Design choices for symmetric key based inter-domain authentication protocols in distributed systems

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

Abstract

Authentication is a key requirement in the establishment of secure interactions between network entities. Several authentication and key establishment protocols have been proposed in recent years. Most of these protocols were designed for an intra-domain environment (i.e. one where the communicating parties reside in a single domain) and then extrapolated to the inter-domain environment. In this paper, the design of inter-domain protocols is investigated. We present the different design choices that need to be carefully considered when designing inter-domain protocols in large distributed systems. We propose three different inter-domain protocols with varying degrees of responsibility placed on the client and the trusted servers. In each case, the assumptions made in the design are explicitly stated. This helps to illustrate the rationale behind the choices made. The proposed protocols use symmetric key systems and are based on Kerberos. The arguments, rationales and designs presented in this paper are also applicable to OSF's Distributed Computing Environment (DCE).

Original languageEnglish
Title of host publicationProceedings - 12th Annual Computer Security Applications Conference, ACSAC 1996
PublisherAssociation for Computing Machinery
Pages105-116
Number of pages12
ISBN (Electronic)081867606X
DOIs
Publication statusPublished - 1 Jan 1996
Externally publishedYes
Event12th Annual Computer Security Applications Conference, ACSAC 1996 - San Diego, United States
Duration: 9 Dec 199613 Dec 1996

Conference

Conference12th Annual Computer Security Applications Conference, ACSAC 1996
CountryUnited States
CitySan Diego
Period9/12/9613/12/96

Fingerprint Dive into the research topics of 'Design choices for symmetric key based inter-domain authentication protocols in distributed systems'. Together they form a unique fingerprint.

Cite this