THE KRYPTOKNIGHT FAMILY OF LIGHTWEIGHT PROTOCOLS FOR AUTHENTICATION AND KEY DISTRIBUTION

被引:43
作者
BIRD, R
GOPAL, I
HERZBERG, A
JANSON, P
KUTTEN, S
MOLVA, R
YUNG, M
机构
[1] IBM CORP,ZURICH RES LAB,CH-8803 RUSCHLIKON,SWITZERLAND
[2] INST EURECOM,F-06903 SOPHIA ANTIPOLIS,FRANCE
关键词
D O I
10.1109/90.365435
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of a comprehensive security subsystem prototype called KryptoKnight, whose software and implementation aspects are discussed in [16], and which is the basis for the recently announced IBM Network Security Program product.
引用
收藏
页码:31 / 41
页数:11
相关论文
共 27 条
[1]   A KEY DISTRIBUTION PROTOCOL USING EVENT MARKERS [J].
BAUER, RK ;
BERSON, TA ;
FEIERTAG, RJ .
ACM TRANSACTIONS ON COMPUTER SYSTEMS, 1983, 1 (03) :249-255
[2]  
BELLARE M, 1990, ACM CCR, V20, P119
[3]  
BELLARE M, IN PRESS ADV CRYPTOL
[4]   SYSTEMATIC DESIGN OF A FAMILY OF ATTACK-RESISTANT AUTHENTICATION PROTOCOLS [J].
BIRD, R ;
GOPAL, I ;
HERZBERG, A ;
JANSON, PA ;
KUTTEN, S ;
MOLVA, R ;
YUNG, M .
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 1993, 11 (05) :679-693
[5]  
BIRD R, 1991, LECTURE NOTES COMPUT, V576
[6]  
Bird R., 1991, ADV CRYPTOLOGY CRYPT, P44
[7]   TIMESTAMPS IN KEY DISTRIBUTION PROTOCOLS [J].
DENNING, DE ;
SACCO, GM .
COMMUNICATIONS OF THE ACM, 1981, 24 (08) :533-536
[8]  
GONG L, 1989, COMPUT COMMUN REV, V19, P8
[9]  
HERZBERG A, UNPUB DESIGNING EFFI
[10]  
JANSON P, IN PRESS COMPUT COMM