Specifying Kerberos 5 cross-realm authentication

13 years 10 months ago

Download www.qatar.cmu.edu

Cross-realm authentication is a useful and interesting component of Kerberos aimed at enabling secure access to services astride organizational boundaries. We present a formalization of Kerberos 5 cross-realm authentication in MSR, a speciﬁcation language based on multiset rewriting. We also adapt the Dolev-Yao intruder model to the cross-realm setting and prove an important property for a critical ﬁeld in a cross-realm ticket. Finally, we document several failures of authentication and conﬁdentiality in the presence of compromised intermediate realms. Although the current Kerberos speciﬁcations disclaim responsibility for these vulnerabilities, the associated security implications must be highlighted for system administrators to decide whether to adopt this technology and to aid designers with future development.

Iliano Cervesato, Aaron D. Jaggard, Andre Scedrov,

Real-time Traffic

Cross-realm Authentication | Current Kerberos Speciﬁcations | Dolev-Yao Intruder Model | POPL 2005 | Programming Languages |

claim paper

Post Info
More Details (n/a)

Added	26 Jun 2010
Updated	26 Jun 2010
Type	Conference
Year	2005
Where	POPL
Authors	Iliano Cervesato, Aaron D. Jaggard, Andre Scedrov, Christopher Walstad

Comments (0)

Sciweavers

Specifying Kerberos 5 cross-realm authentication

Cross-realm Authentication | Current Kerberos Speciﬁcations | Dolev-Yao Intruder Model | POPL 2005 | Programming Languages |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers