The SecureRing group communication protocols provide reliable ordered message delivery and group membership services despite Byzantine faults such as might be caused by modifications to the programs of a group member following illicit access to, or capture of, a group member. The protocols multicast messages to groups of processors within an asynchronous distributed system and deliver messages in a consistent total order to all members of the group. They ensure that correct members agree on changes to the membership, that correct processors are eventually included in the membership, and that processors that exhibit detectable Byzantine faults are eventually excluded from the membership. To provide these message delivery and group membership services, the protocols make use of an unreliable Byzantine fault detector. 1.

We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long ( or infinite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise...

Fast message integrity and authentication services are very important in today's high-speed network protocols. Current message authentication techniques are mostly encryption-based which is undesirable for several reasons. In this brief paper, we introduce encryption-free message authentication based entirely on the use of one-way hash functions. Two methods are presented and their strength is analyzed. The security of the proposed methods is based on the strength of the underlying one-way hash function. Keywords: message authentication, data integrity, one-way hash functions, network protocols, communication security. 1 Introduction Message authentication is a an important feature in many of today's network protocols. As network speeds increase, higher demands are made for processing speeds. However, encryption technology is still unable to match the bandwidth requirements of high-speed protocols in a costeffective manner. For this reason, alternative approaches are being considered...

. In this paper we describe a fast new DES implementation. This implementation is about five times faster than the fastest known DES implementation on a (64-bit) Alpha computer, and about three times faster than than our new optimized DES implementation on 64-bit computers. This implementation uses a non-standard representation, and view the processor as a SIMD computer, i.e., as 64 parallel one-bit processors computing the same instruction. We also discuss the application of this implementation to other ciphers. We describe a new optimized standard implementation of DES on 64-bit processors, which is about twice faster than the fastest known standard DES implementation on the same processor. Our implementations can also be used for fast exhaustive search in software, which can find a key in only a few days or a few weeks on existing parallel computers and computer networks. 1 Introduction In this paper we describe a new implementation of DES[4], which can be very efficiently executed ...

Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication: there is no way to validate claims of address ownership or location. The lack of such services enables not only attacks by malicious entities, but indirectly allow seemingly inconsequential miconfigurations to disrupt large portions of the Internet. This paper considers the semantics, design, and costs of origin authentication in interdomain routing. We formalize the semantics of address delegation and use on the Internet, and develop and characterize broad classes of origin authentication proof systems. We estimate the address delegation graph representing the current use of IPv4 address space using available routing data. This effort reveals that current address delegation is dense and relatively static: as few as 16 entities perform 80% of the delegation on the Internet. We conclude by evaluating the proposed services via traced based simulation. Our simulation shows the enhanced proof systems can significantly reduce resource costs associated with origin authentication.

Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein.

We consider the authentication of digital streams over a lossy network. The overall approach taken is graph-based, as this yields simple methods for controlling overhead, delay, and the ability to authenticate, while serving to unify many previously known hash- and MAC-based techniques. The loss pattern of the network is defined probabilistically, allowing both bursty and random packet loss to be modeled. Our authentication schemes are customizable by the sender of the stream; that is, within reasonable constraints on the input parameters, we provide schemes that achieve the desired authentication probability while meeting the input upper bound on the overhead per packet. In addition, we demonstrate that some of the shortcomings of previously known schemes correspond to easily identifiable properties of a graph, and hence, may be more easily avoided by taking a graph-based approach to designing authentication schemes.

Internetworks of the future will allow and promote universal access. Users will be able to access the network at a multitude of access points separated by significant geographic distance and many administrative boundaries. Without a single central authority, a new set of inter-domain security mechanisms is needed to allow users to venture into remote domains while inheriting privileges from their home domain. Solutions addressing this issue must take into account a somewhat contradictory security constraint that calls for strict separation of security domains in order to avoid sharing sensitive user-related security information. In this paper, we propose a generic approach for authenticating mobile users in remote domains that satisfies the domain separation constraint. The protocols described herein can be applied in different mobile-user environments including wireless networks and mobile user services on traditional wireline networks. Keywords: mobility, internetworks, mobile users...

This paper describes KryptoKnight, an authentication and key distribution system that provides facilities for secure communication in any type of network environment. KryptoKnight was designed with the goal of providing network security services with a high degree of compactness and flexibility. Message compactness of KryptoKnight's protocols allows it to secure communication protocols at any layer, without requiring any major protocol augmentations in order to accommodate security-related information. Moreover, since KryptoKnight avoids the use of bulk encryption it is easily exportable. Owing to its architectural flexibility, KryptoKnight functions at both endpoints of communication can perform different security tasks depending on the particular network configuration. These and other novel features make KryptoKnight an attractive solution for providing security services to existing applications irrespective of the protocol layer, network configuration or communication paradigm. 1 In...

User mobility is rapidly becoming an important and popular feature in today's networks. This is especially evident in wireless/cellular environments. While useful and desirable, user mobility raises a number of important security-related issues and concerns. One of them is the issue of tracking mobile user's movements and current whereabouts. Ideally, no entity other than the user himself and a responsible authority in the user's home domain should know either the real identity or the current location of the mobile user. At present, environments supporting user mobility either do not address the problem at all or base their solutions on the specific hardware capabilities of the user's personal device, e.g., a cellular telephone. This paper discusses a wide range of issues related to anonymity in mobile environments, reviews current state-of-the-art approaches and proposes several potential solutions. Solutions vary in complexity, degree of protection and assumptions about the underlyin...