Abstract
The subject of this paper is the authentication services as found in the Kuperee server. The authentication protocol is based on the Zheng-Seberry public key cryptosystem, and makes use of the distinct features of the cryptosystem. Although couched in the terminology of Kerberos, the protocol has subtle features, such as the binding together of two entities by a third entity, leading to the need of equal co-operation by the two entities in order to complete the authentication procedure. Another important feature is the use of a multi-service ticket to access multiple services offered by different servers. This removes the need of the Client to consult the Trusted Authority each time it needs a service from a Server. In addition, this allows an increased level of parallelism in which several Servers may be concurrently executing applications on behalf of a single Client. The scheme is also extendible to cover a more global scenario in which several realms exist, each under the care of a trusted authority. Finally, the algorithms that implement the scheme are presented in terms of the underlying cryptosystem. Although the scheme currently employs a public key cryptosystem, future developments of the server may combine private key cryptosystems to enhance performance.
Chapter PDF
Similar content being viewed by others
Keywords
- Authentication Protocol
- Authentication Service
- Trust Authority
- Authentication Procedure
- Choose Ciphertext Attack
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
J. G. Steiner, C. Neuman, and J. I. Schiller, “Kerberos: an authentication service for open network systems,” in Proceedings of the 1988 USENIX Winter Conference, (Dallas, TX), pp. 191–202, 1988.
S. M. Bellovin and M. Merritt, “Limitations of the Kerberos authentication system,” Computer Communications Review, vol. 20, no. 5, pp. 119–132, 1990.
J. T. Kohl, “The evolution of the kerberos authentication service,” in Proceedings of the Spring 1991 Eur Open Conference, (Tromsø, Norway), 1991.
E. Balkovich, S. R. Lerman, and R. P. Parmelee, “Computing in higher education: The Athena experience,” Communications of the ACM, vol. 28, pp. 1214–1224, November 1985.
J. J. Tardo and K. Alagappan, “SPX: Global authentication using public-key certificates,” in Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, (Oakland, CA), pp. 232–244, IEEE Computer Society, 1991.
M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson, “The Digital Distributed Systems Security Architecture,” in Proceedings of the 12th National Computer Security Conference, (Baltimore, MD), pp. 305–319, NIST/NCSC, October 1989.
R. Cole, “A model for security in distributed systems,” Computers & Security, vol. 9, no. 4, pp. 319–330, 1990.
T. A. Parker, “A secure European system for applications in a multi-vendor environment (the SESAME project),” in Information Security: An Integrated Approach (J. E. Ettinger, ed.), ch. 11, pp. 139–156, Chapmal & Hall, 1993.
P. Kaijser, T. Parker, and D. Pinkas, “SESAME: The solution to security for open distributed systems,” Computer Communications, vol. 17, no. 4, pp. 501–518, 1994.
R. M. Needham and M. D. Schroeder, “Using encryption for authentication in a large network of computers,” Communications of the ACM, vol. 21, no. 12, pp. 993–999, 1978.
D. E. Denning and G. M. Sacco, “Timestamps in key distribution protocols,” Communications of the ACM, vol. 24, no. 8, pp. 533–536, 1981.
R. M. Needham and M. D. Schroeder, “Authentication revisited,” Operating Systems Review, vol. 21, no. 1, p. 7, 1987.
T. Y. C. Woo and S. S. Lam, “Authentication for distributed systems,” IEEE Computer, vol. 25, pp. 39–52, January 1992.
Y. Zheng and J. Seberry, “Immunizing public key cryptosystems against chosen ciphertext attacks,” IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, pp. 715–724, 1993.
L. Gong, “Increasing availability and security of an authentication service,” IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, pp. 657–662, 1993.
W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644–654, 1976.
T. El Gamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, vol. IT-31, no. 4, pp. 469–472, 1985.
ISO/IEC, “Information Processing Systems — Open Systems Interconnection — The Directory — Information Model,” 1989. ISO/IEC 9594-1.
A. D. Birrell, B. W. Lampson, R. M. Needham, and M. D. Schroeder, “A global authentication service without global trust,” in Proceedings of the 1986 IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 156–172, IEEE Computer Society, 1986.
J. Seberry and J. Pieprzyk, Cryptography: An Introduction to Computer Security. Sydney: Prentice Hall, 1989.
M. R. Garey and D. S. Johnson, Computers and Intractability: A Guide to the Theory of NP Completeness. New York: W. H. Freeman, 1979.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hardjono, T., Seberry, J. (1994). Authentication via multi-service tickets in the Kuperee server. In: Gollmann, D. (eds) Computer Security — ESORICS 94. ESORICS 1994. Lecture Notes in Computer Science, vol 875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58618-0_61
Download citation
DOI: https://doi.org/10.1007/3-540-58618-0_61
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58618-0
Online ISBN: 978-3-540-49034-0
eBook Packages: Springer Book Archive