A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, 1993. 108  Home/Search   Document Not in Database   Summary   Related Articles   Check

....can, for example, be used to exchange a session key between two parties, to establish mutual authentication, maybe both these two at once, establishing the presence of a participant, or all three at the same time. These protocols are usually quite short, fewer than ten messages is normal [87] . However, it is surprisingly difficult to construct protocols that meet the goals the protocol was meant to meet [14, 3, 15] One of the reasons is the difficulty of expressing precisely what the goals are. The remedy we will discuss here, is logics of authentication, with which protocols ....

LIEBL, A. Authentication in Distributed Systems: A Bibliography. ACM Operating Systems Review 27, 4 (Oct. 1993), 31--41.

....of the peer if the contents of the call or telefax is confidential or if a certificate for a telefax transmission is needed. Simply misdirecting a telefax may cause severe financial and social consequences as it is vividly described in [6] 2 Authentication Protocols Authentication protocols [12] describe the sequence and the composition of messages that must be exchanged in order to prove the identity of communicating entities. They also describe the way these messages are to be constructed including parameters and use of encryption. Both parties 1 shall be sure of the identity of the ....

A. Liebl, "Authentication in Distributed Systems: A Bibliography", ACM Operating Systems Review, Vol. 27, No. 4, October, 1993, pp. 31-41

....due to constraints imposed by the lower networking levels. One difficulty is that some of these are hard to do efficiently, and above all a network peripheral is useless if it isn t fast. The concerns of security can be divided into several parts, well known to programmers of distributed systems[42], but not common issues for peripherals: ffl authentication of authority to execute a given command ffl authentication of source of data and command status ffl integrity of data ffl privacy of data Another important element in the security of the data on the disk drive in a system is that it ....

A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, Oct. 1993.

....features of the BAN logic have been published. According to Liebl it is difficult to prove properties of the BAN logic, such as completeness, and the logic does not take into consideration the release of message contents and the interaction of the runs at different time of the same protocol [54]. Nessett criticised BAN logic about its claimed goals of authentication [55] He constructed a specific example in order to demonstrate the BAN logic s failure to discover flaws which violate security in a basic sense. Snekkenes examined the BAN logic s limitation of providing partial correctness ....

Liebl A., Authentication in Distributed Systems: A bibliography, ACM Operating Systems Review, Vol. 27, No. 4, (1993) 31-41.

....explicit representation of the use of cryptography in protocols. There are by now many other notations for describing security protocols. Some, which have long been used in the authentication literature, have a fairly clear connection to the intended implementations of those protocols (see, e.g. [NS78, Lie93]) Their main shortcoming is that they do not provide a precise and solid basis for reasoning about protocols. Other notations (e.g. BAN89] are more formal, but their relation to implementations may be more tenuous or subtle. The spi calculus is a middle ground: it is directly executable and it ....

A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, 1993. 108

....protocol is a sequence of messages that two principals undertake to perform mutual authentication. The first significant such protocol was due to Needham and Schroeder [18] which gained added notoriety when it was shown to be flawed. Table 1 lists several known authentication protocols [14], where PK, SK and OF refer to public key, private key and one way functions respectively. There are several implementations of authentication systems available, with Kerberos [16] being the most popular. Kerberos was developed at MIT with DEC during their joint Project Athena, and forms the ....

A. Liebl. Authentication in distributed systems: a bibliography. ACM Operating Systems Review, 27(6):31--41, 1993.

....in order to fully enjoy the issues considered in this paper. A better place to start would be [Needham93] Then focus on authentication by means of [BAN90] including the appendix [Burrows94] Follow up with [Abadi94] and [Gong90] A survey of authentication in distributed systems can be found in [Liebl93]. A tutorial in security at large is available in [Stallings95] Channels and Encryption Encryption Channels There is more to key identifiers than meet the eye. The most important issue is that it is impossible to know whether a message has been correctly decrypted unless one knows the contents ....

A. Liebl. Authentication in Distributed Systems: A Bibliography. ACM Operating System Report, 27(4):31--41, October 993.

....on the successes of formal methods used to discover different types of flaws. Several categories of flaws are defined along with techniques for avoiding them. Thus, an indirect benefit to formal methods for authentication protocol analysis is that general categories of flaws are identified. Liebl [41] provides a bibliography of protocols and logics of protocols for authentication. A few specification techniques for authentication protocols have been published [48, 77, 88, 91] and several formal analysis techniques have been proposed. In particular, the use of predicate logic for the analysis ....

Armin Liebl. Authentication in distributed systems: A bibliography. Operating System Review, 27(4):31--41, October 1993.

....claims an identity) and verification (the process whereby the claim of identity is checked) Authentication protocols are used for authentication, which apply cryptography for security. 1. 1 Design Aspects of Authentication Protocols The two types of threats that can affect a distributed system [Lieb93] are: ffl host compromise, where a host is under the control of an intruder ffl communication compromise, where the communication lines are under the control of an intruder. The intruder can eavesdrop, modify insert delete messages or replay old messages. Some of the issues to be addressed ....

....where a host is under the control of an intruder ffl communication compromise, where the communication lines are under the control of an intruder. The intruder can eavesdrop, modify insert delete messages or replay old messages. Some of the issues to be addressed while designing protocols are [Lieb93]: ffl Replay: Can messages or parts of messages be used for masquerading in future protocol runs ffl Insider attacks: Can a legitimate user of the system use information obtained while in one role to apply to a task in another role ffl Password guessing attacks: Can a malicious user get the ....

[Article contains additional citation context not shown here]

A. Liebl. Authentication in distributed systems: a bibliography. Operating Systems Review V27 N4, October 1993

.... may or may not lose secrets) For more information on other formal methods aiming at verifying cryptographic protocols, the reader is referred to the seminal paper [4] to the survey [8] for the logic of beliefs approach, to [12] for the model checking approach, and to the two general surveys [14, 11]. To sum up, Clap is a restricted language that captures the essentials of Bolignano s approach to verifying cryptographic protocols, an approach that scales well to large cryptographic and electronic commerce protocols. We have described its main design principles: sporting as many features as ....

A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, 1993.

....contains authoritative descriptions of the connected computers, of the purposes for which they are used, or the individuals who use them [Nee78] Thus, authentication becomes a more serious issue when distributed systems are dealt with. In a distributed system, the authentication can be classified [Lie93] into three types: ffl message content authentication. This involves the verification of the content of a message to ensure that it is the same as the message that was sent. ffl origin authentication. This involves the verification of the origin of the message, to ensure that the actual source of ....

A.Liebl. Authentication in Distributed Systems: A Bibliography. Operating Systems Review V27 N4, pp. 31--41, October 1993

....This allows the formulation of the protocol, the assumptions and the goals in formal logic. The security of the protocol can be proved using the axioms and rules of the logic. There are two approaches to modal logic that can be used for protocol analysis, logic of belief and logic of knowledge [Lie93]. To prove the correct functionality of the protocol, the logic of belief is to be used as it is framed on the view of a legitimate user, and if the security aspects of the protocols are of ultimate importance, the logic of knowledge is to be applied as it is framed with the view of an intruder. ....

....of communication. The logic has been helpful in uncovering subtleties and improving existing authentication protocols. It has been used in discovering previously unknown flaws and redundant messages and encryptions in cryptographic protocols. But BAN logic does have its limits. Researchers [Lie93] point out that: ffl It is very difficult to prove properties of BAN logic such as completeness and correctness. ffl As the cryptographic protocols are viewed at a high level of abstraction, it is not possible to use BAN logic, without adding new rules, for protocols taking advantage of ....

A.Liebl. Authentication in distributed systems: a bibliography. Operating Systems Review V27 N4, October 1993

....his home RCAP daemon D k , C ij and D k must authenticate each other. In principle, C ij has to show that he s acting on U i s behalf, and D k has to show that he s U i s (and thus C ij s) home RCAP daemon. There are many authentication protocols available that can be used for this purpose [26]. They all require either a secret to be shared between U i and D k , or the use of public key cryptography: ffl With regard to the first possibility, the secret shared between U i and D k may be a personal identification number (PIN) a password, or a secret key. In the first two cases, a single ....

A. Liebl, "Authentication in Distributed Systems: A Bibliography", ACM Operating Systems Review, vol. 27, pp. 31 -- 41, 1993.

....key available, or has the possibility to infer trust in the server s key. This must also be the case when the credentials are presented by (someone who claims to be) the server itself. When the user has sufficient connectivity, the key distribution can be performed by a variety of protocols, see [5] for examples. In the case of sufficient communication bandwidth, verification of certificates can also be done, for example by an on line agent, as described in [4, section 5.1] Each user must build up trust in the keys he assembles, and assemble keys he believes belong to users that are willing ....

Liebl, A. Authentication in Distributed Systems: A Bibliography. ACM Operating Systems Review 27, 4 (October 1993), 31--41.

.... technique for the user to obtain the server s key is not (yet) part of Frtp, and it will not be given further treatment; we will in the following assume that U believes Ks 7 S: Notice that in cases where the user has good connectivity, the key distribution can be done by a variety of protocols [Liebl93]. 2 Again, it must be stressed that both principals are assumed to be honest. 5 The Goals The exchange of messages has as its goal in get to a situation where the server and the client have trust in each others presence. The authentication phase is complete when U believes S believes X (HG1) ....

Armin Liebl. Authentication in distributed systems: A bibliography. Operating Systems Review, 27(4):31--41. ACM, October 1993.

....explicit representation of the use of cryptography in protocols. There are by now many other notations for describing security protocols. Some, which have long been used in the authentication literature, have a fairly clear connection to the intended implementations of those protocols (see, e.g. [NS78, Lie93]) Their main shortcoming is that they do not provide a precise and solid basis for reasoning about protocols. Other notations (e.g. BAN89] are more formal, but their relation to implementations may be more tenuous or subtle. The spi calculus is a middle ground: it is directly executable and it ....

A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, 1993.

....explicit representation of the use of cryptography in protocols. There are by now many other notations for describing security protocols. Some, which have long been used in the authentication literature, have a fairly clear connection to the intended implementations of those protocols (see, e.g. [NS78, Lie93]) Their main shortcoming is that they do not provide a precise and solid basis for reasoning about protocols. Other notations (e.g. BAN89] are more formal, but their relation to implementations may be more tenuous or subtle. The spi calculus is a middle ground: it is directly executable and it ....

A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, 1993.

....for modern distributed systems which face the need of secure communication over an insecure network. The key idea is to rely on cryptographic primitives (shared and public key encryption, hashing etc. to guarantee security properties viz. confidentiality, integrity or authentication (see [8,11,16,27] for an introduction) Yet the presence of well designed cryptographic primitives is far from guaranteeing such security properties. On the contrary, most secure systems are not broken by cryptographic attacks, but rather by exploiting operational blunders [4] and logical errors in the protocol ....

....over a clearly defined communication network. Each participant may function asynchronously. and has access to a basic set of cryptographic utilities. 1 The attacks we are worried about and that the protocol guarantee to fight off. 2 An introduction to security protocols can be found in [8,21,16] and an high level analysis in [6,11] A practical overview can also be found in [27] Furthermore each participant has a basic computational power. may apply cryptographic transformation, make decision and generate messages. a participant may combine a priori knowledge with the ....

[Article contains additional citation context not shown here]

A. Liebl. Authentication in distributed system: A bibliography. Operating Systems Review, 27(4):31--41, October 1993.

....Cryptographic protocols, as used in distributed systems for authentication and related purposes, are prone to design errors of every kind. Over time, various formalisms have been proposed for investigating and analyzing protocols to see whether they contain blunders. Liebl s bibliography [13] includes references to protocols and formalisms. Although sometimes useful, these formalisms do not of themselves suggest design rules; they are not directly beneficial in preventing trouble. We present principles for the design of cryptographic protocols. The principles are not necessary for ....

A. Liebl. "Authentication in Distributed Systems: A Bibliography". Operating Systems Review Vol. 27, No. 4, October 1993, pp. 31--41.

....techniques to the proof of authenticity and secrecy properties of cryptographic protocols. 1 From Cryptography to Testing Equivalence The idea of controlling communication by capabilities underlies both the pi calculus and much of the current work on security in distributed systems (see e.g. [MPW92, Lie93, Sch96b]) In the pi calculus, channel names are capabilities; a process can use a channel only if it has invented or been given the name of the channel, but cannot guess this name. In work on security, on the other hand, the capabilities for communication are often keys, which are used for encrypting and ....

A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, 1993.

.... involved in every instance of an authentication exchange, e.g. Kerberos; 49] or off line 3 (one or more trusted parties support authentication without being involved in each instance of authentication) Liebl provides a comprehensive bibliography on authentication in distributed systems in [25]. Notable publications investigating the concept of authentication as a basis for other security services are [7, 33, 8] 23] 37] 18] and [54] 4.2 Integrity Function (IF) The integrity function protects communication traffic from unnoticed and unauthorized modifications, such as ....

A. Liebl. Authentication in Distributed Systems: A Bibliography. ACM Operating Systems Review, pages 31--41, Oct. 1993.

....ij and D k must authenticate each other. In principle, C ij has to show that he s acting on U i s behalf, and D k has to show that he s U i s (and thus C ij s) home RCAP daemon. There are several authentication protocols available today that can be used for this task. An overview is given in [28]. The protocols require either a secret to be shared between U i and D k , or the use of public key cryptography: With regard to the first possibility, the secret shared between U i and D k may be a personal identification number (PIN) or a password. In this case, a single sign on mechanism ....

A. Liebl. Authentication in Distributed Systems: A Bibliography. ACM Operating Systems Review, 27(1):31 -- 41, 1993.

No context found.

A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, 1993. 108

No context found.

A. Liebl. Authentication in distributed systems: A bibliography. ACM Operating Systems Review, 27(4):31--41, 1993.

No context found.

Liebl, Armin, "Authentication in Distributed Systems: A Bibliography", Operating Systems Review, Volume 27, Number 4, October 1993, pp. 31-41.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC