Abstract: Specifications of encryption-based protocols using conventional and public-key encryption schemes are discussed for authentication of users or systems in a computer network environment. The protocols treat a sender and a receiver symmetrically and make no assumption about any specific time ordering of events. We apply state machine modeling and analysis techniques to determine important properties of these protocols including completeness, deadlock freeness, livelock or tempo-blocking freeness, termination, boundedness, and absence of non-executable interactions.

Abstract: One of the most pervasive problems in military and in commercial communications-like systems is the need to authenticate digital messages; where authentication is interpreted broadly to mean verification both that a message was originated by the purported transmitter and that it has not been altered subsequently, which includes verifying that it is not a repetition of an earlier legitimate but already accepted message The terminology ttmessagetl is a carryover from the origins of the problem in communications systems, but as used here includes resident computer software, data bank information, access requests and passes or passwords, hand-shaking exchanges between terminals and central facilities or between card readers and teller machines, etc; ie, digital information exchange over a suspect channel or interface in general The need to authenticate information presupposes an opponent(s) — who may in some circumstances be either the transmitter or receiver — that desires to have unauthentic messages be accepted by the receiver, or by arbiters, as authentic or else to fraudulently attribute to the transmitter messages that he did not send

Abstract: This paper describes a design for an authentication service for a very large scale, very long lifetime, distributed system. The paper introduces a methodology for describing authentication protocols that makes explicit the trust relationships amongst the participants. The authentication protocol is based on the primitive notion of composition of secure channels. The authentication model offered provides for the authentication of "roles", where a principal might exercise differing roles at differing times, whilst having only a single "identity". Roles are suitable for inclusion in access control lists. The naming of a role implies what entities are being trusted to authenticate the role. We provide a UID scheme that gives clients control over the time at which a name gets bound to a principal, thus controlling the effects of mutability of the name space.

Abstract: The problem of authentication of mutually suspicious parties is one that is becoming more and more important with the proliferation of distributed systems. In this paper we construct a protocol in which users can verify whether they have matching credentials without revealing their credentials to each other unless there is a match. Thk protocol requires a trusted third party, but does not require it to be available to the users except when they sign up for the system. Thus it is useful in situations in which a trusted third party exists, but is not available to all users at all times.