Publication Details

Thomas Hardjono and Jennifer Seberry, Authentication via multi-service tickets in the Kuperee server, 1994 European Symposium on Computer Security (ESORICS'94), ed. D.Gollmann, 875, Lecture Notes in Computer Science, Springer-Verlag, Berlin, 1994, pp 143-160.


The subject of this paper is the authentication services as found in the Kuperee3 server. The authentication protocol is based on the Zheng-Seberry public key cryptosystem, and makes use of the distinct features of the cryptosystem. Although couched in the terminology of Kerberos, the protocol has subtle features, such as the binding together of two entities by a third entity, leading to the need of equal co-operation by the two entities in order to complete the authentication procedure. Another important feature is the use of a multi-service ticket to access multiple services offered by different servers. This removes the need of the Client to consult the Trusted Authority each time it needs a service from a Server. In addition, this allows an increased level of parallelism in which several Servers may be concurrently executing applications on behalf of a single Client. The scheme is also extendible to cover a more global scenario in which several realms exist, each under the care of a trusted authority. Finally, the algorithms that implement the scheme are presented in terms of the underlying cryptosystem. Although the scheme currently employs a public key cryptosystem, future developments of the server may combine private key cryptosystems to enhance performance.