Discrete Logarithm Based Protocols
The Exponential Security System (TESS) developed at the European Institute for System Security is the result of an attempt to increase the security in heterogenous computer networks.
In this paper we present the cryptographic protocols in the kernel of TESS. We show how they can be used to implement access control, authentication, confidentiality protection, key exchange, digital signatures and distributed network security management.
We also look at the compatibility of TESS with existing standards, like the X.509 Directory Authentication Framework, and compare it to established systems like Kerberos. A comparison of TESS with the non-electronic “paper”-world of authentication and data exchange shows strong parallels.
Finally we give a short overview of the current state of development and availability of different TESS components.
KeywordsSmart Card Signature Scheme Discrete Logarithm Certification Authority Cryptographic Protocol
- [BaKn89]F. Bauspieß, H.-J. Knobloch, How to Keep Authenticity Alive in a Computer Network, Adv. in Cryptology-EUROCRYPT’ 89, Springer, Berlin 1990, pp. 38–46.Google Scholar
- [Baus90]F. Bauspieß, SELANE-An Approach to Secure Networks, Abstracts of SECURICOM’ 90, Paris 1990.Google Scholar
- [CCIT88]CCITT, Recommendation X.509: The Directory-Authentication Framework, Blue Book-Melbourne 1988, Fascicle VIII.8: Data communication networks: directory, International Telecommunication Union, Geneva 1989, pp. 48–81.Google Scholar
- [ChEG87]D. Chaum, J. H. Evertse, J. van de Graaf, An Improved Protocol for Demonstrating Possession of Discrete Logarithms and some Generalizations, Adv. in Cryptology-EUROCRYPT’ 87, Springer, Berlin 1988, pp. 127–141.Google Scholar
- [Gira91]M. Girault, Self-Certified Public Keys, Adv. in Cryptology-EUROCRYPT’ 91, this volume.Google Scholar
- [Günt89]C. G. Günther, Diffie-Hellman and El-Gamal Protocols with One Single Authentication Key, Adv. in Cryptology-EUROCRYPT’ 89, Springer, Verlin 1990, pp. 29–37.Google Scholar
- [HoKn91]P. Horster, H.-J. Knobloch, Protocols for Secure Networks, Abstracts of SECURICOM’ 91, Paris 1991.Google Scholar
- [MNSS87]S. P. Miller, B. C. Neuman, J. I. Schiller, J. H. Saltzer, Section E.2.1: Kerberos Authentication and Authorization System, MIT Project Athena, Cambridge, Ma., 1987.Google Scholar
- [Odly84]A. M. Odlyzko, Discrete Logarithms in Finite Fields and their Cryptographic Significance, Adv. in Cryptology-EUROCRYPT’ 84, Springer, Berlin 1985, pp. 224–314.Google Scholar
- [Schn89]C. P. Schnorr, Efficient Identification and Signatures for Smart Cards, Adv. in Cryptology-CRYPTO’ 89, Springer, Berlin 1990, pp. 239–251.Google Scholar