This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Composing Kerberos and Multimedia Internet KEYing (MIKEY) for AuthenticatedTransport of Group Keys
April 2014 (vol. 25 no. 4)
pp. 898-907
Mahesh V. Tripunitara, Dept. of Electr. & Comput. Eng., Univ. of Waterloo, Waterloo, ON, Canada
Jeffrey Lok Tin Woo, Dept. of Electr. & Comput. Eng., Univ. of Waterloo, Waterloo, ON, Canada
We motivate and present two designs for the composition of the authentication protocol, Kerberos, and the key transport protocol, Multimedia Internet KEYing (MIKEY) for authenticated transport of cryptographic keys for secure group-communication in enterprise and public-safety settings. A technical challenge, and our main contribution, is the analysis of the security of the composition. Towards this, we design our compositions to have intuitive appeal and thereby less prone to security vulnerabilities. We then employ protocol composition logic (PCL), a state-of-the-art approach for analyzing our composition. For this, we first articulate two properties that are of interest. Both properties are on the group key that is transported; we call them Group Key Confidentiality and Acquisition. Group Key Confidentiality is the property that if a principal possesses the key, then it is an authorized member of the group. Group Key Acquisition is the property that if a principal is a member of the group, then it is able to acquire the group key. In the course of our rigorous analysis, we discovered a flaw in our first design, which we point out, and which lead us to our second design. We have implemented both designs starting with the publicly available reference implementation of Kerberos, and an open-source implementation of MIKEY. Our implementations are available as open-source. We discuss our experience from the implementation, and present empirical results.
Index Terms:
Protocols,Authentication,Servers,Cryptography,Standards,Message systems,multicast communication,Computer security,cryptographic protocols,authentication
Citation:
Mahesh V. Tripunitara, Jeffrey Lok Tin Woo, "Composing Kerberos and Multimedia Internet KEYing (MIKEY) for AuthenticatedTransport of Group Keys," IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 4, pp. 898-907, April 2014, doi:10.1109/TPDS.2013.81
Usage of this product signifies your acceptance of the Terms of Use.