I. Gopal scite author profile

The technique of preempting ongoing calls in order to accommodate new calls of greater "value" has been used in many existing networks. In this paper we investigate some problems that relate to making the best decision on which (if any) call to preempt. We provide some results on the computational complexity of these problems and on how well simple heuristic procedures can approximate the optimal strategy.

show abstract

Systematic Design of Two-Party Authentication Protocols

Bird¹,

Gopal

Herzberg

et al.

View full text Add to dashboard Cite

We investigate protocols for aathenticated exchange of messages between two parties in a communication network. Secure authenticated exchange is essential for network security. It is not difficult to design simple and seemingly correct solutions for it, however, many such 'solutions' can be broken. We give some examples of such protocols and we show a useful methodology which can be used to break many protocols. In particular, we break a protocol that is being standardized by the 1.50. We present a new authenticated exchange protocol which is both provably secare and highly eficienf and practical. The security of the protocol is proven, based on an assumption about the the cryptosystem employed (namely, that it is secure when used in CBC mode on a certain message space). We think that this assumption is quite reasonable for many cryptosystems, and furthermore it is often assumed in practical use of the DES cryptosystem. Our protocol cannot be broken using the methodology we present (which waa strong enough to catch all protocol flaws we found). The reduction to the security of the encryption mode, indeed captures the non-existence of the exposures that the methodology catches (specialized to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem. The proposed protocol is efficient and practical in several aspects. First, it uses only conventional cryptography (like the DES, or any privately-shared one-way function) and no public-key. Second, the protocol does not require synchronized clocks or counter management. Third, only a small number of encryption operations is needed (we use no decryption), all with a single shared key. In addition, only three messages are exchanged during the protocol, and the size of these messages is minimal. These properties are similar to existing and proposed actual protocols. This is essential for integration of the proposed protocol into existing systems and embedding it in existing communication protocols. 'R. Bird is with IBM Networkins Systems, I. Gopal, A. Heraberg, S. Kutten and M. Yung are with

show abstract

Systematic design of a family of attack-resistant authentication protocols

Bird

Gopal

Herzberg

et al. 1993

IEEE J. Select. Areas Commun.

121

View full text Add to dashboard Cite

The pervasive use of open networks and distributed systems poses serious threats to the security of end-to-end communications and network components themselves. A necessary foundation for securing a network is the ability to reliably authenticate communication partners and other network entities. One-way, password-based authentication techniques are not sufficient to cope with the issues at hand. Modern designs rely on two-way, cryptographic authentication protocols. However, most existing designs suffer from one or more limitations: They require synchronization of local clocks, they are subject to export restrictions because of the way they use cryptographic functions, they are not amenable to use in lower layers of network protocols because of the size and complexity of messages they use, etc. Designing such cryptographic protocols for large and dynamic network communities presents substantial challenges in terms of ease of use, efficiency, flexibility, and above all security. This paper discusses the above challenges, shows how a few simple protocols, including one being standardized by ISO, can easily be broken, and derives a series of desirable properties that authentication protocols should exhibit to meet the requirements of future large and dynamic network communities. Then the paper describes a methodology that was developed to systematically build a canonical description of a family of cryptographic two-way authentication protocols that are as simple as possible yet resistant to a wide class of attacks, efficient, easy to implement and use, and amenable to many different networking environments. It also discusses several possible embodiments of the canonical protocol that present various advantages in specific distributed system scenarios.

show abstract

The KryptoKnight family of light-weight protocols for authentication and key distribution

Bird

Gopal

Herzberg

et al. 1995

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

I. Gopal

Minimizing the Number of Switchings in an SS/TDMA System

Call preemption in communication networks

Systematic Design of Two-Party Authentication Protocols

Systematic design of a family of attack-resistant authentication protocols

The KryptoKnight family of light-weight protocols for authentication and key distribution

Contact Info

Product

Resources

About