Toward a secure Kerberos key exchange with smart cards View Full Text


Ontology type: schema:ScholarlyArticle      Open Access: True


Article Info

DATE

2013-10-04

AUTHORS

Nikos Mavrogiannopoulos, Andreas Pashalidis, Bart Preneel

ABSTRACT

Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user’s card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary’s access to the card is revoked. In this paper, we extend Shoup’s key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol. More... »

PAGES

217-228

References to SciGraph publications

  • 1995. Robustness Principles for Public Key Protocols in ADVANCES IN CRYPTOLOGY — CRYPT0’ 95
  • 2008-01-01. Formal Proofs of Cryptographic Security of Diffie-Hellman-Based Protocols in TRUSTWORTHY GLOBAL COMPUTING
  • 1996. Session Key Distribution Using Smart Cards in ADVANCES IN CRYPTOLOGY — EUROCRYPT ’96
  • 1997. Key agreement protocols and their security analysis in CRYTOGRAPHY AND CODING
  • 1991. Authentication and delegation with smart-cards in THEORETICAL ASPECTS OF COMPUTER SOFTWARE
  • 2011-04-20. Cryptographically sound security proofs for basic and public-key Kerberos in INTERNATIONAL JOURNAL OF INFORMATION SECURITY
  • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/s10207-013-0213-x

    DOI

    http://dx.doi.org/10.1007/s10207-013-0213-x

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1017322816


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information and Computing Sciences", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Artificial Intelligence and Image Processing", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven-Heverlee, Belgium", 
              "id": "http://www.grid.ac/institutes/grid.5596.f", 
              "name": [
                "Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven-Heverlee, Belgium"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Mavrogiannopoulos", 
            "givenName": "Nikos", 
            "id": "sg:person.011472674207.28", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011472674207.28"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven-Heverlee, Belgium", 
              "id": "http://www.grid.ac/institutes/grid.5596.f", 
              "name": [
                "Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven-Heverlee, Belgium"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Pashalidis", 
            "givenName": "Andreas", 
            "id": "sg:person.012762402232.97", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012762402232.97"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven-Heverlee, Belgium", 
              "id": "http://www.grid.ac/institutes/grid.5596.f", 
              "name": [
                "Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven-Heverlee, Belgium"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Preneel", 
            "givenName": "Bart", 
            "id": "sg:person.011115044357.39", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39"
            ], 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/s10207-011-0125-6", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1000777228", 
              "https://doi.org/10.1007/s10207-011-0125-6"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-54415-1_53", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1045395953", 
              "https://doi.org/10.1007/3-540-54415-1_53"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/bfb0024447", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1023078210", 
              "https://doi.org/10.1007/bfb0024447"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-68339-9_28", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1014782910", 
              "https://doi.org/10.1007/3-540-68339-9_28"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-44750-4_19", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1001067379", 
              "https://doi.org/10.1007/3-540-44750-4_19"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-78663-4_21", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1014581890", 
              "https://doi.org/10.1007/978-3-540-78663-4_21"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2013-10-04", 
        "datePublishedReg": "2013-10-04", 
        "description": "Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user\u2019s card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary\u2019s access to the card is revoked. In this paper, we extend Shoup\u2019s key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol.", 
        "genre": "article", 
        "id": "sg:pub.10.1007/s10207-013-0213-x", 
        "isAccessibleForFree": true, 
        "isPartOf": [
          {
            "id": "sg:journal.1136826", 
            "issn": [
              "1615-5262", 
              "1615-5270"
            ], 
            "name": "International Journal of Information Security", 
            "publisher": "Springer Nature", 
            "type": "Periodical"
          }, 
          {
            "issueNumber": "3", 
            "type": "PublicationIssue"
          }, 
          {
            "type": "PublicationVolume", 
            "volumeNumber": "13"
          }
        ], 
        "keywords": [
          "smart cards", 
          "public-key Kerberos", 
          "key establishment protocol", 
          "standard authentication", 
          "user card", 
          "adversary access", 
          "security flaws", 
          "security model", 
          "secure protocol", 
          "key exchange", 
          "establishment protocol", 
          "PKINIT", 
          "cards", 
          "temporary access", 
          "Kerberos", 
          "authentication", 
          "access", 
          "adversary", 
          "users", 
          "fixes", 
          "protocol", 
          "formalization", 
          "model", 
          "flaws", 
          "proof", 
          "exchange", 
          "time", 
          "indefinite period", 
          "period", 
          "paper"
        ], 
        "name": "Toward a secure Kerberos key exchange with smart cards", 
        "pagination": "217-228", 
        "productId": [
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1017322816"
            ]
          }, 
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/s10207-013-0213-x"
            ]
          }
        ], 
        "sameAs": [
          "https://doi.org/10.1007/s10207-013-0213-x", 
          "https://app.dimensions.ai/details/publication/pub.1017322816"
        ], 
        "sdDataset": "articles", 
        "sdDatePublished": "2022-10-01T06:38", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-springernature-scigraph/baseset/20221001/entities/gbq_results/article/article_594.jsonl", 
        "type": "ScholarlyArticle", 
        "url": "https://doi.org/10.1007/s10207-013-0213-x"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s10207-013-0213-x'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s10207-013-0213-x'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s10207-013-0213-x'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s10207-013-0213-x'


     

    This table displays all metadata directly associated to this object as RDF triples.

    125 TRIPLES      21 PREDICATES      60 URIs      46 LITERALS      6 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/s10207-013-0213-x schema:about anzsrc-for:08
    2 anzsrc-for:0801
    3 schema:author Nf2809933c666415a885ba30aa8b39e41
    4 schema:citation sg:pub.10.1007/3-540-44750-4_19
    5 sg:pub.10.1007/3-540-54415-1_53
    6 sg:pub.10.1007/3-540-68339-9_28
    7 sg:pub.10.1007/978-3-540-78663-4_21
    8 sg:pub.10.1007/bfb0024447
    9 sg:pub.10.1007/s10207-011-0125-6
    10 schema:datePublished 2013-10-04
    11 schema:datePublishedReg 2013-10-04
    12 schema:description Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user’s card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary’s access to the card is revoked. In this paper, we extend Shoup’s key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol.
    13 schema:genre article
    14 schema:isAccessibleForFree true
    15 schema:isPartOf N5131504be4be495e8fa36c6e8bf0610b
    16 N723f910e886b4765b517d3cf1a9b7441
    17 sg:journal.1136826
    18 schema:keywords Kerberos
    19 PKINIT
    20 access
    21 adversary
    22 adversary access
    23 authentication
    24 cards
    25 establishment protocol
    26 exchange
    27 fixes
    28 flaws
    29 formalization
    30 indefinite period
    31 key establishment protocol
    32 key exchange
    33 model
    34 paper
    35 period
    36 proof
    37 protocol
    38 public-key Kerberos
    39 secure protocol
    40 security flaws
    41 security model
    42 smart cards
    43 standard authentication
    44 temporary access
    45 time
    46 user card
    47 users
    48 schema:name Toward a secure Kerberos key exchange with smart cards
    49 schema:pagination 217-228
    50 schema:productId N6a17a1fdfc8f471b9343c3a3b4945045
    51 Na4d33e76fb954e679be056b72589db80
    52 schema:sameAs https://app.dimensions.ai/details/publication/pub.1017322816
    53 https://doi.org/10.1007/s10207-013-0213-x
    54 schema:sdDatePublished 2022-10-01T06:38
    55 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    56 schema:sdPublisher Nd93bb61778ae47beb43cab2ea4997194
    57 schema:url https://doi.org/10.1007/s10207-013-0213-x
    58 sgo:license sg:explorer/license/
    59 sgo:sdDataset articles
    60 rdf:type schema:ScholarlyArticle
    61 N5131504be4be495e8fa36c6e8bf0610b schema:volumeNumber 13
    62 rdf:type schema:PublicationVolume
    63 N6a17a1fdfc8f471b9343c3a3b4945045 schema:name dimensions_id
    64 schema:value pub.1017322816
    65 rdf:type schema:PropertyValue
    66 N723f910e886b4765b517d3cf1a9b7441 schema:issueNumber 3
    67 rdf:type schema:PublicationIssue
    68 N8cb50e173ead48daa727d3154dc2f062 rdf:first sg:person.011115044357.39
    69 rdf:rest rdf:nil
    70 Na4d33e76fb954e679be056b72589db80 schema:name doi
    71 schema:value 10.1007/s10207-013-0213-x
    72 rdf:type schema:PropertyValue
    73 Nd93bb61778ae47beb43cab2ea4997194 schema:name Springer Nature - SN SciGraph project
    74 rdf:type schema:Organization
    75 Ne0e1b93329ce47e4aadacbdaed7b02d4 rdf:first sg:person.012762402232.97
    76 rdf:rest N8cb50e173ead48daa727d3154dc2f062
    77 Nf2809933c666415a885ba30aa8b39e41 rdf:first sg:person.011472674207.28
    78 rdf:rest Ne0e1b93329ce47e4aadacbdaed7b02d4
    79 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    80 schema:name Information and Computing Sciences
    81 rdf:type schema:DefinedTerm
    82 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
    83 schema:name Artificial Intelligence and Image Processing
    84 rdf:type schema:DefinedTerm
    85 sg:journal.1136826 schema:issn 1615-5262
    86 1615-5270
    87 schema:name International Journal of Information Security
    88 schema:publisher Springer Nature
    89 rdf:type schema:Periodical
    90 sg:person.011115044357.39 schema:affiliation grid-institutes:grid.5596.f
    91 schema:familyName Preneel
    92 schema:givenName Bart
    93 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39
    94 rdf:type schema:Person
    95 sg:person.011472674207.28 schema:affiliation grid-institutes:grid.5596.f
    96 schema:familyName Mavrogiannopoulos
    97 schema:givenName Nikos
    98 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011472674207.28
    99 rdf:type schema:Person
    100 sg:person.012762402232.97 schema:affiliation grid-institutes:grid.5596.f
    101 schema:familyName Pashalidis
    102 schema:givenName Andreas
    103 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012762402232.97
    104 rdf:type schema:Person
    105 sg:pub.10.1007/3-540-44750-4_19 schema:sameAs https://app.dimensions.ai/details/publication/pub.1001067379
    106 https://doi.org/10.1007/3-540-44750-4_19
    107 rdf:type schema:CreativeWork
    108 sg:pub.10.1007/3-540-54415-1_53 schema:sameAs https://app.dimensions.ai/details/publication/pub.1045395953
    109 https://doi.org/10.1007/3-540-54415-1_53
    110 rdf:type schema:CreativeWork
    111 sg:pub.10.1007/3-540-68339-9_28 schema:sameAs https://app.dimensions.ai/details/publication/pub.1014782910
    112 https://doi.org/10.1007/3-540-68339-9_28
    113 rdf:type schema:CreativeWork
    114 sg:pub.10.1007/978-3-540-78663-4_21 schema:sameAs https://app.dimensions.ai/details/publication/pub.1014581890
    115 https://doi.org/10.1007/978-3-540-78663-4_21
    116 rdf:type schema:CreativeWork
    117 sg:pub.10.1007/bfb0024447 schema:sameAs https://app.dimensions.ai/details/publication/pub.1023078210
    118 https://doi.org/10.1007/bfb0024447
    119 rdf:type schema:CreativeWork
    120 sg:pub.10.1007/s10207-011-0125-6 schema:sameAs https://app.dimensions.ai/details/publication/pub.1000777228
    121 https://doi.org/10.1007/s10207-011-0125-6
    122 rdf:type schema:CreativeWork
    123 grid-institutes:grid.5596.f schema:alternateName Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven-Heverlee, Belgium
    124 schema:name Department of Electrical Engineering/COSIC, KU Leuven, iMinds, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven-Heverlee, Belgium
    125 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...