Stubblebine Research Labs
Home |
REVOCATION, KEY DISTRIBUTION, AND AUTHENTICATION Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-LoopPinkas and Sander’s (2002) login protocol protects against online guessing attacks by employing human-in-the-loop techniques (also known as Reverse Turing Tests or RTTs). We first note that this, and other protocols involving RTTs, are susceptible to minor variations of well-known middle-person attacks, and suggest techniques to address such attacks. We then present complementary modifications in what we call a history-based protocol with RTT’s. Preliminary analysis indicates that the new protocol offer opportunities for improved security, improved user-friendliness (fewer RTTs to legitimate users), and greater flexibility (e.g. in customizing protocol parameters to particular situations).
Recent-Secure Authentication: Enforcing Revocation in Distributed SystemsWe illustrate a technique for including recentness verification policies within identification/authorization/delegation/policy certificates. By adjusting freshness constraints, the delay for certain revocation can be arbitrarily bounded. Using this technique we design a general architecture for a secure and highly available trusted-third party revocation service. This service enables a trusted-third party to be a revocation authority (e.g., authority for issuing revocation statements) while the customer retains authority on issuing it's own identification/ authorization/ delegation certificates. The practical significance of this theory is that the customer can delegate revocation authority (i.e., the difficult task of making revocation lists highly available and fresh) to a less trusted principal. Also, we give a general method for formally specifying and reasoning about revocation in distributed systems with any desired degree of immediacy for revoking authentication.
PathServerPathServer is a web-based service for authenticating PGP public keys, i.e., determining their owners. It works by enabling a user to find paths of certificates from a key she trusts to a key she wants to learn about. You can find out more about this by having a look at
Metrics of authenticationA metric of authentication is a procedure for evaluating the assurance one has in a name-to-key binding. That is, it tells you how sure you can be regarding the apparent owner of a key, given the information available to you and how much you trust the various entities that apparently contributed this information. In this work, we developed a number of principles for the design of metrics of authentication, demonstrated how several proposed metrics fall short of them, and described a new metric that we believe comes close to being an acceptable metric of authentication.
Timestamps as Nonces for Authentication and Key ManagementThe use of timestamps in key distribution protocols was suggested by Denning and Sacco. Timestamps are now used in most production authentication services including Kerberos. Concerns have been raised about the security implications of this practice. Timestamps are necessary in authentication protocols that support multiple authentication without multiple requests to an authentication server. Kehne, Schonwalder, and Langendorfer have proposed a nonce-based protocol for multiple authentications that they claim improves upon the Kerberos protocol because it does not depend on the presence of synchronized clocks. This work discusses the use of timestamps as nonces and demonstrates a nonce-based mutual-authentication protocol requiring only four messages, one less than described elsewhere, and the same number of messages required for mutual-authentication in Kerberos. (A nonce is an identifier that is used only once.) The note concludes by suggesting extensions to our protocol that allow the use of verifier issued timestamps as nonces while recovering some (though not all) of the benefits of traditional timestamps.
|