Abstract
Authentication is a key requirement in the establishment of secure interactions between network entities. Several authentication and key establishment protocols have been proposed in recent years. Most of these protocols were designed for an intra-domain environment (i.e. one where the communicating parties reside in a single domain) and then extrapolated to the inter-domain environment. In this paper, the design of inter-domain protocols is investigated. We present the different design choices that need to be carefully considered when designing inter-domain protocols in large distributed systems. We propose three different inter-domain protocols with varying degrees of responsibility placed on the client and the trusted servers. In each case, the assumptions made in the design are explicitly stated. This helps to illustrate the rationale behind the choices made. The proposed protocols use symmetric key systems and are based on Kerberos. The arguments, rationales and designs presented in this paper are also applicable to OSF's Distributed Computing Environment (DCE).
Original language | English |
---|---|
Title of host publication | Proceedings - 12th Annual Computer Security Applications Conference, ACSAC 1996 |
Publisher | Association for Computing Machinery |
Pages | 105-116 |
Number of pages | 12 |
ISBN (Electronic) | 081867606X |
DOIs | |
Publication status | Published - 1 Jan 1996 |
Externally published | Yes |
Event | 12th Annual Computer Security Applications Conference, ACSAC 1996 - San Diego, United States Duration: 9 Dec 1996 → 13 Dec 1996 |
Conference
Conference | 12th Annual Computer Security Applications Conference, ACSAC 1996 |
---|---|
Country/Territory | United States |
City | San Diego |
Period | 9/12/96 → 13/12/96 |