Abstract
Reliable authentication of communicating entities is essential for achieving security in a distributed computing environment. The design of such systems as Kerberos, SPX and more recently KryptoKnight and Kuperee, have largely been successful in addressing the problem. The common element with these implementations is the need for a trusted third-party authentication service. This essentially requires a great deal of trust to be invested in the authentication server which adds a level of complexity and reduces system flexibility.
The use of a Beacon to promote trust between communicating parties was first suggested by M. Rabin in “Transactions protected by beacons,” Journal of Computer and System Sciences, Vol 27, pp 256–267, 1983. In this paper we revive Rabin's ideas which have been largely overlooked in the past decade. In particular we present a novel approach to the authentication problem based on a service called Beacon which continuously broadcasts certified nonces. We argue that this approach considerably simplifies the solution to the authentication problem and we illustrate the impact of such a service by “Beaconizing” the well know Needham and Schroeder protocol. The modified protocol would be suitable for deployment at upper layers of the communication stack.
Chapter PDF
References
D. W. Allan, J. E. Grey, and H. E. Machlan. The national bureau of standards atomic time scale: generation, stability, accuracy and accessibility. In Time and Frequency Theory and Fundamentals, pages 205–231, 1974.
E. Balkovich, S. R. Lerman, and R. P. Parmelee. Computers in higher education: The Athena experience. Communications of the ACM, 28:1214–1224, 1985.
S. M. Bellovin and M. Merritt. Limitations of the kerberos authentication system. Computer Communications Review, 20(5):119–132, 1990.
Josh Benaloh and Dwight Tuinstra. Receipt-free secret-ballot election. In Proceedings of the STOC'94, pages 544–553, Montreal, Quebec, Canada, May 1994.
D. E. Denning and G. M. Sacco. Time-stamps in key distribution protocols. Communications of the ACM, 24(8):533–536, Aug 1981.
Thomas Hardjono, Yuliang Zheng, and Jennifer Seberry. Kuperee: An approach to authentication using public keys. In M. Medina and N. Borenstein, editors, Proceedings of the ULPAA '94 International Conference on Upper Layer Protocols, Architectures and Applications, pages 61–72, Barcelona, June 1994.
J. T. Kohl. The evolution of the kerberos authentication service. In Proceeding of the Spring 1991 European Conference, Tromsø, Norway, 1983.
Refik Molva, Gene Tsudik, Els Van Herreweghen, and Stefano Zatti. KryptoKnight Authentication and Key Distribution System. In Y. Deswarte, G. Eizenberg, and J.-J. Quisquater, editors, Computer Security — ESORICS 92, number 648 in Lecture Notes in Computer Science, pages 155–174. Springer-Verlag, 1992.
R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.
R. M. Needham and M. D. Schroeder. Authentication revisited. ACM Operating Systems Review, 21(1):7, January 1987.
J. Postel. User datagram protocol. Request for Comments (RFC) 768, 1980.
M. O. Rabin. Transactions protected by beacons. Journal of Computer and System Sciences, 27:256–267, 1983.
Network Working Group Report. Network time protocol specification and implementation. Request for Comments (RFC) 1119, 1989.
R. Rivest. The MD5 message digest algorithm. Request for Comments, RFC 1321, 1992.
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.
J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: an authentication service for open network systems. In Proceedings of the 1988 USENIX Winter Conference Dallas, TX, pages 191–202, 1988.
J. J. Tardo and K. Alagappan. SPX: Global authentication using public key certificates. In IEEE Symposium on Research on Security and Privacy, pages 232–244. IEEE, 1991.
Y. Zheng, J. Pieprzyk, and J. Seberry. HAVAL — A one-way hashing algorithm with variable length of output. Abstracts of AUSCRYPT'92, Gold Coast, Australia, December 1992.
Y. Zheng and J. Seberry. Immunizing public key cryptosystems against chosen ciphertext attacks. IEEE Journal on Selected Areas in Communications, 11(5):715–724, 1993.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jiwa, A., Seberry, J., Zheng, Y. (1994). Beacon based authentication. In: Gollmann, D. (eds) Computer Security — ESORICS 94. ESORICS 1994. Lecture Notes in Computer Science, vol 875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58618-0_60
Download citation
DOI: https://doi.org/10.1007/3-540-58618-0_60
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58618-0
Online ISBN: 978-3-540-49034-0
eBook Packages: Springer Book Archive