Authentication in distributed systems

1 November 1992

journal article
Published by Association for Computing Machinery (ACM) in ACM Transactions on Computer Systems

Vol. 10 (4) , 265-310
https://doi.org/10.1145/138873.138874

Abstract

We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a “speaks for” relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegated authority. The theory shows how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed security mechanisms. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, program loading, delegation, access control, and revocation.

Keywords

This publication has 13 references indexed in Scilit:

The MD4 Message Digest Algorithm
Published by Springer Nature ,2001
Authentication and delegation with smart-cards
Published by Springer Nature ,1991
Network security via private-key certificates
ACM SIGOPS Operating Systems Review, 1990
A logic of authentication
ACM Transactions on Computer Systems, 1990
Exponentiation cryptosystems on the IBM PC
IBM Systems Journal, 1990
Using encryption for authentication in large networks of computers
Communications of the ACM, 1978
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM, 1978
New directions in cryptography
IEEE Transactions on Information Theory, 1976
A lattice model of secure information flow
Communications of the ACM, 1976
Protection
ACM SIGOPS Operating Systems Review, 1974