A consistent history authentication protocol
Pages 1 - 7
Abstract
Traditional strong authentication systems rely on a certification chain to delegate the authority of trusting an intermediate end. However, in some practical life scenarios a relayed authentication is not accepted and thus it would be advisable a straight proof of trustiness with a direct interaction with the involved party. Our protocol introduces a registry of certified operations from which it descends the authentication and the consequent proof of identity. Despite the fact that such system requires for registrar initialization, the Consistent History Protocol provides a reasonable degree of reliability in identifying subjects at the steady state. As application, we deployed the protocol in the indirect electronic data collection scenario, where large data flows have to be exchanged and certified among a set of mutually trusted Institutions. The experimental results report the processing overhead introduced by the authentication protocol, which results negligible with respect a classical strong authentication method built around the OpenSSL library.
References
[1]
D. D. Steinauer, S. A. Wakid, and S. Rasberry, "Trust and Traceability in Electronic Commerce," in StandardView, vol. 5, 1997.]]
[2]
C. W. Higgins and L. P. S. Lubersky, "Legal Issues of Electronic Commerce: Activity Policies, Intelligent Agents and Ethical Transactions," presented at SGML/XML Europe, Paris, 1998.]]
[3]
A. McCullagh and W. Caelli, "Non-Repudiation in the Digital Environment," in First Monday, vol. 5: University of Illinois at Chicago Library, 2000.]]
[4]
"Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures," in Official Journal L 013, 19/01/2000 P. 0012 - 0020, 1999.]]
[5]
D. Kahn, The Codebreakers: Scribner, 1996.]]
[6]
J. Claessens, B. Preneel, and J. Vandewalle, "(How) Can Mobile Agents Do Secure Electronic Transactions on Untrusted Hosts? A Survey of the Security Issues and the Current Solutions," ACM Transactions on Internet Technology, vol. 3, pp. 28--48, 2003.]]
[7]
M. Fischer and N. Lynch, "A lower bound for the time to assure interactive consistency," Information Processing Letters, vol. 14, pp. 183--186, 1982.]]
[8]
G. Edjlali, A. Acharya, and V. Chaudhary, "History-based Access Control for Mobile Code," presented at 5th Conference on Computer and Communications Security, San Francisco, CA, USA, 1998.]]
[9]
L. Chen, D. Gollmann, and C. J. Mitchell, "Authentication Using Minimally Trusted Servers," ACM Operating Systems Review, vol. 31, pp. 16--28, 1997.]]
[10]
J. Viega, M. Messier, and P. Chandra, Network Security with OpenSSL: O'Reilly, 2002.]]
[11]
M. Stree and G. Sebastian, Cracking DES: Secrets of Encryption Research: O'Reilly & Associates, 1998.]]
[12]
T. Dierks and C. Allen, "The TLS Protocol," Certicom, RFC 2246, January 1999.]]
[13]
H. Beker, Cipher Systems: the Protection of Communications: John Wiley & Sons, 1983.]]
[14]
T. Bernes-Lee and M. McCahill, "Uniform Resource Locators," CERN, Geneva, RFC 1738, 1994.]]
[15]
P. LeMahieu and J. Bruck, "A Consistent History Link Connectivity Protocol," presented at Annual ACM Symposium on Principles of Distributed Computing, Puerto Vallarta, Mexico, 1998.]]
[16]
G. Rotondi, G. Mattioni, S. Bombelli, A. Allegra, A. Marsico, S. Losco, and A. Sorce, "The Data Flow Exchange Software," The CODACMOS Project, EUROSTAT, Helsinki, Technical Report September 2003.]]
Index Terms
- A consistent history authentication protocol
Recommendations
A Secure and Efficient Deniable Authentication Protocol
ICIE '09: Proceedings of the 2009 WASE International Conference on Information Engineering - Volume 02A deniable authentication can be used to provide secure negotiation on the Internet. Although many deniable authentication protocols have been proposed, most of them are interactive or vulnerable to various cryptanalytic attacks. To find a secure and ...
A Secure Strong-Password Authentication Protocol
Password authentication, which is widely used for authenticated method, also is important protocol by requiring a username and password before being allowed access to resources. In 2001, Lin et al. proposed the optimal strong-password authentication ...
Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol
Remote authentication of users supported by passwords is a broadly adopted method of authentication within insecure network environments. Such protocols typically rely on pre-established secure cryptographic keys or public key infrastructure. Recently, ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2006 Authors.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 May 2006
Published in SIGSOFT Volume 31, Issue 3
Check for updates
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 393Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 24 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in