V.Varadharajan, P. Allen, and S. Black. An Analysis of the Proxy Problem in Distributed System. In Proceedings of the IEEE Symposium on Security and Privacy, 1991. 9  Home/Search   Document Not in Database   Summary   Related Articles   Check

....common. As a result the available literature is somewhat limited. Dele1 gation has been considered for Kerberos [KN93] and DSSA [GM90] which led to our decision to compare our system to these. Other work includes a precursor to the Kerberos work [Sol88] and a good overview of delegation issues [VAB91]. Current delegation systems have various tradeoffs in scalability, revocation and processing requirement; the method we present minimizes processing and enables frequent revocation. Other systems use message ports for communication, including Mach [Ras86] and V [Che88] Anderson and Rangan have ....

....delegation and must be supported by authentication systems used in large distributed systems. Using the above example, the entity A is the delegator and B is the delegate. Some of the issues that must be considered for a delegation system are presented below. The interested reader is referred to [VAB91] for more detail on some of these issues. Revocation After a delegation is issued, the delegator may at some later time lose trust in the delegate and desire to invalidate all delegations given to that delegate. Cascading The delegate may rely on a third entity to perform the action requested by ....

Vijay Varadharajan, Phillip Allen, and Stewart Black. An Analysis of the Proxy Problem in Distributed Systems. In Symposium on Research in Security and Privacy, pages 255--275. IEEE, 1991.

....with access to the original signer s certified public key. Applications and background. Proxy signatures have found numerous practical applications, particularly in distributed computing where delegation of rights is quite common. Examples discussed in the literature include distributed systems [22, 33], Grid computing [7] mobile agent applications [11, 15] distributed shared object systems [18] global distribution networks [2] and mobile communications [24] The proxy signature primitive and the first e#cient solution were introduced by Mambo, Usuda and Okamoto [19] Since then proxy ....

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proceedings of 1991.

....then becomes one of giving these rights in such a way that they cannot be abused. See, for example, 1] for a general introduction to delegation issues. An analogous approach to the one described here has been proposed by several authors as a solution to secure delegation see, for example, [5]. However, instead of the use of a public key certificate, special delegation tokens have been proposed. Note also that, as described in [2] issues can arise with any such solution since the originating user will have a copy of the private key generated for agent use. The user may use this key ....

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proceedings: 1991.

....be imposed by including the scope of the agent keys in the respective agent public key certificates. This scheme is in some respects analogous to the widely discussed notion of delegation using special delegation keys see, for example, 3] for an introduction to delegation issues and [6] for one approach to the use of delegation keys. 3.4 A brief comparison We now attempt to briefly compare the e#ciency of the above scheme with the e#ciency achievable using the Shoup threshold signature scheme, 5] For the purposes of the comparison we suppose that signatures for the scheme in ....

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proceedings: 1991.

....of the RA requires an external leverage relationship Method execution by the target on behalf of the RA requires an authorizing certificate (8. 5) Figure 8 3 Execution Implies Accountability 84 well reasoned certificate schemes for which interesting properties have been proven (e.g. [CV92, VAB91]) For the purposes of this analysis we are more interested in discovering those properties that are unique to Legion, due to its open nature. 8.5 Execution Requires a Certificate We now turn our attention to ensuring that the target is able to interpret and enforce the certificate scheme in ....

Varadharajan, V., P. Allen, and S. Black, "An Analysis of the Proxy Problem in Distributed Systems," Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 1991, pp. 255-275.

....interoperability. However current delegation protocols are inadequate for mobile systems. They often employ simple delegation schemes which consider the delegate indistinguishable from the delegator when performing authorization decisions. For example the proposed extensions to Kerberos[15] permit delegation but do not allow the delegator to restrict the delegate s rights. Even with the systems [4] supporting restricted delegation rights, the kind of restrictions which can be expressed are very limited. Cherubim includes a service speci c delegation protocol which meets the ....

Vijay Varadharajan, Phillip Allen, and Stewart Black. An analysis of the proxy problem in distributed systems. In IEEE Proceedings of the Symposium on Security and Privacy, pages 255{ 275, 1991.

....delegation problem as cascaded authentication, and proposes as a solution a restricted delegation mechanism called passports [21] that provides for authorization of servers. Varadharajan et al. propose a more general mechanism that incorporates both symmetric and asymmetric encryption [23]. Neuman s proxies are tokens that express restricted delegation [17] The PolicyMaker system has a notion of delegations with restrictions specified by arbitrary code [5] As we mention in Section 3, SPKI has a notion of restricted delegation close to the one we use. Because the only principals ....

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proceedings of the 1991 IEEE Symposium on Security and Privacy, pages 255--275, 1991.

....of the delegation, non repudiation in particular. Therefore, it shall not be further considered. Disallowing Unauthorized State Changes of Distributed Shared Objects 5 Delegation by warrant (called also delegation by a signed token) can be achieved either by a delegate proxy or a bearer proxy [10, 8]. In the delegate proxy scheme, the original signer creates a signed token indicating the designed proxy signer. The proxy signer then attaches this token to the signed message to indicate authority to act on behalf of the original signer. In the bearer proxy scenario, a warrant is composed of a ....

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proc. 1991 IEEE Symposium on Security and Privacy.

....messages. Therefore, we did not implement a secret communication sub framework for this protocol. The delegation protocol we use is similar to the passport scheme described in [Sol88] Our scheme is independent of any specific authentication protocol. Unlike the delegation protocols in Kerberos [VAB91] and the Distributed System Security Architecture (DSSA) GM90] which generate new delegation keys used by the underlying encryption primitives, the delegation protocol we describe here needs no specific information about the particular authentication protocol in use. The delegation protocol ....

Vijay Varadharajan, Phillip Allen, and Stewart Black. An Analysis of the Proxy Problem in Distributed Systems. In Proceedings of the Symposium on Security and Privacy, pages 255--275. IEEE, 1991.

....key authentication and uses the Privilege Server [4] as a delegation server [14] while the Gasser and McDermott model uses public key authentication methods. Other workers have concerned themselves with mechanisms for trustworthy transmission of delegated identities. Varadharajan et al. [15] proposes a method for chaining certificates in a shared secret key environment as well as a mechanism for nesting delegation tokens in a public key environment. Karen Sollins [13] provides a mechanism for nesting shared secret key delegation tokens. Both of these mechanisms for shared secret key ....

Varadharajan, V., P Allen, S. Black, "An Analysis of the Proxy Problem in Distributed Systems," Proceedings of the 1991 IEEE Symposium on Security and Privacy, IEEE Computer Society, 1991.

....insider attacks. 1. As Alice s secret x a can not be computed from the proxy secret (x ap ; K) and publicly known parameters, a corrupt proxy agent can not forge delegation of signature rights by itself. This prevents both illegal acquisition and propagation of proxy rights by chaining or nesting [10]. Also, a malicious third party that breaks in to the principal to steal the secret x a can not duplicate a previously generated proxy secret without knowing the random value x used in the key generation. Therefore a proxy signcryption by a proxy agent is unforgeable except in the case of a ....

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 255--275, 1991.

....we draw these examples from the literature. Some of the oddities and errors that we analyze have been documented previously (in particular, in [4] Other examples are new: protocols by Denning and Sacco [6] Hickman (Netscape) 11, 10] Lu and Sundareshan [14] Varadharajan, Allen, and Black [31], and Woo and Lam [34] We believe they are all instructive. Generally, we pick examples from the authentication literature, but the principles are applicable elsewhere, for example to electronic cash protocols (e.g. 17] We focus on traditional cryptography, and on protocols of the sort ....

....allow an intruder to deceive B [6] Once the importance of freshness of K ab is recognized, a solution may be found by using timestamps, as suggested by Denning and Sacco. In another solution, described in [23] B sends a nonce to S, and then S includes it in its certificate. 2 Example 9. 2 In [31], Varadharajan, Allen, and Black present several protocols for delegation in distributed systems. We take as an example the one for delegation in a Kerberos environment [31, p. 273] In this protocol, client B shares the key K bt with the authentication server; B has generated a timestamp T b and ....

V. Varadharajan, P. Allen, S. Black. "An Analysis of the Proxy Problem in Distributed Systems". Proceedings of the 1991 IEEE Symposium on Security and Privacy, pp. 255--275.

....some task using (some of) the rights of the delegator. The authorization lasts until some target object (end point) provides the service. The essence of secure delegation is to be able to verify that an object that claims to be acting on another s behalf, is indeed authorized to act on its behalf[27]. The problem becomes more complicated in practice when we consider mobile objects, agents and downloadable content being passed around an open network, where the initiator need not have a clue of where all its representative objects are passed around. Additionally, a number of practical issues ....

V. Varadharajan, P. Allen, and S. Black, " An Analysis of the Proxy Problem in Distributed Systems", Proceedings of the IEEE Symposium on Security and Privacy, 1991.

....In other words, A needs some means of passing on her trust in B to others. Thus A might give B some ticket signed by A stating that A trusts B. A need for a means of this sort has given rise to a number of proxy protocols by means of which A can pass on her trust in B to those who trust A (see [VAB91], for example, for a discussion) When we decide to pass on trust, we need to determine, not only what the mechanisms for passing on trust should be, but what the consequences of passing on the trust can be. To give a simple example, suppose that an action can only be performed by A and B acting ....

V. Varadharajan, P. Allen, and S. Black. An Analysis of the Proxy Problem in Distributed Systems. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 255--275. IEEE Computer Society Press, May 20-22 1991.

....whereby a principal in a distributed environment authorizes another principal to act on his behalf. We focus here on the delegation of rights. In a delegation we separate the following participating principals: ffl The delegating principal, also called the originator of the delegation [HaOh94, VaPB91] or grantor [Neum93] who authorizes another principal, ffl the delegated principal, also called the executor of the delegation [HaOh94] or grantee [Neum93] who acts on behalf of the delegating principal, ffl the final principal, also called end point [VaPB91] or end server [Neum93] ....

.... of the delegation [HaOh94, VaPB91] or grantor [Neum93] who authorizes another principal, ffl the delegated principal, also called the executor of the delegation [HaOh94] or grantee [Neum93] who acts on behalf of the delegating principal, ffl the final principal, also called end point [VaPB91] or end server [Neum93] This is the principal in a delegation who enforces the authorization, ffl the intermediary principals who are between the delegating and final principal. Note, that the delegated principal is also an intermediary principal. We denote a delegation from principal A to B ....

[Article contains additional citation context not shown here]

V. Varadharajan, P. Allen, S. Black, "An Analysis of the Proxy Problem in Distributed Systems", Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, (1991), pp. 255 -- 275.

....agent captures part of the authorization policy (which is more than the traditional capability) and the target has part of the policy which controls the behaviour of the agent in its environment. In a distributed environment, often the need for an entity to act on behalf of another arises [11]. This is particularly true in the case of mobile agents which often perform their actions on behalf of the sender. A delegation is a temporary permit issued by a delegator to a delegate that authorizes the delegate to act on its behalf in performing certain actions. In this case, the target needs ....

....and how and why only 4000 has been withdrawn by the agent. 4.2 Delegation In general, delegation refers to one entity acting on behalf of another. In a distributed system, this translates into a principal delegating some or all of its privileges to another principal to access some resources [11]. That is, principals may acquire privileges by virtue of co operation with others. The delegation could be static which is predetermined or may be dynamic which occurs during system operation. By definition, an agent is acting on behalf of some principal. In this model, a security agent is ....

[Article contains additional citation context not shown here]

V. Varadharajan, P. Allen, S. Black. "An Analysis of Proxy Problem in Distributed Systems". Proceedings of the Symposium on Security and Privacy, pp 255-275. IEEE, 1991.

No context found.

V.Varadharajan, P. Allen, and S. Black. An Analysis of the Proxy Problem in Distributed System. In Proceedings of the IEEE Symposium on Security and Privacy, 1991. 9

No context found.

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proceedings: 1991.

No context found.

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proceedings: 1991.

No context found.

V. Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed systems. In Proceedings of the 1991 IEEE Symposium on Security and Privacy, pages 255--275, 1991.

No context found.

V.Varadharajan, P. Allen, and S. Black. An analysis of the proxy problem in distributed system. In Proceedings of the IEEE Symposium on Security and Privacy, 1991. 7

No context found.

V. Varadhrajan, P. Allen and S. Black, An Analysis of the Proxy Problem in Distributed Systems, IEEE Computer Society Symposium on Security and Privacy, pp.255-275, 1991.

No context found.

Varadharajan, V., Allen, P., and Black, S., "An analysis of the proxy problem in distributed systems", Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, pp. 255-275.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC