Distributed System Authentication
Next: The Need: Identity
Up: Robust Authentication Procedures
Previous: Identification and Authentication
According to [WL92], there are three main types of
authentication in a distributed computing system.
- Message Content Authentication: the ability to verify that
the message received is exactly the message that was sent.
Message Content Authentication can be achieved by:
National Institute of Standards and Technology (NIST) Federal
Information Processing Standard Publication (FIPS PUB) 113,
``Computer Data Authentication'' [FIP85]
provides information on the use
of NIST approved Message Authentication Code Standard, while the
Draft FIPS PUB ``Digital Signature Standard'' [FIP93c]
describes the NIST proposed digital signature standard.
- applying a cryptographic checksum called a message authentication code
- by applying a public-key digital signature.
- Message Origin Authentication: The ability to verify that the
actual sender of a received message is in fact the sender
claimed in the message. Using a symmetric (secret key)
cryptosystem, the receiver of a message can be assured of the
validity of the sender since only the sender and receiver of the
message possess the key used to encrypt the message. This type
of system needs a trusted third party, however, to provide a
non-repudiation service. In an asymmetric (public key)
cryptosystem, the use of a public key or digital signature can
provide message origin authentication.
- General Identity Authentication: the ability to verify that
a principal's identity is who is claimed. It is this type of
authentication that is the focus of Section 10.4. The other two
types of authentication, message content authentication and
message origin authentication will be discussed when they are
coupled with identity authentication in the authentication
systems that will be examined.
Fri Oct 7 16:17:21 EDT 1994