Netinfo Security ›› 2020, Vol. 20 ›› Issue (12): 91-97.doi: 10.3969/j.issn.1671-1122.2020.12.012

Previous Articles     Next Articles

PUF-based Kerberos Extension Protocol with Formal Analysis

ZHANG Zheng1,2(), ZHA Daren1, LIU Yanan2, FANG Xuming2   

  1. 1. Institute of Information Engineering, CAS, Beijing 100093, China
    2. School of Network Security, Jinling Institute of Technology, Nanjing 211169, China
  • Received:2020-08-02 Online:2020-12-10 Published:2021-01-12
  • Contact: ZHANG Zheng E-mail:zhangzheng@jit.edu.cn

Abstract:

This paper proposes an extended Kerberos protocol based on the physical unclonable function (PUF). In basis of the challenge-response authentication mechanism, this paper employs the PUF challenge-response pairs to substitute the password or the certificate in standard Kerberos protocol, so as to resist the password guessing attack and impersonation attack. The advantages of this extended protocol lie in the following aspects: it provides mutual authentication between the authentication server and the device; the device is not pre-distributed with any password or key, which reduces the storage overhead and the disclosure risk of password or key. The formal analysis based on BAN Logic and comparison with different protocols are both given to prove the security of the PUF-based extended protocol.

Key words: physical unclonable function, Kerberos, authentication, key distribution, BAN logic

CLC Number: