh, I. (eds) Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues. ASIAN 2006. Lecture Notes in Computer Science, vol 4435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77505-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77505-8_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77504-1

  • Online ISBN: 978-3-540-77505-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation