posted on 2000-11-01, 00:00authored byFrederick Butler, Iliano Cervesato, Andre Scedrov, Aaron D. Jaggard
We give three formalizations of the Kerberos 5 authentication protocol in the Multi-Set Rewriting (MSR) formalism.
One is a high-level formalization containing just enough detail to prove authentication and confidentiality
properties of the protocol. A second formalization refines this by adding a variety of protocol options; we similarly
refine proofs of properties in the first formalization to prove properties of the second formalization. Our third formalization
adds timestamps to the first formalization but has not been analyzed extensively. The various proofs make
use of rank and corank functions, inspired by work of Schneider in CSP, and provide examples of reasoning about
real-world protocols in MSR.We also note some potentially curious protocol behavior; given our positive results, this
does not compromise the security of the protocol.