< Back to previous page
Towards a secure Kerberos key exchange with smart cards
Journal Contribution - Journal Article
Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user's card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary's access to the card is revoked. In this paper, we extend Shoup's key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol. © 2013 Springer-Verlag Berlin Heidelberg.
Journal: International Journal of Information Security
Pages: 217 - 228
Keywords:Computer science/information technology