Title: A Calculus for Access Control in Distributed Systems
Authors: M. Abadi, M. Burrows, B. Lampson, and G. Plotkin
Abstract:
- We study some of the concepts, protocols, and algorithms for
access control in distributed systems, from a logical perspective.
We account for how a principal may come to believe that another
principal is making a request, either on his own or someone else;s
behalf. We also provide a logical language for access control
lists, and theories for deciding whether requests shoud be granted.
Title: A Logic of Authentication
Authors: Michael Burrows, Martin Abdi, and Roger Needham
Abstract:
- Question of belief are essential in analyzing protocols for the
authentication of principals in distributed computing systems. In
this paper we motivate, set out, and exemplify a logic specifically
designed for this analysis; we show how various protocols differ
subtly with respect to the required initial assumptions of the
participants and their final beliefs. Our formalism has enabled us
to isolate and express these differences with a precision that was
not previously possible. It has drawn attention to features of
protocols of which we and their authors were previously unaware,
and allowed us to suggest improvements to the protocols. The
reasoning about some protocols has been mechanically verified.
Title: A Note on the Use of Timestamps as Nonces
Authors: B. Clifford Neuman and Stuart G. Stubblebine
Abstract:
- This note discusses the use of timestamps as nonces and
demostrates a nonce-based mutual-authentication protocol
requiring onlu four messages, one less than described in [KSL92],
and the same number of messages required fir mutual-authentication
in Kerberos. the note concludes by suggesting extensions to our
protocol that allow the use of verifier issued timestamps as
nonces while recovering some (through not all) of the benefits of
traditional timestamps.
Title: A Painless Guide to CRC Error Detection Algorithms
Authors: Ross N. Williams
Abstract:
- Everything you wanted to know about CRC algorithms, but were
afraid to ask for fear that erros in your understanding might be
detected.
Title: Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise
Authors: Steven M. Bellovin and Michael Merritt
Abstract:
- The encrypted key exchange (EKE) protocol is augmented so that
hosts do not store cleartext passwords. Cosequently, adversaries who
obtain the one-way encrypted password file may (i) secefully mimic
(spoof) the host to the user, and (ii) mount dictionary attacks
against the encrypted passwords, but cannot mimic the user to the
host. Moreoever, the important security propeties of EKE are
preserved - an active network attacker obtains insufficient
information to mount dictionary attacks. Two ways to accomplish
this are shown, one using digital signatures and one that relies on
a family of commutative one-way functions.
Title: Authentication and Delegation with Smart-cards
Authors: M. Abadi, M. Burrows, C. Kaufman, and B. Lampson
Abstract:
- The authentication of users in distributed systems posses
special problems because users lack the ability to encrypt and
decrypt. The same problems arise when users whish to delegate some
of their authority to nodes, after mutual authentication. In most
systems today, the users is forced to trust the node he wants to
user. In a more satisfactory design, the user carries a smart-card
with sufficient computing power to assist him; this card provides
encryption and decryption capabilities for authentication and
delegation. Authentication is relatively straight firward with a
sufficiently powerful smart-card. However, for practical reasons,
protocols that place few demands on smart-cards shoud be considered.
These protocols are subtle, as they rely on fairly complex trust
relations betweem the principals in the system (users, hosts,
services). In this paper, we discuss a range of public-key
smart-card protocols, and analyza their asumptions and the gurantees
they offer.
Title: Authentication in Distributed Systems: Theory and Practice
Authors: Butler Lampson, artin Abadi, Michael Burrows, and Edward Wobber
Abstract:
- We describe a theory of authentication and a system that
implements it. Out theory is based on the notion of principal and a
O spaks for O relation between principals. A simple principal either
has a name or is a comminication channel; a compound principal can
express an adopted role or delegated authority. The theory shows how
to reason about a principal Os authority by deducing the other
principals that can speak for; authenticating a channel is one
important application. We use the theory to explain many existing
and proposed security mechanisms. In particular, we describe the
system we have built. It passes principals efficiently as arguments
or results of remore procedure calls, and it handles public and
shared key encryption, name lookup in a large name space, groups
of principals, program loading, delegation, access control, and
revocation.
Title: Authentication in the Taos Operating System
Authors: Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber
Abstract:
- We describe a design for security in a distributed system and
its implementation. In our design, applications gain access to
security services through a narrow interface. This interface
provides a notion of identity that includes simple principals,
groups, roles, and delegations. A new operating system component
manages principals, credentials, and secure channels. It checks
credentials according to the formal rules of a logic of
authenticaion. Our implementation is efficient enough to support
a substantial user community.
Title: Charon: Kerberos Extensions For Authentication Over Secondary Networks
Authors: Derek A. Atkins
Abstract:
- This thesis describes extensions to the Kerberos Authentication
System to enable a secure method of Authentication over multiple
networks. Kerberos was designed with a fully-connected IP network in
mind, however when you add dialup capabilities to the picture,
Kerberos doesn't expand to secure the whole connection. Charon was
created to tackle this problem. It was developed to provide a way to
securely authenticate to a login server over a modem connection,
without allowing a passive attacker to gain enough information to
impersonate the user. This means that a user can log into a
Kerberized host without typing his password in clear-text over the
phone. In addition, no modifications to the login server's base
operating system need to be made in order to accomplish this.
Title: Designing an Authentication System: a Dialogue in Four Scenes
Authors: Bill Bryann
Abstract:
- This dialogue provides a fictitious account of the design of an
open-network authentication system called "Charon." As the dialogue
progresses, the characters Athena and Euripides discover the problems
of security inherent in an open network environment. Each problem
must be addressed in the design of Charon, and the design evolves
accordingly. Athena and Euripides don't complete their work until the
dialogue's close. When they finish designing the system, Athena
changes the system's name to "Kerberos," the name, coincidentally
enough, of the authentication system that was designed and implemented
at MIT's Project Athena. The dialogue's "Kerberos" system bears a
striking resemblence to the system described in Kerberos: An
Authentication Service for Open Network Systems presented at the
Winter USENIX 1988, at Dallas, Texas.
Title: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks
Authors: Steven M. Bellowin and Michael Merritt
Abstract:
- Classical cryptographic protocols based on user-chosen keys
allow an attacker to mount password-guessing attacks. We introduce
a novel combination of asymetric (public-key) and symetric
(secret-key) cryptography that allows two parties sharing a common
password to exchange confidentiak abd authenticated information over
an insecure network. These protocols are secure against active
attacks, and have the property that the password is protected
against off-line "dictionary" attacks. There are a number of other
useful applications as well, including secure public telnetphones.
Title: Kerberos: An Authentication Service for Open Network Systems
Authors: Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller
Abstract:
- In an open network computing environment, a workstation cannot be
trusted to identify its users correctly to network services. Kerberos
provides an alternative approach whereby a trusted third-party
authentication service is used to verify users' identities. This paper
gives an overview of the Kerberos authentication model as implemented
for MIT's Project Athena. It describes the protocols used by clients,
servers, and Kerberos to achieve authentication. It also describes the
management and replication of the database required. The views of
Kerberos as seen by the user, programmer, and administrator are
described. Finally, the role of Kerberos in the larger Athena picture
is given, along with a list of applications that presently use
Kerberos for user authentication. We describe the addition of Kerberos
authentication to the Sun Network File System as a case study for
integrating Kerberos with an existing application.
Title: KryptoKnight Authentication and Key Distribution System
Authors: Refik Molva Gene Tsudik Els Van Herreweghen Stefano Zatti
Abstract:
- This paper describes KryptoKnight, an authentication and key
distribution system that provides facilities for secure communication
in any type of network environment. KryptoKnight was designed with the
goal of providing network security services with a high degree of
compactness and flexibility. Message compactness of KryptoKnight's
protocols allows it to secure communication protocols at any layer,
without requiring any major protocol augmentations in order to
accommodate security-related information. Moreover, since KryptoKnight
avoids the use of bulk encryption it is easily exportable. Owing to
its architectural flexibility, KryptoKnight functions at both
endpoints of communication can perform different security tasks
depending on the particular network configuration. These and other
novel features make KryptoKnight an attractive solution for providing
security services to existing applications irrespective of the
protocol layer, network configuration or communication
paradigm.
Title: Limitations Of The Kerberos Authentication System
Authors: Steven M. Bellovin Michael Merritt
Abstract:
- The Kerberos authentication system, a part of MIT's Project Athena,
has been has adopted by other organizations. Despite Kerberos's many
strengths, it has a number of limitations and some weaknesses. Some
are due to specifics of the MIT environment; others represent
deficiencies in the protocol design. We discuss a number of such
problems, and present solutions to some of them. We also demonstrate
how special-purpose cryptographic hardware may be needed in some
cases.
Title: Long Running Jobs in an Authenticated Environment
Authors: Aviel Rubin Peter Honeyman
Abstract:
- Current authentication systems require that a user have a valid token
or ticket for a job to run. These tickets are issued with limited
lifetimes, and their renewal requires a user to enter her password. We
have developed a system called lat with which a user may schedule a
batch job to be run at a later date in the current environment. The
batch job is stored on a secure machine, and sent and received only in
encrypted form. When it is time for the job to run, the server
generates a ticket for the original user and sends it (encrypted) to
the machine on which the job will run. The user is given an option to
specify that tickets should be continually generated for the job until
its execution has completed.
Title: Prudent Engineering Practice for Cryptographic Protocols
Authors: Martin Abedi and Roger Needham
Abstract:
- We present principles for designing cryptographic protocols. The
principles are neither necessary nor sufficient for correctness.
They are however helpful, in that adherence to them would have
prevented a number of published erros. Our principles are
informal guidelines; they complement formal methods, but do not
assume them. In order to demonstrate the actual applicability of
these guidelines, we discuss some instructive examples from the
literature.
Title: Securre RPC Authentication (SRA) for TELNET and FTP
Authors: David R. Safford, David k. Hess, and Douglas Lee Scholes
Abstract:
- TELNET and FTP currently exchange authentication (passwords) in
plain text, which is easily eavesdropped. Several techniques, such as
Kerberos and SFX, have been proposed in draft RFCs to implement
secure authentication. These techniques, however, have several
drawbacks, including technical complexity, poor vendor support, and
organizational problems. This paper presents SRA, a very simply and
tested technique based on Secure RPC which, while certainly not
as strong as RSA, is reasonably strong, fast, and trivial to
implement immediately for both inter and intra domain communication.
Title: Security Problems in the TCP/IP Protocol Suite
Authors: Steven M. Bellovin
Abstract:
- The TCP/IP protocol suite, which is very widely used today, was
developed under the sponsorship of the Department of Defense. Despite
that, there are a number of serious security flaws inherent in the
protocols, regardless of the correctness of any implementations. We
describe a variety of attacks based on these flaws, including sequence
number spoofing, routing attacks, source address spoofing, and
authentication attacks. We also present defenses against these
attacks, and conclude with a discussion of broad-spectrum defenses
such as encryption.
Title: The Scope of a Logic Authentication
Authors: Micheal Burrows, Martin Abadi, and Roger Needham
Abstract:
- Appendix to the paper A Logic of Authentication, DEC's SRC
report 39.
Title: Trusted Distribution of Software Over the Internet
Authors: Aviel D. Rubin
Abstract:
- This paper offers a solution to a problem of software
distribution on the Internet. The problem is that malicious software
can be posted to the public with no accountability. When this
software is run, it inherits the privileges of the user who runs it.
Unfortunately, it is very common for users to execute software
obtained on th eInternet with no assurance that it is genuine. The
solution offered here utilizes a trusted thrid party that signs
certificates to identify the author of a program and to assure its
integrity. A detailed design is provided. finally, Bellcore's
Trusted Software Integrity (Betsi) System, an inplementation of the
design, is presented.
Title: User Authentication Devices
Authors: Liudvikas Bukys
Abstract:
- The document is a file with a summary of a survey on
currently-available hand-held authentication devices (as of March 9,
1994)
|