A Browser-Based Kerberos AuthenticationScheme

摘要

When two players wish to share a security token (e.g., forthe purpose of authentication and accounting), they call a trusted thirdparty. This idea is the essence of Kerberos protocols, which are widelydeployed in a large scale of computer networks. Browser-based Kerberosprotocols are the derivates with the exception that the Kerberos clientapplication is a commodity Web browser. Whereas the native Kerberosprotocol has been repeatedly peer-reviewed without finding flaws, thehistory of browser-based Kerberos protocols is tarnished with negativeresults due to the fact that subtleties of browsers have been disregarded.We propose a browser-based Kerberos protocol based on client certifi-cates and prove its security in the extended formal model for browser-based mutual authentication introduced at ACM ASIACCS08.