Paper Review #16: Using Encryption for Authentication in Large Networks of Computers

From: Yuhan Cai (yuhancai@cs.washington.edu)
Date: Tue Nov 23 2004 - 23:30:31 PST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Title: Using Encryption for Authentication in Large Networks of Computers
Authors: Roger M. Needham and Michael D. Schroeder

Reviewed by: Yuhan Cai

Main results of the paper:

· Protocols for decentralized authentication in networks using encryption techniques are presented.

· Examples are given for the processes of establishing authenticated connections, managing authenticated mail and for verifying signatures and guaranteeing document integrity.

Strengths of the paper:

· The protocols require a minimal reliance on network-wide services (clock or network name management authority).

· The protocols provide a solution that is adequate for most authentication problems and most common security objectives.

· The protocols embody both conventional and public-key encryption techniques.

· There are three functions provided: establishment of authenticated interactive communication between two principals on different machines, authenticated one-way communication, and signed communication.

Key limitations:

· The problem of enforcing the security of all communication is not considered.

· The issue of preventing communication between particular principals in order to enforce restrictions on information flow is not addressed.

Relevance of the paper:

· It has presented a method that integrates all existing security techniques and applies them in a decentralized environment, based on both conventional and public-key encryption.

Future work:

· Future research work is expected to meet other security goals such as preventing traffic analysis, withholding all matching cleartext-ciphertext pairs from an eavesdropper, ensuring instantaneous detection of tampering, and optimizing efficiency in particular networks.

· It is necessary to devise techniques to verify the correctness of such protocols.

· A complete evaluation of the problems in implementing such servers in a real system is needed.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 23:30:36 PST