Authentication and key distribution in computer networks and distributed systems

  • Rolf Oppliger
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)


Authentication and key distribution systems are used in computer networks and distributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability.


Authentication key distribution Kerberos NetSP SPX TESS SESAME 


  1. Atkins, D. (1993) Charon: Kerberos Extensions For Authentication Over Secondary Networks. Massachusetts Institute of Technology (MIT), Cambridge, MA.Google Scholar
  2. Bauspiess, F., and Knobloch, H.J. (1990) How to Keep Authenticity Alive in a Computer Network. In Proceedings of EUROCRYPT ‘89, 38–46.Google Scholar
  3. Bellovin, S.M., and Merritt, M. (1990) Limitations of the Kerberos Authentication System. ACM Computer Communication Review 20 (5), 119–32.CrossRefGoogle Scholar
  4. Bellovin, S.M., and Merritt, M. (1993) Augmented Encrypted Key Exchange. In Proceedings of the 1st ACM Conference on Communications and Computing Security.Google Scholar
  5. Beth, Th., and Gollmann, D. (1994) Security Systems Based on Exponentiation Primi- tives: TESS — The Exponential Security System. In Proceedings of IFIP SEC’94.Google Scholar
  6. Bird, R., Gopal, I., Herzberg, A., Janson, P.Ar, Kutten, S., Molva, R., and Yung, M. (1995) The KryptoKnight Family of Light-Weight Protocols for Authentication and Key Distribution. IEEE/ACM Transactions on Networking 3 (1), 31–41.CrossRefGoogle Scholar
  7. Denning, D.E., and Sacco, G. (1981) Timestamps in Key Distribution Protocols. Communications of the ACM 2. 4 (8), 533–6.Google Scholar
  8. Ganesan, R. (1995) Yaksha: Augmenting Kerberos with Public Key Cryptography. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, 132–43.CrossRefGoogle Scholar
  9. Gong, L., Lomas, M., Needham, R.M., and Saltzer, J. (1993) Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications 11 (5), 648–56.CrossRefGoogle Scholar
  10. Kohl, J., and Neuman, B.C. (1993) The Kerberos Network Authentication Service (V5). Request for Comments 1510.Google Scholar
  11. McMahon, P. (1995) SESAME V2 Public Key and Authorisation Extensions to Kerberos. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, 114–31.Google Scholar
  12. Molva, R., Tsudik, G., Van Herreweghen, E., and Zatti, S. (1992) KryptoKnight Authentication and Key Distribution System. In Proceedings of ESORICS ‘82, 155–74.Google Scholar
  13. Needham, R.M, and Schroeder, M.D. (1978). Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM 21 (12), 993–9.zbMATHCrossRefGoogle Scholar
  14. Needham, R.M., and Schroeder, M.D. (1987) Authentication Revisited. ACM Operating Systems Review 21 (1), 7.CrossRefGoogle Scholar
  15. Oppliger, R. (1992) Computersicherheit — Eine Einfiihrung. Vieweg-Verlag, Wiesbaden.CrossRefGoogle Scholar
  16. Schiller, J.I. (1994) Secure Distributed Computing. Scientific American November, 72–6.Google Scholar
  17. Schiller, J.I., and Atkins, D. (1995) Scaling the Web of Trust: Combining Kerberos and PGP to Provide Large Scale Authentication. In Proceedings of the Technical Conference on UNIX and Advanced Computing Systems, 83–94.Google Scholar
  18. Schneier, B. (1994) Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, Inc., New York.Google Scholar
  19. Tardo, J., and Alagappan, K. (1991) SPX: Global Authentification Using Public Key Certificates. In Proceedings of the IEEE Symposium on Security and Privacy, 232–44.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 1995

Authors and Affiliations

  • Rolf Oppliger
    • 1
  1. 1.Institute for Computer Science and Applied Mathematics (IAM)University of BerneBernSwitzerland

Personalised recommendations