Date of Original Version

11-2006

Type

Article

Rights Management

doi:10.1016/j.tcs.2006.08.040

Abstract or Table of Contents

We report on the detailed verification of a substantial portion of the Kerberos 5 protocol specification. Because it targeted a deployed protocol rather than an academic abstraction, this multi-year effort led to the development of new analysis methods in order to manage the inherent complexity. This enabled proving that Kerberos supports the expected authentication and confidentiality properties, and that it is structurally sound; these results rely on a pair of intertwined inductions. Our work also detected a number of innocuous but nonetheless unexpected behaviors, and it clearly described how vulnerable the cross-realm authentication support of Kerberos is to the compromise of remote administrative domains.

Comments

Appears in Theoretical Computer Science Volume 367, Issues 1-2, 24 November 2006, Pages 57-87

Share

COinS