论文信息 - Securely replicating authentication services

Securely replicating authentication services

A framework for designing a type of distributed authentication protocol is given, whose security and availability are higher compared to those of centralized ones. It uses the technique of secret sharing and introduces a cross checksum scheme to achieve secure replication. Fewer than a certain number of malicious servers cannot damage security except by causing denial of service, and this only happens when too many honest servers accidentally fail at the same time. The protocol is suited to an environment where no trustworthiness of any server is permanently guaranteed. The approach is general enough not to rely on any particular authentication protocol. Existing implementations need minor modification. Only a short piece of code is needed to run the implementations as many times as required. Hence, different centralized protocols can be incorporated into one distributed protocol.<<ETX>>

Li Gong

[1] Baruch Awerbuch,et al. Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[2] Hideki Imai,et al. On the Key Predistribution System: A Practical Solution to the Key Distribution Problem , 1987, CRYPTO.

[3] Robert S. Winternitz. A Secure One-Way Hash Function Built from DES , 1984, 1984 IEEE Symposium on Security and Privacy.

[4] Martín Abadi,et al. Authentication: A Practical Study in Belief and Action , 1988, TARK.

[5] David K. Gifford,et al. Weighted voting for replicated data , 1979, SOSP '79.

[6] Adi Shamir,et al. How to share a secret , 1979, CACM.

[7] Suresh C. Kothari,et al. Generalized Linear Threshold Scheme , 1985, CRYPTO.

[8] Roger M. Needham,et al. Using encryption for authentication in large networks of computers , 1978, CACM.

[9] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[10] Maurice Herlihy,et al. How to Make Replicated Data Secure , 1987, CRYPTO.

[11] Richard D. Schlichting,et al. Fail-stop processors: an approach to designing fault-tolerant computing systems , 1983, TOCS.

[12] Jeffrey I. Schiller,et al. An Authentication Service for Open Network Systems. In , 1998 .