TY - JOUR
T1 - Symmetric Key Authentication Services Revisited
AU - Crispo, B.
AU - Popescu, B.C.
AU - Tanenbaum, A.S.
PY - 2004
Y1 - 2004
N2 - Most of the symmetric key authentication schemes deployed today are based on principles introduced by Needham and Schroeder [15] more than twenty years ago. However, since then, the computing environment has evolved from a LAN-based client-server world to include new paradigms, including wide area networks, peer-to-peer networks, mobile ad-hoc networks and ubiquitous computing. Also, there are new threats, including viruses, worms and denial of service attacks. In this paper we review existing symmetric key authentication protocols in the light of these changes, and propose a authentication infrastructure design specifically tailored to address the latest developments in the distributed computing landscape. The key element in our design is placing the authentication server off-line, which greatly strengthens the security of its cryptographic material and shields it from denial of service attacks. Although the authentication server is not accessible on-line, our scheme can handle a dynamic client population, as well as critical issues such as re-issuing of keys and revocation. © Springer-Verlag Berlin Heidelberg 2004.
AB - Most of the symmetric key authentication schemes deployed today are based on principles introduced by Needham and Schroeder [15] more than twenty years ago. However, since then, the computing environment has evolved from a LAN-based client-server world to include new paradigms, including wide area networks, peer-to-peer networks, mobile ad-hoc networks and ubiquitous computing. Also, there are new threats, including viruses, worms and denial of service attacks. In this paper we review existing symmetric key authentication protocols in the light of these changes, and propose a authentication infrastructure design specifically tailored to address the latest developments in the distributed computing landscape. The key element in our design is placing the authentication server off-line, which greatly strengthens the security of its cryptographic material and shields it from denial of service attacks. Although the authentication server is not accessible on-line, our scheme can handle a dynamic client population, as well as critical issues such as re-issuing of keys and revocation. © Springer-Verlag Berlin Heidelberg 2004.
UR - http://www.scopus.com/inward/record.url?scp=33746361705&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33746361705&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-27800-9_22
DO - 10.1007/978-3-540-27800-9_22
M3 - Article
SN - 0302-9743
VL - 3108
SP - 248
EP - 261
JO - Lecture Notes in Computer Science
JF - Lecture Notes in Computer Science
ER -