Reliable authentication of communicating entities is essential for achieving security in a distributed computing environment. The design of such systems as Kerberos, SPX and more recently KryptoKnight and Kuperee, have largely been successful in addressing the problem. The common element with these implementations is the need for a trusted third-party authentication service. This essentially requires a great deal of trust to be invested in the authentication server which adds a level of complexity and reduces system flexibility. The use of a Beacon to promote trust between communicating parties was first suggested by M. Rabin in "Transactions protected by beacons", Journal of Comuter and System Sciences, Vol. 27. pp. 256- 267, 1983. In this paper we revive Rabin's ideas which have been largely overlooked in the past decade. In particular we present a novel approach to the authentication problem based on a service called Beacoll which continuously broadcasts certified nonces. We argue that this approach considerably simplifies the solution to the authentication problem and we illustrate the impact of such a service by "Beaconizing" the well know Needham and Schroeder protocol. The modified protocol would be suitable for deployment at upper layers of the communication stack. We also illustrate the wide range of potential use of Beacons by employing it in a distributed authentication scheme based on the Kuperee server.
History
Citation
Jiwa A, Hardjono T and Seberry J, Beacons for authentication in distributed systems, Journal of Computer Security, 4, (1996) 81-96.