Title :
Recent-secure authentication: enforcing revocation in distributed systems
Author :
Stubblebine, Stuart G.
Author_Institution :
AT&T Bell Labs., Holmdel, NJ, USA
Abstract :
A general method is described for formally specifying and reasoning about distributed systems with any desired degree of immediacy for revoking authentication. To effect revocation, `authenticating entities´ impose freshness constraints on credentials or authenticated statements made by trusted intermediaries. If fresh statements are not presented, then the authentication is questionable. Freshness constraints are derived from initial policy assumptions and authentic statements made by trusted intermediaries. By adjusting freshness constraints, the delay for certain revocation can be arbitrarily bounded. We illustrate how the inclusion of freshness policies within certificates enables the design of a secure and highly available revocation service. We illustrate the application of the method and new techniques in an example
Keywords :
distributed processing; formal specification; message authentication; authenticated statements; authenticating entities; authentication revocation; certificates; credentials; distributed systems; formal specification; fresh statements; freshness constraints; highly available revocation service; immediacy; initial policy assumptions; reasoning; recent-secure authentication; revocation enforcement; secure revocation service; trusted intermediaries; Authentication; Authorization; Business; Delay; Electronic commerce; Information retrieval; Network servers; Protection; Public key; Public key cryptography;
Conference_Titel :
Security and Privacy, 1995. Proceedings., 1995 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7015-0
DOI :
10.1109/SECPRI.1995.398935