Robust and secure password and key change method

  • Ralf Hauser
  • Philippe Janson
  • Refik Molva
  • Gene Tsudik
  • Els Van Herreweghen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)


This paper discusses issues and idiosyncrasies associated with changing passwords and keys in distributed computer systems. Current approaches are often complicated and fail to provide the desired level of security and fault tolerance. A novel and very simple approach to changing passwords/keys is presented and analyzed. It provides a means for human users and service programs to change passwords and keys in a robust and secure fashion.


Authentication Protocol Replay Attack Message Authentication Code Integrity Check Admin Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    National Bureau of Standards, Federal Information Processing Standards, National Bureau of Standards, Publication 46, 1977.Google Scholar
  2. 2.
    J. G. Steiner, B. C. Neuman, J. I. Schiller, Kerberos: An authentication service for open network systems, Usenix Conference Proceedings, Dallas, Texas, pp. 191–202, February 1988.Google Scholar
  3. 3.
    Open Software Foundation, DGE User's Reference Manual, Cambridge, Massachusetts, 1992.Google Scholar
  4. 4.
    S. M. Bellovin, M. Merrit, Limitations of the Kerberos Authentication System, Computer Communication Review, vol. 20(5), pp. 119–132, October 1990.CrossRefGoogle Scholar
  5. 5.
    G. Tsudik, E. Van Herreweghen, On Simple and Secure Key Distribution, Proceedings of 1993 ACM Conference on Computer and Communications Security, November 1993.Google Scholar
  6. 6.
    R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, M. Yung, Systematic Design of a Family of Attack-Resistant Authentication Protocols, IEEE JSAC Special Issue on Secure Communications, July 1993.Google Scholar
  7. 7.
    R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, M. Yung, A Modular Family of Secure Protocols for Authentication and Key Distribution (DRAFT) in submission to IEEE Transactions on Communications, August 1993.Google Scholar
  8. 8.
    R. Molva, G. Tsudik, E. Van Herreweghen, S. Zatti, Kryp to Knight Authentication and Key Distribution Service, Proceedings of ESORICS 92, October 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Ralf Hauser
    • 1
  • Philippe Janson
    • 1
  • Refik Molva
    • 2
  • Gene Tsudik
    • 1
  • Els Van Herreweghen
    • 1
  1. 1.IBM Research LaboratoryRüschlikonSwitzerland
  2. 2.EURECOM InstituteValbonneFrance

Personalised recommendations