Breaking and fixing public-key Kerberos

We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Ke...

Full description

Saved in:
Bibliographic Details
Published in:Information and computation 2008-02, Vol.206 (2), p.402-424
Main Authors: Cervesato, Iliano, Jaggard, Aaron D., Scedrov, Andre, Tsay, Joe-Kai, Walstad, Christopher
Format: Article
Language:English
Subjects:
Applied sciences
Authentication protocols
Computer science
control theory
systems
Computer security
Exact sciences and technology
Kerberos
Man-in-the-middle attack
Miscellaneous
PKINIT
Protocol verification
Software
Software engineering
Theoretical computing
Utility programs
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We report on a man-in-the-middle attack on PKINIT, the public key extension of the widely deployed Kerberos 5 authentication protocol. This flaw allows an attacker to impersonate Kerberos administrative principals (KDC) and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys that the KDC would normally generate to encrypt the service requests of this client, hence defeating confidentiality as well. The discovery of this attack caused the IETF to change the specification of PKINIT and Microsoft to release a security update for some Windows operating systems. We discovered this attack as part of an ongoing formal analysis of the Kerberos protocol suite, and we have formally verified several possible fixes to PKINIT—including the one adopted by the IETF—that prevent our attack as well as other authentication and secrecy properties of Kerberos with PKINIT.
ISSN:0890-5401
1090-2651
DOI:10.1016/j.ic.2007.05.005