From: Yuhan Cai (yuhancai@cs.washington.edu)
Date: Tue Nov 23 2004 - 23:30:31 PST
Title: Using Encryption for Authentication in Large Networks of Computers
Authors: Roger M. Needham and Michael D. Schroeder
Reviewed by: Yuhan Cai
Main results of the paper:
� Protocols for decentralized authentication in networks using encryption techniques are presented.
� Examples are given for the processes of establishing authenticated connections, managing authenticated mail and for verifying signatures and guaranteeing document integrity.
Strengths of the paper:
� The protocols require a minimal reliance on network-wide services (clock or network name management authority).
� The protocols provide a solution that is adequate for most authentication problems and most common security objectives.
� The protocols embody both conventional and public-key encryption techniques.
� There are three functions provided: establishment of authenticated interactive communication between two principals on different machines, authenticated one-way communication, and signed communication.
Key limitations:
� The problem of enforcing the security of all communication is not considered.
� The issue of preventing communication between particular principals in order to enforce restrictions on information flow is not addressed.
Relevance of the paper:
� It has presented a method that integrates all existing security techniques and applies them in a decentralized environment, based on both conventional and public-key encryption.
Future work:
� Future research work is expected to meet other security goals such as preventing traffic analysis, withholding all matching cleartext-ciphertext pairs from an eavesdropper, ensuring instantaneous detection of tampering, and optimizing efficiency in particular networks.
� It is necessary to devise techniques to verify the correctness of such protocols.
� A complete evaluation of the problems in implementing such servers in a real system is needed.
This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 23:30:36 PST