Recent-secure authentication: enforcing revocation in distributed systems

Recent-secure authentication: enforcing revocation in distributed systems (1995)

Cached

Download Links

by Stuart G. Stubblebine

Venue:	In Proc. 19th IEEE Symposium on Security and Privacy
Citations:	34 - 7 self

BibTeX

@INPROCEEDINGS{Stubblebine95recent-secureauthentication:,
    author = {Stuart G. Stubblebine},
    title = {Recent-secure authentication: enforcing revocation in distributed systems},
    booktitle = {In Proc. 19th IEEE Symposium on Security and Privacy},
    year = {1995},
    pages = {224--235}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

A general method is described for formally specifying and reasoning about distributed systems with any desired degree of immediacy for revoking authentication. To effect revocation, ‘authenticating entities’ impose freshness constraints on credentials or authenticated statements made by trusted intermediaries. If fresh statements are not presented, then the authentication is questionable. Freshness constraints are derived from initial policy assumptions and authentic statements made by trusted intermediaries. By adjusting freshness constraints, the delay for certain revocation can be arbitrarily bounded. We illustrate how the inclusion of freshness policies within certificates enables the design of a secure and highly available revocation service. We illustrate the application of the method and new techniques in an example. 1.

Citations

2507	A method for obtaining digital signatures and public-key cryptosystems - Rivest, Shamir, et al.
2292	New directions in cryptography - Diffie, Hellmen - 1976
2115	Clocks and the Ordering of Events in a Distributed System - Lamport - 1978
403	Authentication in distributed systems: Theory and practice - Lampson, Abadi, et al. - 1992
326	Kerberos: An authentication service for computer networks - Neuman, Ts’o - 1994
315	A calculus for access control in distributed systems - Abadi, Burrows, et al. - 1993
221	Timestamps in key distribution protocols - Denning, Sacco - 1981
143	Privacy enhancement for Internet electronic mail: Part II: Certificate-based key management - KENT - 1993
108	Proxy-based authorization and accounting for distributed systems - NEUMAN - 1991
84	An Architecture for Practical Delegation in a Distributed System - Gasser, McDermott - 1990
81	The Digital distributed system security architecture - Gasser, Goldstein, et al. - 1989
61	Hybrid Concurrency Control for Abstract Data Types - Herlihy, Weihl - 1991
60	SPX : Global authentication using public key certificates - J, ALAGAPPAN - 1991
55	Public Key Cryptography for Initial Authentication - Tung
50	A Security Risk of Depending on Synchronized Clocks - Gong - 1992
49	Practical Uses of Synchronized Clocks in Distributed Systems - Liskov - 1991
47	Increasing availability and security of an authentication service - Gong - 1993
43	On message integrity in cryptographic protocols - Stubblebine, Gligor - 1992
33	Cascaded Authentication - Sollins - 1988
21	On Inter-Realm Authentication in Large Distributed Systems - Gligor, Luan, et al. - 1993
8	Protocol Design for Integrity Protection - Stubblebine, Gligor - 1993
3	Trust-Based Navigation in - Yahalom, Klein, et al. - 1994