Beacon based authentication
Reliable authentication of communicating entities is essential for achieving security in a distributed computing environment. The design of such systems as Kerberos, SPX and more recently KryptoKnight and Kuperee, have largely been successful in addressing the problem. The common element with these implementations is the need for a trusted third-party authentication service. This essentially requires a great deal of trust to be invested in the authentication server which adds a level of complexity and reduces system flexibility.
The use of a Beacon to promote trust between communicating parties was first suggested by M. Rabin in “Transactions protected by beacons,” Journal of Computer and System Sciences, Vol 27, pp 256–267, 1983. In this paper we revive Rabin's ideas which have been largely overlooked in the past decade. In particular we present a novel approach to the authentication problem based on a service called Beacon which continuously broadcasts certified nonces. We argue that this approach considerably simplifies the solution to the authentication problem and we illustrate the impact of such a service by “Beaconizing” the well know Needham and Schroeder protocol. The modified protocol would be suitable for deployment at upper layers of the communication stack.
Term IndexBeacon Authentication Network Security Information Security Security Protocol
- 1.D. W. Allan, J. E. Grey, and H. E. Machlan. The national bureau of standards atomic time scale: generation, stability, accuracy and accessibility. In Time and Frequency Theory and Fundamentals, pages 205–231, 1974.Google Scholar
- 3.S. M. Bellovin and M. Merritt. Limitations of the kerberos authentication system. Computer Communications Review, 20(5):119–132, 1990.Google Scholar
- 4.Josh Benaloh and Dwight Tuinstra. Receipt-free secret-ballot election. In Proceedings of the STOC'94, pages 544–553, Montreal, Quebec, Canada, May 1994.Google Scholar
- 6.Thomas Hardjono, Yuliang Zheng, and Jennifer Seberry. Kuperee: An approach to authentication using public keys. In M. Medina and N. Borenstein, editors, Proceedings of the ULPAA '94 International Conference on Upper Layer Protocols, Architectures and Applications, pages 61–72, Barcelona, June 1994.Google Scholar
- 7.J. T. Kohl. The evolution of the kerberos authentication service. In Proceeding of the Spring 1991 European Conference, Tromsø, Norway, 1983.Google Scholar
- 8.Refik Molva, Gene Tsudik, Els Van Herreweghen, and Stefano Zatti. KryptoKnight Authentication and Key Distribution System. In Y. Deswarte, G. Eizenberg, and J.-J. Quisquater, editors, Computer Security — ESORICS 92, number 648 in Lecture Notes in Computer Science, pages 155–174. Springer-Verlag, 1992.Google Scholar
- 11.J. Postel. User datagram protocol. Request for Comments (RFC) 768, 1980.Google Scholar
- 13.Network Working Group Report. Network time protocol specification and implementation. Request for Comments (RFC) 1119, 1989.Google Scholar
- 14.R. Rivest. The MD5 message digest algorithm. Request for Comments, RFC 1321, 1992.Google Scholar
- 16.J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: an authentication service for open network systems. In Proceedings of the 1988 USENIX Winter Conference Dallas, TX, pages 191–202, 1988.Google Scholar
- 17.J. J. Tardo and K. Alagappan. SPX: Global authentication using public key certificates. In IEEE Symposium on Research on Security and Privacy, pages 232–244. IEEE, 1991.Google Scholar
- 18.Y. Zheng, J. Pieprzyk, and J. Seberry. HAVAL — A one-way hashing algorithm with variable length of output. Abstracts of AUSCRYPT'92, Gold Coast, Australia, December 1992.Google Scholar