< Back to previous page


Towards a secure Kerberos key exchange with smart cards

Journal Contribution - Journal Article

Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user's card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary's access to the card is revoked. In this paper, we extend Shoup's key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol. © 2013 Springer-Verlag Berlin Heidelberg.
Journal: International Journal of Information Security
ISSN: 1615-5262
Issue: 3
Volume: 13
Pages: 217 - 228
Publication year:2014
Keywords:Computer science/information technology