[ Search ] [ What's New? ] [ About ]
[ Bugs ] [ Misc ] [ Mailing Lists ] [ Newgroups ] [ NewsWire ] [ Papers ] [ People ]
[ Pictures ] [ Publications ] [ Responce Teams ] [ Tools ] [ Upcoming Events ] [ Web Sites ]

Authentication

Title: A Calculus for Access Control in Distributed Systems
Authors: M. Abadi, M. Burrows, B. Lampson, and G. Plotkin
Abstract:
We study some of the concepts, protocols, and algorithms for access control in distributed systems, from a logical perspective. We account for how a principal may come to believe that another principal is making a request, either on his own or someone else;s behalf. We also provide a logical language for access control lists, and theories for deciding whether requests shoud be granted.

Title: A Logic of Authentication
Authors: Michael Burrows, Martin Abdi, and Roger Needham
Abstract:
Question of belief are essential in analyzing protocols for the authentication of principals in distributed computing systems. In this paper we motivate, set out, and exemplify a logic specifically designed for this analysis; we show how various protocols differ subtly with respect to the required initial assumptions of the participants and their final beliefs. Our formalism has enabled us to isolate and express these differences with a precision that was not previously possible. It has drawn attention to features of protocols of which we and their authors were previously unaware, and allowed us to suggest improvements to the protocols. The reasoning about some protocols has been mechanically verified.

Title: A Note on the Use of Timestamps as Nonces
Authors: B. Clifford Neuman and Stuart G. Stubblebine
Abstract:
This note discusses the use of timestamps as nonces and demostrates a nonce-based mutual-authentication protocol requiring onlu four messages, one less than described in [KSL92], and the same number of messages required fir mutual-authentication in Kerberos. the note concludes by suggesting extensions to our protocol that allow the use of verifier issued timestamps as nonces while recovering some (through not all) of the benefits of traditional timestamps.

Title: A Painless Guide to CRC Error Detection Algorithms
Authors: Ross N. Williams
Abstract:
Everything you wanted to know about CRC algorithms, but were afraid to ask for fear that erros in your understanding might be detected.

Title: Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise
Authors: Steven M. Bellovin and Michael Merritt
Abstract:
The encrypted key exchange (EKE) protocol is augmented so that hosts do not store cleartext passwords. Cosequently, adversaries who obtain the one-way encrypted password file may (i) secefully mimic (spoof) the host to the user, and (ii) mount dictionary attacks against the encrypted passwords, but cannot mimic the user to the host. Moreoever, the important security propeties of EKE are preserved - an active network attacker obtains insufficient information to mount dictionary attacks. Two ways to accomplish this are shown, one using digital signatures and one that relies on a family of commutative one-way functions.

Title: Authentication and Delegation with Smart-cards
Authors: M. Abadi, M. Burrows, C. Kaufman, and B. Lampson
Abstract:
The authentication of users in distributed systems posses special problems because users lack the ability to encrypt and decrypt. The same problems arise when users whish to delegate some of their authority to nodes, after mutual authentication. In most systems today, the users is forced to trust the node he wants to user. In a more satisfactory design, the user carries a smart-card with sufficient computing power to assist him; this card provides encryption and decryption capabilities for authentication and delegation. Authentication is relatively straight firward with a sufficiently powerful smart-card. However, for practical reasons, protocols that place few demands on smart-cards shoud be considered. These protocols are subtle, as they rely on fairly complex trust relations betweem the principals in the system (users, hosts, services). In this paper, we discuss a range of public-key smart-card protocols, and analyza their asumptions and the gurantees they offer.

Title: Authentication in Distributed Systems: Theory and Practice
Authors: Butler Lampson, artin Abadi, Michael Burrows, and Edward Wobber
Abstract:
We describe a theory of authentication and a system that implements it. Out theory is based on the notion of principal and a O spaks for O relation between principals. A simple principal either has a name or is a comminication channel; a compound principal can express an adopted role or delegated authority. The theory shows how to reason about a principal Os authority by deducing the other principals that can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed security mechanisms. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remore procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, program loading, delegation, access control, and revocation.

Title: Authentication in the Taos Operating System
Authors: Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber
Abstract:
We describe a design for security in a distributed system and its implementation. In our design, applications gain access to security services through a narrow interface. This interface provides a notion of identity that includes simple principals, groups, roles, and delegations. A new operating system component manages principals, credentials, and secure channels. It checks credentials according to the formal rules of a logic of authenticaion. Our implementation is efficient enough to support a substantial user community.

Title: Charon: Kerberos Extensions For Authentication Over Secondary Networks
Authors: Derek A. Atkins
Abstract:
This thesis describes extensions to the Kerberos Authentication System to enable a secure method of Authentication over multiple networks. Kerberos was designed with a fully-connected IP network in mind, however when you add dialup capabilities to the picture, Kerberos doesn't expand to secure the whole connection. Charon was created to tackle this problem. It was developed to provide a way to securely authenticate to a login server over a modem connection, without allowing a passive attacker to gain enough information to impersonate the user. This means that a user can log into a Kerberized host without typing his password in clear-text over the phone. In addition, no modifications to the login server's base operating system need to be made in order to accomplish this.

Title: Designing an Authentication System: a Dialogue in Four Scenes
Authors: Bill Bryann
Abstract:
This dialogue provides a fictitious account of the design of an open-network authentication system called "Charon." As the dialogue progresses, the characters Athena and Euripides discover the problems of security inherent in an open network environment. Each problem must be addressed in the design of Charon, and the design evolves accordingly. Athena and Euripides don't complete their work until the dialogue's close. When they finish designing the system, Athena changes the system's name to "Kerberos," the name, coincidentally enough, of the authentication system that was designed and implemented at MIT's Project Athena. The dialogue's "Kerberos" system bears a striking resemblence to the system described in Kerberos: An Authentication Service for Open Network Systems presented at the Winter USENIX 1988, at Dallas, Texas.

Title: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks
Authors: Steven M. Bellowin and Michael Merritt
Abstract:
Classical cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. We introduce a novel combination of asymetric (public-key) and symetric (secret-key) cryptography that allows two parties sharing a common password to exchange confidentiak abd authenticated information over an insecure network. These protocols are secure against active attacks, and have the property that the password is protected against off-line "dictionary" attacks. There are a number of other useful applications as well, including secure public telnetphones.

Title: Kerberos: An Authentication Service for Open Network Systems
Authors: Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller
Abstract:
In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted third-party authentication service is used to verify users' identities. This paper gives an overview of the Kerberos authentication model as implemented for MIT's Project Athena. It describes the protocols used by clients, servers, and Kerberos to achieve authentication. It also describes the management and replication of the database required. The views of Kerberos as seen by the user, programmer, and administrator are described. Finally, the role of Kerberos in the larger Athena picture is given, along with a list of applications that presently use Kerberos for user authentication. We describe the addition of Kerberos authentication to the Sun Network File System as a case study for integrating Kerberos with an existing application.

Title: KryptoKnight Authentication and Key Distribution System
Authors: Refik Molva Gene Tsudik Els Van Herreweghen Stefano Zatti
Abstract:
This paper describes KryptoKnight, an authentication and key distribution system that provides facilities for secure communication in any type of network environment. KryptoKnight was designed with the goal of providing network security services with a high degree of compactness and flexibility. Message compactness of KryptoKnight's protocols allows it to secure communication protocols at any layer, without requiring any major protocol augmentations in order to accommodate security-related information. Moreover, since KryptoKnight avoids the use of bulk encryption it is easily exportable. Owing to its architectural flexibility, KryptoKnight functions at both endpoints of communication can perform different security tasks depending on the particular network configuration. These and other novel features make KryptoKnight an attractive solution for providing security services to existing applications irrespective of the protocol layer, network configuration or communication paradigm.

Title: Limitations Of The Kerberos Authentication System
Authors: Steven M. Bellovin Michael Merritt
Abstract:
The Kerberos authentication system, a part of MIT's Project Athena, has been has adopted by other organizations. Despite Kerberos's many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent deficiencies in the protocol design. We discuss a number of such problems, and present solutions to some of them. We also demonstrate how special-purpose cryptographic hardware may be needed in some cases.

Title: Long Running Jobs in an Authenticated Environment
Authors: Aviel Rubin Peter Honeyman
Abstract:
Current authentication systems require that a user have a valid token or ticket for a job to run. These tickets are issued with limited lifetimes, and their renewal requires a user to enter her password. We have developed a system called lat with which a user may schedule a batch job to be run at a later date in the current environment. The batch job is stored on a secure machine, and sent and received only in encrypted form. When it is time for the job to run, the server generates a ticket for the original user and sends it (encrypted) to the machine on which the job will run. The user is given an option to specify that tickets should be continually generated for the job until its execution has completed.

Title: Prudent Engineering Practice for Cryptographic Protocols
Authors: Martin Abedi and Roger Needham
Abstract:
We present principles for designing cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have prevented a number of published erros. Our principles are informal guidelines; they complement formal methods, but do not assume them. In order to demonstrate the actual applicability of these guidelines, we discuss some instructive examples from the literature.

Title: Securre RPC Authentication (SRA) for TELNET and FTP
Authors: David R. Safford, David k. Hess, and Douglas Lee Scholes
Abstract:
TELNET and FTP currently exchange authentication (passwords) in plain text, which is easily eavesdropped. Several techniques, such as Kerberos and SFX, have been proposed in draft RFCs to implement secure authentication. These techniques, however, have several drawbacks, including technical complexity, poor vendor support, and organizational problems. This paper presents SRA, a very simply and tested technique based on Secure RPC which, while certainly not as strong as RSA, is reasonably strong, fast, and trivial to implement immediately for both inter and intra domain communication.

Title: Security Problems in the TCP/IP Protocol Suite
Authors: Steven M. Bellovin
Abstract:
The TCP/IP protocol suite, which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols, regardless of the correctness of any implementations. We describe a variety of attacks based on these flaws, including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defenses such as encryption.

Title: The Scope of a Logic Authentication
Authors: Micheal Burrows, Martin Abadi, and Roger Needham
Abstract:
Appendix to the paper A Logic of Authentication, DEC's SRC report 39.

Title: Trusted Distribution of Software Over the Internet
Authors: Aviel D. Rubin
Abstract:
This paper offers a solution to a problem of software distribution on the Internet. The problem is that malicious software can be posted to the public with no accountability. When this software is run, it inherits the privileges of the user who runs it. Unfortunately, it is very common for users to execute software obtained on th eInternet with no assurance that it is genuine. The solution offered here utilizes a trusted thrid party that signs certificates to identify the author of a program and to assure its integrity. A detailed design is provided. finally, Bellcore's Trusted Software Integrity (Betsi) System, an inplementation of the design, is presented.

Title: User Authentication Devices
Authors: Liudvikas Bukys
Abstract:
The document is a file with a summary of a survey on currently-available hand-held authentication devices (as of March 9, 1994)


Aleph One / aleph1@underground.org
Copyright © 1996 Computer Underground Society. All rights reserved.