The KryptoKnight family of light-weight protocols for authentication and key distribution
- 1 January 1995
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE/ACM Transactions on Networking
- Vol. 3 (1) , 31-41
- https://doi.org/10.1109/90.365435
Abstract
An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of comprehensive security subsystem prototype called KryptoKnight.Keywords
This publication has 18 references indexed in Scilit:
- Systematic design of a family of attack-resistant authentication protocolsIEEE Journal on Selected Areas in Communications, 1993
- A note on the use of timestamps as noncesACM SIGOPS Operating Systems Review, 1993
- A nonce-based protocol for multiple authenticationsACM SIGOPS Operating Systems Review, 1992
- Using one-way functions for authenticationACM SIGCOMM Computer Communication Review, 1989
- Efficient and timely mutual authenticationACM SIGOPS Operating Systems Review, 1987
- A key distribution protocol using event markersACM Transactions on Computer Systems, 1983
- A method for obtaining digital signatures and public-key cryptosystemsCommunications of the ACM, 1983
- Password securityCommunications of the ACM, 1979
- Using encryption for authentication in large networks of computersCommunications of the ACM, 1978
- A method for obtaining digital signatures and public-key cryptosystemsCommunications of the ACM, 1978