5th European Symposium on Research in Computer Security (ESORICS 98)
Kerberos Version IV: Inductive Analysis of the Secrecy Goals
Giampaolo Bella, Lawrence C. Paulson
Keywords : secrecy, secure key, non-expired timestamp, inductive method, machine proof
Abstract : An operational model of crypto-protocols is tailored to the detailed analysis of the secrecy goals accomplished by Kerberos Version IV. The model is faithful to the specification of the protocol presented by the MIT technical plan - e.g. timestamping, double session key delivery mechanism are included. It allows an eavesdropper to exploit the shared keys of compromised agents, and admits the accidental loss of expired session keys. Confidentiality is expressed from the viewpoint of each party involved in a protocol run, with particular attention to the assumptions the party relies on. If such assumptions are unrealistic, they highlight weaknesses of the protocol. This is particularly so from the viewpoint of the responder: the model suggests and proves a reasonable correction.
(Pages 361-375)