## Resilient Authentication Using Path Independence (1998)

### Download From

IEEE### Download Links

- [www.ece.cmu.edu]
- [www.cs.unc.edu]
- [users.ece.cmu.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | IEEE Transactions on Computers |

Citations: | 44 - 1 self |

### BibTeX

@ARTICLE{Reiter98resilientauthentication,

author = {Michael K. Reiter and Stuart G. Stubblebine},

title = {Resilient Authentication Using Path Independence},

journal = {IEEE Transactions on Computers},

year = {1998},

volume = {47},

pages = {1351--1362}

}

### Years of Citing Articles

### OpenURL

### Abstract

Authentication using a path of trusted intermediaries, each able to authenticate the next in the path, is a well-known technique for authenticating channels in a large distributed system. In this paper, we explore the use of multiple paths to redundantly authenticate a channel and focus on two notions of path independence---disjoint paths and connective paths---that seem to increase assurance in the authentication. We give evidence that there are no efficient algorithms for locating maximum sets of paths with these independence properties and propose several approximation algorithms for these problems. We also describe a service we have deployed, called PathServer, that makes use of our algorithms to find such sets of paths to support authentication in PGP applications.

### Citations

11209 |
Computers and Intractability: A Guide to the Theory of NPcompleteness
- Garey, Johnson
- 1979
(Show Context)
Citation Context ...m k for which there exists a set of bounded k-connective paths provide strong evidence that neither can be performed in polynomial time. Specifically, the former is NP-hard and the latter is coNPhard =-=[6]-=-. Moreover, the foremost practical instances of these problems that we are targeting (i.e., public key certification systems such as PGP) induce graphs of sufficient size to make this a severe limitat... |

1546 | A note on two problems in connexion with graphs
- Dijkstra
- 1959
(Show Context)
Citation Context ...ross them. The path of length at most b from s to t with the smallest degree can be found in O(bm + bn log(bn)) time where n = |V| and m = |E|, using a variation of Dijkstra’s shortest path algorith=-=m [4]. 3) Random: Prior to e-=-xecuting the algorithm of Fig. 2, assign a random weight w(c) to each c ∈ V. Define the weight of a path p = s → c1 → … → c� → t as wp = wci . 16 27 ∑ 1≤≤ i � Then, let Φ(p) = w... |

820 | Implementing Fault-Tolerant Services Using The State Machine Approach: A Tutorial
- Schneider
- 1990
(Show Context)
Citation Context ...rior work in nullifying Byzantine-faulty sources of information by consulting multiple “independent” sources of information and accepting as true the information returned by a majority of them (e.=-=g., [21]-=-). Here, our multiple sources of information are multiple paths of bounded length resulting in statements about the target channel. In this paper, we explore what it means for multiple length-bounded ... |

458 | Authentication in distributed systems: Theory and practice
- LAMPSON, BURROWS, et al.
- 1991
(Show Context)
Citation Context ...ey management and encryption tools. A message in these systems would typically include a digital signature to enable the recipient of the message to determine the user who sent the message. Following =-=[13]-=-, the channel in this case is the public key that can be used to verify the signature on the message, and authenticating the channel means determining the principals that could have generated that sig... |

381 | Some simplified NP-complete graph problems - Garey, Johnson, et al. - 1976 |

114 |
PGP user's guide
- Zimmerman
- 1992
(Show Context)
Citation Context ...difficulty of reliably authenticating a channel can increase substantially. This difficulty arises in secure communication systems such as Privacy Enhanced Mail [11] and many systems that use the PGP =-=[26]-=- public key management and encryption tools. A message in these systems would typically include a digital signature to enable the recipient of the message to determine the user who sent the message. F... |

108 | A.: Attack-resistant trust metrics for public key certification - Levien, Aiken - 1998 |

98 |
Disjoint paths in a network
- Suurballe
- 1974
(Show Context)
Citation Context ...ut can be solved in Om n maximum matching and maximum flow techniques [9]. The related problem of finding a requested number of disjoint paths of minimum total length can be solved in polynomial time =-=[22]-=-. our algorithms, we first present another algorithm that runs in n O(b) time and space and, thus, is exponential in b. While we introduce this first algorithm primarily for motivational purposes, it ... |

65 |
Internet privacy enhanced mail
- Kent
- 1993
(Show Context)
Citation Context ...stem gets larger and more diverse, the difficulty of reliably authenticating a channel can increase substantially. This difficulty arises in secure communication systems such as Privacy Enhanced Mail =-=[11]-=- and many systems that use the PGP [26] public key management and encryption tools. A message in these systems would typically include a digital signature to enable the recipient of the message to det... |

50 |
A faster deterministic maximum flow algorithm
- King, Rao, et al.
- 1994
(Show Context)
Citation Context ... be useful in practice. A direction for future work is to identify better algorithms for finding bounded disjoint and bounded connective paths. David Johnson suggested computing a maximum flow (e.g., =-=[12]-=-) with capacity-constrained nodes for finding the number of disjoint paths from the source to the target. A maximum flow is not guaranteed to include only paths (or, for that matter, any paths) of len... |

47 | A Global Authentication Service without Global Trust
- Birrell, Lampson, et al.
- 1986
(Show Context)
Citation Context ...each channel on the path, then the user authenticates the target channel according to the statement that c � made about it. To our knowledge, using such paths for authentication was first proposed i=-=n [2]-=- (for authentication based on shared keys) and, in addition to being used in the aforementioned systems, has been supported in [3], [8], [13], [25]. When a single path of channels is used to authentic... |

47 | Toward Acceptable Metrics of Authentication
- Reiter, Stubblebine
- 1997
(Show Context)
Citation Context ...ssurance in the authentication provided by paths of channels. Much of this work has focused on assigning numerical measures of trustworthiness to paths or collections of paths (e.g., [23], [1], [16], =-=[19]-=-, [14]). These efforts have recognized that shorter paths and multiple paths lend additional credibility to the authentication of a channel and the derived numerical measures tend to reflect these obs... |

33 | Path independence for authentication in large-scale systems
- Reiter, Stubblebine
- 1997
(Show Context)
Citation Context ...lgorithms and tools to efficiently locate as many independent paths as possible, which can serve as input to such evaluation functions. Moreover, since the initial conference publication of this work =-=[18], th-=-e number of “independent” paths to a channel, as defined in the present paper, has itself been explored as a numerical measure of assurance for the authentication of that channel [19], [14]. In pa... |

29 |
Worst case behavior of graph coloring algorithms
- Johnson
- 1974
(Show Context)
Citation Context ...ch that no two nodes in V′ are joined is said to be an independent set. Such a set V′ of largest cardinality is said to be a maximum independent set. MIS is a well-known NP-hard problem (see [6]).=-= In [10]-=-, Johnson presented a simple approximation algorithm for this problem; the algorithm is detailed in Fig. 1. Intuitively, it constructs an approximately maximum independent set by repeating the followi... |

18 |
Associating Metrics to Certification Paths
- Tarah, Huitema
- 1992
(Show Context)
Citation Context ...ining increased assurance in the authentication provided by paths of channels. Much of this work has focused on assigning numerical measures of trustworthiness to paths or collections of paths (e.g., =-=[23]-=-, [1], [16], [19], [14]). These efforts have recognized that shorter paths and multiple paths lend additional credibility to the authentication of a channel and the derived numerical measures tend to ... |

12 |
Mengerian theorems for paths of bounded length
- Lovász, Neumann-Lara, et al.
- 1978
(Show Context)
Citation Context ...oint b-bounded paths from s to t are k-connective, but, in general, a set of bbounded k-connective paths from s to t are not disjoint. For comparisons of these concepts on undirected graphs, see [5], =-=[15]. -=-Solutions to BDP and BCP can be useful in supporting authentication of a target channel. However, it is up to individual users’ policies to determine exactly how they are used. Given a set of disjoi... |

9 |
Geodetic connectivity of graphs
- Entringer, Jackson, et al.
- 1977
(Show Context)
Citation Context ... disjoint b-bounded paths from s to t are k-connective, but, in general, a set of bbounded k-connective paths from s to t are not disjoint. For comparisons of these concepts on undirected graphs, see =-=[5], -=-[15]. Solutions to BDP and BCP can be useful in supporting authentication of a target channel. However, it is up to individual users’ policies to determine exactly how they are used. Given a set of ... |

7 |
Heuristics for finding a maximum number of disjoint bounded paths
- Ronen, Perl
- 1984
(Show Context)
Citation Context ... comes close to the actual answer; a more careful definition and discussion can be found in [6]. The only prior work of which we are aware on approximation algorithms for BDP is due to Ronen and Perl =-=[20]-=-. They proposed an algorithm and showed empirically that it performs well on small random undirected graphs of 50 nodes. Their algorithm runs in O(b 2 n 2 m) time and O(b 2 nm) space with a path bound... |

4 |
On Inter-Realm Authentication in
- Gligor, Luan, et al.
- 1993
(Show Context)
Citation Context ...ledge, using such paths for authentication was first proposed in [2] (for authentication based on shared keys) and, in addition to being used in the aforementioned systems, has been supported in [3], =-=[8]-=-, [13], [25]. When a single path of channels is used to authenticate a target channel, the authentication is vulnerable to the compromise of any channel on that path. That is, if any c i in the path p... |

4 |
The Complexity of Finding
- Itai, Perl, et al.
- 1982
(Show Context)
Citation Context ...on of the problems we presented in Section 2, beginning with Bounded Disjoint Paths (BDP). BDP has been previously studied from a complexity-theoretic point of view, and has been proved to be NP-hard =-=[9]. 1 -=-Thus, there is little hope of finding an efficient solution to BDP, and we turn to finding approximation algorithms for this problem. By an “approximation algorithm,” we intuitively mean an effici... |

3 |
PGP web of trust statistics. http://bcn.boulder.co.us/ neal/pgpstat
- McBurnett
- 1996
(Show Context)
Citation Context ...f such graphs are yet to be conclusively identified, however, even generating TABLE 2 ACCURACY RESULTS FOR MULTIPLY CONNECTED PAIRS such test graphs remains an open problem. We hope that work such as =-=[17]-=- will shed light on this issue. 4 BOUNDED CONNECTIVE PATHS To our knowledge, the Bounded Connective Paths (BCP) problem of Section 2 has not been considered from the algorithmic and complexity-theoret... |

3 |
Trust-Based Navigation in
- Yahalom, Klein, et al.
- 1994
(Show Context)
Citation Context ...g such paths for authentication was first proposed in [2] (for authentication based on shared keys) and, in addition to being used in the aforementioned systems, has been supported in [3], [8], [13], =-=[25]-=-. When a single path of channels is used to authenticate a target channel, the authentication is vulnerable to the compromise of any channel on that path. That is, if any c i in the path provides a fa... |

1 |
Modelling a Public-Key Infrastructure,” Computer Security—ESORICS
- Maurer
- 1996
(Show Context)
Citation Context ...ased assurance in the authentication provided by paths of channels. Much of this work has focused on assigning numerical measures of trustworthiness to paths or collections of paths (e.g., [23], [1], =-=[16]-=-, [19], [14]). These efforts have recognized that shorter paths and multiple paths lend additional credibility to the authentication of a channel and the derived numerical measures tend to reflect the... |