Authentication via multi-service tickets in the Kuperee server

Extended abstract
  • Thomas Hardjono
  • Jennifer Seberry
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)


The subject of this paper is the authentication services as found in the Kuperee server. The authentication protocol is based on the Zheng-Seberry public key cryptosystem, and makes use of the distinct features of the cryptosystem. Although couched in the terminology of Kerberos, the protocol has subtle features, such as the binding together of two entities by a third entity, leading to the need of equal co-operation by the two entities in order to complete the authentication procedure. Another important feature is the use of a multi-service ticket to access multiple services offered by different servers. This removes the need of the Client to consult the Trusted Authority each time it needs a service from a Server. In addition, this allows an increased level of parallelism in which several Servers may be concurrently executing applications on behalf of a single Client. The scheme is also extendible to cover a more global scenario in which several realms exist, each under the care of a trusted authority. Finally, the algorithms that implement the scheme are presented in terms of the underlying cryptosystem. Although the scheme currently employs a public key cryptosystem, future developments of the server may combine private key cryptosystems to enhance performance.


Authentication Protocol Authentication Service Trust Authority Authentication Procedure Choose Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    J. G. Steiner, C. Neuman, and J. I. Schiller, “Kerberos: an authentication service for open network systems,” in Proceedings of the 1988 USENIX Winter Conference, (Dallas, TX), pp. 191–202, 1988.Google Scholar
  2. 2.
    S. M. Bellovin and M. Merritt, “Limitations of the Kerberos authentication system,” Computer Communications Review, vol. 20, no. 5, pp. 119–132, 1990.CrossRefGoogle Scholar
  3. 3.
    J. T. Kohl, “The evolution of the kerberos authentication service,” in Proceedings of the Spring 1991 Eur Open Conference, (Tromsø, Norway), 1991.Google Scholar
  4. 4.
    E. Balkovich, S. R. Lerman, and R. P. Parmelee, “Computing in higher education: The Athena experience,” Communications of the ACM, vol. 28, pp. 1214–1224, November 1985.CrossRefGoogle Scholar
  5. 5.
    J. J. Tardo and K. Alagappan, “SPX: Global authentication using public-key certificates,” in Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, (Oakland, CA), pp. 232–244, IEEE Computer Society, 1991.Google Scholar
  6. 6.
    M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson, “The Digital Distributed Systems Security Architecture,” in Proceedings of the 12th National Computer Security Conference, (Baltimore, MD), pp. 305–319, NIST/NCSC, October 1989.Google Scholar
  7. 7.
    R. Cole, “A model for security in distributed systems,” Computers & Security, vol. 9, no. 4, pp. 319–330, 1990.Google Scholar
  8. 8.
    T. A. Parker, “A secure European system for applications in a multi-vendor environment (the SESAME project),” in Information Security: An Integrated Approach (J. E. Ettinger, ed.), ch. 11, pp. 139–156, Chapmal & Hall, 1993.Google Scholar
  9. 9.
    P. Kaijser, T. Parker, and D. Pinkas, “SESAME: The solution to security for open distributed systems,” Computer Communications, vol. 17, no. 4, pp. 501–518, 1994.CrossRefGoogle Scholar
  10. 10.
    R. M. Needham and M. D. Schroeder, “Using encryption for authentication in a large network of computers,” Communications of the ACM, vol. 21, no. 12, pp. 993–999, 1978.CrossRefGoogle Scholar
  11. 11.
    D. E. Denning and G. M. Sacco, “Timestamps in key distribution protocols,” Communications of the ACM, vol. 24, no. 8, pp. 533–536, 1981.CrossRefGoogle Scholar
  12. 12.
    R. M. Needham and M. D. Schroeder, “Authentication revisited,” Operating Systems Review, vol. 21, no. 1, p. 7, 1987.CrossRefGoogle Scholar
  13. 13.
    T. Y. C. Woo and S. S. Lam, “Authentication for distributed systems,” IEEE Computer, vol. 25, pp. 39–52, January 1992.Google Scholar
  14. 14.
    Y. Zheng and J. Seberry, “Immunizing public key cryptosystems against chosen ciphertext attacks,” IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, pp. 715–724, 1993.Google Scholar
  15. 15.
    L. Gong, “Increasing availability and security of an authentication service,” IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, pp. 657–662, 1993.CrossRefGoogle Scholar
  16. 16.
    W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644–654, 1976.CrossRefGoogle Scholar
  17. 17.
    T. El Gamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, vol. IT-31, no. 4, pp. 469–472, 1985.CrossRefGoogle Scholar
  18. 18.
    ISO/IEC, “Information Processing Systems — Open Systems Interconnection — The Directory — Information Model,” 1989. ISO/IEC 9594-1.Google Scholar
  19. 19.
    A. D. Birrell, B. W. Lampson, R. M. Needham, and M. D. Schroeder, “A global authentication service without global trust,” in Proceedings of the 1986 IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 156–172, IEEE Computer Society, 1986.Google Scholar
  20. 20.
    J. Seberry and J. Pieprzyk, Cryptography: An Introduction to Computer Security. Sydney: Prentice Hall, 1989.Google Scholar
  21. 21.
    M. R. Garey and D. S. Johnson, Computers and Intractability: A Guide to the Theory of NP Completeness. New York: W. H. Freeman, 1979.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Thomas Hardjono
    • 1
    • 2
  • Jennifer Seberry
    • 1
  1. 1.Centre for Computer Security ResearchUniversity of WollongongWollongongAustralia
  2. 2.Department of Computing and Information SystemsUniversity of Western Sydney at MacarthurCampbelltownAustralia

Personalised recommendations