Advertisement

Beacon based authentication

  • Azad Jiwa
  • Jennifer Seberry
  • Yuliang Zheng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)

Abstract

Reliable authentication of communicating entities is essential for achieving security in a distributed computing environment. The design of such systems as Kerberos, SPX and more recently KryptoKnight and Kuperee, have largely been successful in addressing the problem. The common element with these implementations is the need for a trusted third-party authentication service. This essentially requires a great deal of trust to be invested in the authentication server which adds a level of complexity and reduces system flexibility.

The use of a Beacon to promote trust between communicating parties was first suggested by M. Rabin in “Transactions protected by beacons,” Journal of Computer and System Sciences, Vol 27, pp 256–267, 1983. In this paper we revive Rabin's ideas which have been largely overlooked in the past decade. In particular we present a novel approach to the authentication problem based on a service called Beacon which continuously broadcasts certified nonces. We argue that this approach considerably simplifies the solution to the authentication problem and we illustrate the impact of such a service by “Beaconizing” the well know Needham and Schroeder protocol. The modified protocol would be suitable for deployment at upper layers of the communication stack.

Term Index

Beacon Authentication Network Security Information Security Security Protocol 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    D. W. Allan, J. E. Grey, and H. E. Machlan. The national bureau of standards atomic time scale: generation, stability, accuracy and accessibility. In Time and Frequency Theory and Fundamentals, pages 205–231, 1974.Google Scholar
  2. 2.
    E. Balkovich, S. R. Lerman, and R. P. Parmelee. Computers in higher education: The Athena experience. Communications of the ACM, 28:1214–1224, 1985.CrossRefGoogle Scholar
  3. 3.
    S. M. Bellovin and M. Merritt. Limitations of the kerberos authentication system. Computer Communications Review, 20(5):119–132, 1990.Google Scholar
  4. 4.
    Josh Benaloh and Dwight Tuinstra. Receipt-free secret-ballot election. In Proceedings of the STOC'94, pages 544–553, Montreal, Quebec, Canada, May 1994.Google Scholar
  5. 5.
    D. E. Denning and G. M. Sacco. Time-stamps in key distribution protocols. Communications of the ACM, 24(8):533–536, Aug 1981.CrossRefGoogle Scholar
  6. 6.
    Thomas Hardjono, Yuliang Zheng, and Jennifer Seberry. Kuperee: An approach to authentication using public keys. In M. Medina and N. Borenstein, editors, Proceedings of the ULPAA '94 International Conference on Upper Layer Protocols, Architectures and Applications, pages 61–72, Barcelona, June 1994.Google Scholar
  7. 7.
    J. T. Kohl. The evolution of the kerberos authentication service. In Proceeding of the Spring 1991 European Conference, Tromsø, Norway, 1983.Google Scholar
  8. 8.
    Refik Molva, Gene Tsudik, Els Van Herreweghen, and Stefano Zatti. KryptoKnight Authentication and Key Distribution System. In Y. Deswarte, G. Eizenberg, and J.-J. Quisquater, editors, Computer Security — ESORICS 92, number 648 in Lecture Notes in Computer Science, pages 155–174. Springer-Verlag, 1992.Google Scholar
  9. 9.
    R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.CrossRefGoogle Scholar
  10. 10.
    R. M. Needham and M. D. Schroeder. Authentication revisited. ACM Operating Systems Review, 21(1):7, January 1987.CrossRefGoogle Scholar
  11. 11.
    J. Postel. User datagram protocol. Request for Comments (RFC) 768, 1980.Google Scholar
  12. 12.
    M. O. Rabin. Transactions protected by beacons. Journal of Computer and System Sciences, 27:256–267, 1983.CrossRefGoogle Scholar
  13. 13.
    Network Working Group Report. Network time protocol specification and implementation. Request for Comments (RFC) 1119, 1989.Google Scholar
  14. 14.
    R. Rivest. The MD5 message digest algorithm. Request for Comments, RFC 1321, 1992.Google Scholar
  15. 15.
    R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.CrossRefGoogle Scholar
  16. 16.
    J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: an authentication service for open network systems. In Proceedings of the 1988 USENIX Winter Conference Dallas, TX, pages 191–202, 1988.Google Scholar
  17. 17.
    J. J. Tardo and K. Alagappan. SPX: Global authentication using public key certificates. In IEEE Symposium on Research on Security and Privacy, pages 232–244. IEEE, 1991.Google Scholar
  18. 18.
    Y. Zheng, J. Pieprzyk, and J. Seberry. HAVAL — A one-way hashing algorithm with variable length of output. Abstracts of AUSCRYPT'92, Gold Coast, Australia, December 1992.Google Scholar
  19. 19.
    Y. Zheng and J. Seberry. Immunizing public key cryptosystems against chosen ciphertext attacks. IEEE Journal on Selected Areas in Communications, 11(5):715–724, 1993.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Azad Jiwa
    • 1
  • Jennifer Seberry
    • 1
  • Yuliang Zheng
    • 1
  1. 1.Centre for Computer Security ResearchUniversity of WollongongWollongongAustralia

Personalised recommendations