DocumentCode :
2673626
Title :
Recent-secure authentication: enforcing revocation in distributed systems
Author :
Stubblebine, Stuart G.
Author_Institution :
AT&T Bell Labs., Holmdel, NJ, USA
fYear :
1995
fDate :
8-10 May 1995
Firstpage :
224
Lastpage :
235
Abstract :
A general method is described for formally specifying and reasoning about distributed systems with any desired degree of immediacy for revoking authentication. To effect revocation, `authenticating entities´ impose freshness constraints on credentials or authenticated statements made by trusted intermediaries. If fresh statements are not presented, then the authentication is questionable. Freshness constraints are derived from initial policy assumptions and authentic statements made by trusted intermediaries. By adjusting freshness constraints, the delay for certain revocation can be arbitrarily bounded. We illustrate how the inclusion of freshness policies within certificates enables the design of a secure and highly available revocation service. We illustrate the application of the method and new techniques in an example
Keywords :
distributed processing; formal specification; message authentication; authenticated statements; authenticating entities; authentication revocation; certificates; credentials; distributed systems; formal specification; fresh statements; freshness constraints; highly available revocation service; immediacy; initial policy assumptions; reasoning; recent-secure authentication; revocation enforcement; secure revocation service; trusted intermediaries; Authentication; Authorization; Business; Delay; Electronic commerce; Information retrieval; Network servers; Protection; Public key; Public key cryptography;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security and Privacy, 1995. Proceedings., 1995 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7015-0
Type :
conf
DOI :
10.1109/SECPRI.1995.398935
Filename :
398935
Link To Document :
بازگشت