Abstract
The authentication of users in distributed systems poses special problems because users lack the ability to encrypt and decrypt. The same problems arise when users wish to delegate some of their authority to nodes, after mutual authentication.
In most systems today, the user is forced to trust the node he wants to use. In a more satisfactory design, the user carries a smart-card with sufficient computing power to assist him; the card provides encryption and decryption capabilities for authentication and delegation.
Authentication is relatively straightforward with a powerful enough smartcard. smart-card. However, for practical reasons, protocols that place few demands on smartcards smart-cards should be considered. These protocols are subtle, as they rely on fairly complex trust relations between the principals in the system (users, hosts, services). In this paper, we discuss a range of public-key smart-card protocols, and analyze their assumptions and the guarantees they offer.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
M. Abadi and M. Tuttle. A Semantics for a Logic of Authentication, to appear in Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, Montreal, August 1991.
M. Burrows, M. Abadi, and R.M. Needham. A Logic of Authentication, Proceedings of the Royal Society of London A Vol. 426, 1989, pp. 233–271. A preliminary version appeared as Digital Equipment Corporation Systems Research Center report No. 39, February 1989.
CCITT. CCITT Blue Book, Recommendation X.509 and ISO 9594-8: The Directory-Authentication Framework. Geneva, March 1988.
D. Chaum and I. Schaumüller-Bichl, editors. Smart Card 2000: The Future of IC Cards, Proceedings of the IFIP WG 11.6 International Conference on Smart Card 2000: The Future of IC Cards, Laxenburg, Austria, October, 1987. North-Holland, Amsterdam, 1989.
National Bureau of Standards. Data Encryption Standard. Fed. Inform. Processing Standards Pub. 46. Washington DC, January 1977.
W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, No. 6, November 1976, pp. 644–654.
M. Gasser, A. Goldstein, C. Kaufman, B. Lampson. The Digital Distributed System Security Architecture. Proceedings of the 1989 National Computer Security Conference, Baltimore, October 1989, pp. 305–319.
U. Feige, A. Fiat, A. Shamir. Zero Knowledge Proofs of Identity. Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, New York, May 1987, pp. 210–217.
M. Gasser, E. McDermott. An Architecture for Practical Delegation in a Distributed System. Proceedings of the 1990 IEEE Symposium on Security and Privacy, Oakland, May 1990, pp. 20–30.
C.A.R. Hoare. An Axiomatic Basis for Computer Programming, CACM Vol. 12, No. 10, October 1969, pp. 576–580.
S.P. Miller, C. Neuman, J.I. Schiller, and J.H. Saltzer. Kerberos Authentication and Authorization System. Project Athena Technical Plan Section E.2.1, MIT, July 1987.
R.M. Needham and M.D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. CACM Vol. 21, No. 12, December 1978, pp. 993–999.
R.L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-key Cryptosystems, CACM Vol. 21, No. 2, February 1978, pp. 120–126.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1991 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abadi, M., Burrows, M., Kaufman, C., Lampson, B. (1991). Authentication and delegation with smart-cards. In: Ito, T., Meyer, A.R. (eds) Theoretical Aspects of Computer Software. TACS 1991. Lecture Notes in Computer Science, vol 526. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-54415-1_53
Download citation
DOI: https://doi.org/10.1007/3-540-54415-1_53
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-54415-9
Online ISBN: 978-3-540-47617-7
eBook Packages: Springer Book Archive