Composing Kerberos and Multimedia Internet KEYing (MIKEY) for AuthenticatedTransport of Group Keys
We motivate and present two designs for the composition of the authentication protocol, Kerberos, and the key transport protocol, Multimedia Internet KEYing (MIKEY) for authenticated transport of cryptographic keys for secure group-communication in enterprise and public-safety settings. A technical challenge, and our main contribution, is the analysis of the security of the composition. Towards this, we design our compositions to have intuitive appeal and thereby less prone to security vulnerabilities. We then employ protocol composition logic (PCL), a state-of-the-art approach for analyzing our composition. For this, we first articulate two properties that are of interest. Both properties are on the group key that is transported; we call them Group Key Confidentiality and Acquisition. Group Key Confidentiality is the property that if a principal possesses the key, then it is an authorized member of the group. Group Key Acquisition is the property that if a principal is a member of the group, then it is able to acquire the group key. In the course of our rigorous analysis, we discovered a flaw in our first design, which we point out, and which lead us to our second design. We have implemented both designs starting with the publicly available reference implementation of Kerberos, and an open-source implementation of MIKEY. Our implementations are available as open-source. We discuss our experience from the implementation, and present empirical results.
Parallel and Distributed Systems, IEEE Transactions
Internet,cryptographic protocols,multimedia communication,Kerberos,MIKEY,PCL,authenticated transport,cryptographic keys,enterprise settings,group key acquisition,group key confidentiality,multimedia Internet keying,open-source implementation,protocol composition logic,public-safety settings,secure group-communication,security vulnerabilities,Computer security,authentication,cryptographic protocols,multicast communication
Group key,Authentication,Cryptographic protocol,Computer science,Computer security,Cryptography,Computer network,Kerberos,Generic Security Service Algorithm for Secret Key Transaction,Authentication protocol,Multimedia,Key (cryptography)