Security implications in Kerberos by the introduction of smart cards

Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ... Pub Date : 2012-05-02 DOI:10.1145/2414456.2414490

Nikos Mavrogiannopoulos, A. Pashalidis, B. Preneel

引用次数: 9

Abstract

Public key Kerberos (PKINIT) is a standardized authentication and key establishment protocol which is used by the Windows active directory subsystem. In this paper we show that card-based public key Kerberos is flawed. In particular, access to a user's card enables an adversary to impersonate that user even after the adversary's access to the card is revoked. The attack neither exploits physical properties of the card, nor extracts any of its secrets.

查看原文本刊更多论文

引入智能卡对Kerberos的安全影响

公钥Kerberos (PKINIT)是一种标准化的身份验证和密钥建立协议，用于Windows活动目录子系统。在本文中，我们证明了基于卡的公钥Kerberos存在缺陷。特别是，对用户卡的访问使攻击者能够冒充该用户，即使在攻击者对该卡的访问被撤销之后。攻击既没有利用卡的物理属性，也没有提取任何秘密。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...

自引率

0.00%

发文量