Advertisement

On the development of a security toolkit for open networks - New security features in SECUDE

  • U. Faltin
  • P. Glöckner
  • U. Viebeg
  • A. Berger
  • H. Giehl
  • D. Hühnlein
  • S. Kolletzki
  • T. Surkau
Part of the DUD-Fachbeiträge book series (DUD)

Abstract

In this article we will discuss the requirements of security toolkits for open networks, explain some important technical details and give a perspective on modern security technology. To illustrate these issues we will focus on the current and future development of SECUDE. We will give a brief overview of the SECUDE [16] structure, emphasize the latest developments and new security APIs, such as improvements in the CRYPT-API, the integration of new smartcards, the Directory access via LDAP, the support of X.509v3 certificates and new security features like GSSv2, PKCS#7,10, S/MEME, BAKO and SURE.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    S. Kolletzki: „Secure Internet Banking with Privacy Enhanced Mail“, Computer Networks and ISDN Systems 28 (1996) 1891–1899CrossRefGoogle Scholar
  2. [2]
    H. Dobbertin: „Welche Hash-Funktionen sind fur digitale Signaturen geeignet?“, Tagungsband „Digitale Signaturen“, Vieweg-Verlag, 1996, ISBN 3–528-05548–0, pp. 81–92Google Scholar
  3. [3]
    H. Dobbertin: „Digitale Fingerabdrücke - Sichere Hashfunktionen für digitale Signaturen“, DuD 2/97, Vieweg, pp. 82–87, 1997Google Scholar
  4. [4]
    J. Linn: „GSS API“ RFCs 1508 and 1509 (C-bindings), Sep. 93Google Scholar
  5. [5]
    J. Linn: „The GSS API Version 2“ RFC 2078, Jan 97Google Scholar
  6. [6]
    C. Adams: „The Simple Public-Key GSS-API Mechanism (SPKM)“, RFC 2025, Jan 96Google Scholar
  7. [7]
    J. Kohl, C. Neumann: “The Kerberos Network Authentication Sendee (V5)” RFC 1510, Sep. 1993Google Scholar
  8. J. Linn: “The Kerberos Version 5 GSS-API Mechanism”, RFC 1964, Juni 1996Google Scholar
  9. [8]
    D. Hühnlein: “Generische Sicherheit - Die GSS-API und drei ihrer Mechanismen”, to appear in FIFF-communication, 3/97Google Scholar
  10. [9]
    University of Michigan Information Technology Division: „LDAP servers, client library and sample text based UNIX clients“ ftp://terminators.itd.umich.edu/x500/ldap/ldap-3.3.tar.Z „Windows Binary Distribution (contains LDAP32.DLL, LEB and header files)" ftp://terminator.rs.itd.umich.edu/x500/ldap/windows
  11. [10]
    J. Linn: „Message Encryption and Authent. Procedures“ RFC 1421, Feb 93 S.Google Scholar
  12. Kent: „Certificate Based Key Management“ RFC 1422, Feb 93Google Scholar
  13. D. Balenson: „Algorithms modes and identifiers“ RFC 1423, Feb 93Google Scholar
  14. B. Kaliski: „Key Certification and related Services“ RFC 1424, Feb 93Google Scholar
  15. [11]
    RSA: „PKCS#1-#11: Public Key Cryptography Standards“, http://www.rsa.com, revised Nov. 1993Google Scholar
  16. [12]
    M. Wahl, T. Howes, S. Killie: „Lightweight Directory Access Protocol (v3) “, 10/1996 ftp://ds.internic.net/internet-drafts/draft-ietf-asid-ldapv3-protocol-03.txt Google Scholar
  17. [13]
    W. Yeong, T. Howes, S. Killie: „CURRENT LDAP Version2“, March 1995 ftp://ds.internic.net/rfc/rfcl.777.txt
  18. [14]
    H. Dobbertin, A. Bosselaers, B. Preneel: „RTPEMD-160: A strengthened version of RIPEMD“, Fast Software Encryption, Cambridge Workshop, LNCS 1039, Springer, 1996, pp. 53–69, corrected version via ftp://esat.kuleuven.ac.be/pub/COSIC/bosselae/ripemd/ CrossRefGoogle Scholar
  19. [15]
    B. Schneier: “Applied Cryptography - Protocols, Algorithms and Source Code in C”, John Wiley & Sons, New York, 1994, ISBN 0–471-59756–2Google Scholar
  20. [16]
    GMD: „SECUDE 5.0 - Hyperlink Documentation“, 1996, http://www.darmstadt.gmd.de/secude/doc/index.htm Google Scholar
  21. [17]
    RSA: „S/MIME Message Specification“, Feb 96, smime-editor@rsa.com.Google Scholar
  22. [18]
    P. Glöckner, S. Kolletzki, M. Wiehert: „Signed Unique References“, to appear in the proceedings of JENC8Google Scholar
  23. [19]
    F. Bauspieß (ed.): „MailTrusT Spezifikation, Version 1.1“, 12/96Google Scholar
  24. [20]
    ISO/EEC JTC 1/SC 21/WG 4 and ITU-T Q15/7: „Final Text of Draft Amendment 1 to ISO/IEC 9594–8 on Certificate Extensions“, December 1996Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden 1997

Authors and Affiliations

  • U. Faltin
    • 1
  • P. Glöckner
    • 1
  • U. Viebeg
    • 1
  • A. Berger
    • 1
  • H. Giehl
    • 1
  • D. Hühnlein
    • 1
  • S. Kolletzki
    • 1
  • T. Surkau
    • 1
  1. 1.GMD — TKT.SIT Security TechnologyDarmstadtDeutschland

Personalised recommendations