Aviel D. Rubin,
Trusted Distribution of Software over the Internet
Abstract: This paper offers a solution to a problem of software distribution on the Internet. The problem is that malicious software can be posted to the public with no accountability. When this software is run, it inherits the privileges of the user who runs it. Unfortunately, it is very common for users to execute software obtained on the Internet with no assurance that it is genuine. The solution offered here utilizes a trusted third party that signs certificates to identify the author of a program and to secure its integrity. A detailed design is provided. Finally,Bellcore's Trusted Software Integrity (Betsi) System, an implementation of the design, is presented.
Derek A. Atkins,
Charon: Kerberos Extensions For Authentication Over Secondary
Abstract: This thesis describes extensions to the Kerberos Authentication System to enable a secure method of Authentication over multiple networks. Kerberos was designed with a fully-connected IP network in mind, however when you add dialup capabilities to the picture, Kerberos doesn't expand to secure the whole connection. Charon was created to tackle this problem. It was developed to provide a way to securely authenticate to a login server over a modem connection, without allowing a passive attacker to gain enough information to impersonate the user. This means that a user can log into a Kerberized host without typing his password in clear-text over the phone. In addition, no modifications to the login server's base operating system need to be made in order to accomplish this.
User Authentication Devices
Abstract: The document is a file with a summary of a survey on currently available hand-held authentication devices (as of March 9, 1994)
Michael Burrows, Martin Abadi, Roger Needham,
The Scope of a Logic of Authentication
Abstract: SRC Research Report 39 was originally published on February 28, 1989, and revised on February 22, 1990. This is an appendix to the revised version. The main body of the revised version is available separately. (see SRC-039.ps)
Michael Burrows, Martin Abadi, Roger Needham,
A Logic of Authentication
Abstract: Questions of belief are essential in analyzing protocols for the authentication of principals in distributed computing systems. In this paper we motivate, set out, and exemplify a logic specifically designed for this analysis; we show how various protocols differ subtly with respect to the required initial assumptions of the participants and their final beliefs. Our formalism has enabled us to isolate and express these differences with a precision that was not previously possible. It has drawn attention to features of protocols of which we and their authors were previously unaware, and allowed us to suggest improvements to the protocols. The reasoning about some protocols has been mechanically verified. This paper starts with an informal account of the problem, goes on to explain the formalism to be used, and gives examples of its application to protocols from the literature, both with shared-key cryptography and with public-key cryptography. Some of the examples are chosen because of their practical importance, while others serve to illustrate subtle points of the logic and to explain how we use it. We discuss extensions of the logic motivated by actual practice - for example, in order to account for the use of hash functions in signatures. The final sections contain a formal semantics of the logic and some conclusions.
M. Abadi, M. Burrows, C. Kaufman, B.
Authentication and Delegation with Smart-cards
Abstract: The authentication of users in distributed systems poses special problems because users lack the ability to encrypt and decrypt. The same problems arise when users wish to delegate some of their authority to nodes, after mutual authentication. In most systems today, the user is forced to trust the node he wants to use. In a more satisfactory design, the user carries a smart-card with sufficient computing power to assist him; the card provides encryption and decryption capabilities for authentication and delegation. Authentication is relatively straightforward with a sufficiently powerful smart-card. However, for practical reasons, protocols that place few demands on smart-cards should be considered. These protocols are subtle, as they rely on fairly complex trust relations between the principals in the system (users, hosts, services). In this paper, we discuss a range of public-key smart-card protocols, and analyze their assumptions and the guarantees they offer.
M. Abadi, M. Burrows, B.
Lampson, G. Plotkin,
A Calculus for Access Control in Distributed
Abstract: We study some of the concepts, protocols, and algorithms for access control in distributed systems, from a logical perspective. We account for how a principal may come to believe that another principal is making a request, either on his own or on someone else's behalf. We also provide a logical language for access control lists, and theories for deciding whether requests should be granted.
Lampson, Martin Abadi,
Michael Burrows, Edward Wobber,
Authentication in Distributed Systems: Theory and
Abstract: We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a "speaks for" relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegation of authority. The theory shows how to reason about a principal's authority be deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed mechanisms for security. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, loading programs, delegation, access control, and revocation.
Edward Wobber, Martin Abadi, Mike Burrows, and Butler Lampson,
Authentication in the Taos Operating System
Abstract: We describe a design for security in a distributed system and its implementation. In our design, applications gain access to security services through a narrow interface. This interface provides a notion of identity that includes simple principals, groups, roles, and delegations. A new operating system component manages principals, credentials, and secure channels. It checks credentials according to the formal rules of a logic of authentication. Our implementation is efficient enough to support a substantial user community.
Martin Abadi and Roger
Prudent Engineering Practice for Cryptographic
Abstract: We present principles for designing cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have prevented a number of published errors. Our principles are informal guidelines; they complement formal methods, but do not assume them. In order to demonstrate the actual applicability of these guidelines, we discuss some instructive examples from the literature.
Steven M. Bellovin,
Security Problems in the TCP/IP Protocol Suite
Abstract: The TCP/IP protocol suite, which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols, regardless of the correctness of any implementations. We describe a variety of attacks based on these flaws, including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defenses such as encryption.
B. Clifford Neuman, Stuart G. Stubblebine,
A Note on the Use of Timestamps as Nonces
Abstract: The use of timestamps in key distribution protocols was suggested by Denning and Sacco. Timestamps are now used in most production authentication services including Kerberos. Concerns have been raised about the security implications of this practice. Timestamps are necessary in authentication protocols that support multiple authentication without multiple requests to an authentication server. Kehne, Schonwalder, and Langendorfer have proposed a nonce-based protocol for multiple authentications that they claim improves upon the Kerberos protocol because it does not depend on the presence of synchronized clocks. This note discusses the use of timestamps as nonces and demonstrates a nonce-based mutual-authentication protocol requiring only four messages, and the same number of messages required for mutual-authentication in Kerberos. The note concludes by suggesting extensions to our protocol that allow the use of verifier issued timestamps as nonces while recovering some (though not all) of the benefits of traditional timestamps.
Designing an Authentication System: a Dialogue in Four
Abstract: This dialogue provides a fictitious account of the design of an open-network authentication system called "Charon." As the dialogue progresses, the characters Athena and Euripides discover the problems of security inherent in an open network environment. Each problem must be addressed in the design of Charon, and the design evolves accordingly. Athena and Euripides don't complete their work until the dialogue's close. When they finish designing the system, Athena changes the system's name to "Kerberos," the name, coincidentally enough, of the authentication system that was designed and implemented at MIT's Project Athena. The dialogue's "Kerberos" system bears a striking resemblence to the system described in Kerberos: An Authentication Service for Open Network Systems presented at the Winter USENIX 1988, at Dallas, Texas.
Jennifer G. Steiner, Clifford Neuman, Jeffrey I. Schiller,
Kerberos: An Authentication Service for Open Network
Abstract: In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted third-party authentication service is used to verify users' identities. This paper gives an overview of the Kerberos authentication model as implemented for MIT's Project Athena. It describes the protocols used by clients, servers, and Kerberos to achieve authentication. It also describes the management and replication of the database required. The views of Kerberos as seen by the user, programmer, and administrator are described. Finally, the role of Kerberos in the larger Athena picture is given, along with a list of applications that presently use Kerberos for user authentication. We describe the addition of Kerberos authentication to the Sun Network File System as a case study for integrating Kerberos with an existing application.
Steven M. Bellovin, Michael Merritt,
Limitations Of The Kerberos Authentication System
Abstract: The Kerberos authentication system, a part of MIT's Project Athena, has been has adopted by other organizations. Despite Kerberos's many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent deficiencies in the protocol design. We discuss a number of such problems, and present solutions to some of them. We also demonstrate how special-purpose cryptographic hardware may be needed in some cases.
Van Herreweghen, Stefano
KryptoKnight Authentication and Key Distribution
Abstract: This paper describes KryptoKnight, an authentication and key distribution system that provides facilities for secure communication in any type of network environment. KryptoKnight was designed with the goal of providing network security services with a high degree of compactness and flexibility. Message compactness of KryptoKnight's protocols allows it to secure communication protocols at any layer, without requiring any major protocol augmentations in order to accommodate security-related information. Moreover, since KryptoKnight avoids the use of bulk encryption it is easily exportable. Owing to its architectural flexibility, KryptoKnight functions at both endpoints of communication can perform different security tasks depending on the particular network configuration. These and other novel features make KryptoKnight an attractive solution for providing security services to existing applications irrespective of the protocol layer, network configuration or communication paradigm.
Aviel Rubin, Peter Honeyman,
Long Running Jobs in an Authenticated Environment
Abstract: Current authentication systems require that a user have a valid token or ticket for a job to run. These tickets are issued with limited lifetimes, and their renewal requires a user to enter her password. We have developed a system called lat with which a user may schedule a batch job to be run at a later date in the current environment. The batch job is stored on a secure machine, and sent and received only in encrypted form. When it is time for the job to run, the server generates a ticket for the original user and sends it (encrypted) to the machine on which the job will run. The user is given an option to specify that tickets should be continually generated for the job until its execution has completed.
David R. Safford, David K. Hess, Douglas Lee Schales, Secure
RPC Authentication (SRA) for TELNET and FTP
Abstract: TELNET and FTP currently exchange user authentication (passwords) in plain text, which is easily eavesdropped. Several techniques, such as Kerberos and SPX, have been proposed in draft RFCs to implement secure authentication. These techniques, however, have several drawbacks, including technical complexity, poor vendor support, and organizational problems. This paper presents SRA, a very simple and tested technique based on Secure RPC which, while certainly not as strong as RSA, is reasonably strong, fast, and trivial to implement immediately for both inter and intra domain communication.
Built by Mark Crosbie and Ivan Krsul.
Security Archive Homepage.
COAST Project (CERIAS)Page.
Purdue CS Dept page.