Scalability and flexibility in authentication services: the KryptoKnight approach

Janson, Philippe A.; Tsudik, Gene; Yung, Moti

doi:10.1109/infcom.1997.644526

Cited by 16 publications

(5 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The server can then decrypt the oreo, verify its authenticity and use the resulting key for generating MACs and verifying MACs received from the client. We note that given the stateless nature of web servers the idea of keeping state at users has been suggested before (perhaps for the first time in [12]), and is typically used for providing the server with encrypted keys/states in cookies, for the server to restore keys and common state. We describe the protocol below.…”

Section: The Protocolmentioning

confidence: 99%

Firm Grip Handshakes: A Tool for Bidirectional Vouching

Berkman

Pinkas

Yung

2012

Cryptology and Network Security

View full text Add to dashboard Cite

Clients trust servers over the Internet due to their trust in digital signatures of certification authorities (CAs) which comprise the Internet's trust infrastructure. Based on the recent DigiNotar attack and other attacks on CAs, we formulate here a very strong attack denoted "Certificate in The Middle" (CiTM) and propose a mitigation for this attack. The solution is embedded in a handshake protocol and makes it more robust: It adds to the usual aspect of "CA vouching" a client side vouching for the server "continuity of service," thus, allowing clients and server to detect past and future breaches of the trust infrastructure. We had simplicity, flexibility, and scalability in mind, solving the problem within the context of the protocol (with the underlying goal of embedding the solution in the TLS layer) with minor field changes, minimal cryptographic additions, no interaction with other protocol layers, and no added trusted parties.

show abstract

Section: The Protocolmentioning

confidence: 99%

Firm Grip Handshakes: A Tool for Bidirectional Vouching

Berkman

Pinkas

Yung

2012

Cryptology and Network Security

View full text Add to dashboard Cite

show abstract

“…Cookie-based solutions [36] were used against TCP connection-depletion (also known as TCP SYN) attacks [45,23], and in security protocols such as Photuris [32], IKE [22], JFK [2], and others [39,24]. More generally, The advantages of being stateless, at least in the beginning of a protocol run, were recognized in the context of security protocols in [27] and [4].…”

Section: Related Work On Puzzlesmentioning

confidence: 99%

The dual receiver cryptosystem and its applications

Diament

Lee

Keromytis

et al. 2004

Proceedings of the 11th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

We put forth the notion of a dual receiver cryptosystem and implement it based on bilinear pairings over certain elliptic curve groups. The cryptosystem is simple and efficient yet powerful, as it solves two problems of practical importance whose solutions have proven to be elusive before:(1) A provably secure "combined" public-key cryptosystem (with a single secret key per user in space-limited environment) where the key is used for both decryption and signing and where encryption can be escrowed and recovered, while the signature capability never leaves its owner. This is an open problem proposed by the work of Haber and Pinkas.(2) A puzzle is a method for rate-limiting remote users by forcing them to solve a computational task (the puzzle). Puzzles have been based on cryptographic challenges in the past, but the successful design of embedding a useful cryptographic task inside a puzzle, originally posed by Dwork and Naor, remained an open problem till today. We model and present "useful security puzzles" applicable in two scenarios: a secure fileserver, and an online transaction server (such as a webserver).

show abstract

“…Various recommendations on protocol design include use of client puzzles [23,3], stateless cookies [39], forcing clients to store server state, rearranging the order of computations in a protocol [18], and the use of a formal method framework for analyzing the properties of protocols with respect to DoS attacks [35]. The advantages of being stateless, at least in the beginning of a protocol run, were recognized in the security protocol context in [22] and [2]. The latter presented a 3-message version of IKE, similar to JFK, that did not provide the same level of DoS protection as JFK does, and had no identity protection.…”

Section: Internet Key Exchange (Ike)mentioning

confidence: 99%

Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols

et al. 2002

View full text Add to dashboard Cite

We describe JFK, a new key exchange protocol, primarily designed for use in the IP Security Architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK also has a number of novel engineering parameters that permit a variety of trade-offs, most notably the ability to balance the need for perfect forward secrecy against susceptibility to denial-of-service attacks.

show abstract

Scalability and flexibility in authentication services: the KryptoKnight approach

Cited by 16 publications

References 29 publications

Firm Grip Handshakes: A Tool for Bidirectional Vouching

Firm Grip Handshakes: A Tool for Bidirectional Vouching

The dual receiver cryptosystem and its applications

Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols

Contact Info

Product

Resources

About