Specifying Agent Beliefs for Authentication Systems.
ABSTRACT The goal of an authentication system is to verify and authorise users, in order to protect restricted data and information. After authentication, two principals (people, computers, services) in a distributed system should be entitled to believe that they are communicating with each other and not with intruders. Therefore it is important to express such beliefs precisely and to capture the reasoning that leads to them. In this paper, we focus on analysis of agent beliefs in dynamic environments in a formal framework based on a combination of a belief logic with a temporal logic. Through a well-known protocol example, that is, Kerberos, we discuss how to express principal agent beliefs involved in authentication protocols and the evolution of these beliefs as a consequence of communication, since trust is based on a series of observations of agents. Our approach is general and could be used for designing, verifying and implementing authentication protocols
- SourceAvailable from: csis.bits-pilani.ac.in[show abstract] [hide abstract]
ABSTRACT: The distribution of keys in a computer network using single key or public key encryption is discussed. We consider the possibility that communication keys may be compromised, and show that key distribution protocols with timestamps prevent replays of compromised keys. The timestamps have the additional benefit of replacing a two-step handshake.Commun. ACM. 01/1981; 24:533-536.
Conference Proceeding: An encapsulated authentication logic for reasoning about key distribution protocols[show abstract] [hide abstract]
ABSTRACT: Authentication and secrecy properties are proved by very different methods: the former by local reasoning, leading to matching knowledge of all principals about the order of their actions, the latter by global reasoning towards the impossibility of knowledge of some data. Hence, proofs conceptually decompose in two parts, each encapsulating the other as an assumption. From this observation, we develop a simple logic of authentication that encapsulates secrecy requirements as assumptions. We apply it within the derivational framework to derive a large class of key distribution protocols based on the authentication properties of their components.Computer Security Foundations, 2005. CSFW-18 2005. 18th IEEE Workshop; 07/2005
Conference Proceeding: Kerberos: An Authentication Service for Open Network Systems.[show abstract] [hide abstract]
ABSTRACT: In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted third-party authentication service is used to verify users' identities. This paper gives an overview of the Kerberos authentication model as imple- mented for MIT's Project Athena. It describes the protocols used by clients, servers, and Kerberos to achieve authentication. It also describes the management and replication of the database required. The views of Kerberos as seen by the user, programmer, and administrator are described. Finally, the role of Kerberos in the larger Athena picture is given, along with a list of applications that presently use Kerberos for user authentica- tion. We describe the addition of Kerberos authentication to the Sun Network File Sys- tem as a case study for integrating Kerberos with an existing application.01/1988