Toward a secure Kerberos key exchange with smart cards

Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user’s card enables an adversary to impersonate that user for an indefinite period of time, ev...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	International journal of information security 2014-06, Vol.13 (3), p.217-228
Hauptverfasser:	Mavrogiannopoulos, Nikos, Pashalidis, Andreas, Preneel, Bart
Format:	Artikel
Sprache:	eng
Schlagworte:	Access methods and protocols, osi model Applied sciences Authentication Bans Cards Coding and Information Theory Communications Engineering Computer Communication Networks Computer information security Computer Science Cryptography Cryptology Exact sciences and technology Information, signal and communications theory Management of Computing and Information Systems Networks Operating Systems Protocol Proving Regular Contribution Security Signal and communications theory Smart cards Telecommunications Telecommunications and information theory Teleprocessing networks. Isdn
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user’s card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary’s access to the card is revoked. In this paper, we extend Shoup’s key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol.
ISSN:	1615-5262 1615-5270
DOI:	10.1007/s10207-013-0213-x