%0 Conference Proceedings %A Anderson, Ross J. %D 1992 %T UEPS - A Second Generation Electronic Wallet %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 411-418 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Applications %L Anderson92 %X UEPS, the Universal Electronic Payment System, is an electronic funds transfer product which is well suited to developing country environments, where poor telecommunications make offline operation necessary. It is designed around smartcard based electronic wallet and chequebook functions: money is loaded from the bank, via bank cards, to customer cards, to merchant cards, and finally back to the bank through a clearing system. This architecture is uniquely demanding from the point of view of security. As far as we are aware, UEPS is the first live financial system whose authentication protocol was designed and verified using formal analysis techniques. This was achieved using an extension of the Burrows-Abadi-Needham (BAN) logic, and raises some interesting questions: firstly, such formal logics had been thought limited in scope to verifying mutual authentication or key sharing; secondly, our work has found hidden assumptions in BAN, and a problem with the postulates of the Gong-Needham-Yahalom logic (GNY), both concerning freshness; thirdly, we highlight the need for a formalism to deal with cryptographic chaining; and fourthly, this type of formal analysis turns out to be so useful that we believe it should be routine for financial and security critical systems. %0 Conference Proceedings %A Boyd, Colin %D 1992 %T A Formal Framework for Authentication %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 273-292 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication II %K Authentication protocols, formal models, security standards %L Boyd92 %X This paper presents an abstract formal framework for authentication using the standardised formal description technique LOTOS. The purpose of this framework is to investigate the abstract definition of authentication in a standardised formal language and to illustrate how to put some recent standardisation activities on a formal basis. Two authentication protocols are specified as examples of how the framework may be used in the specification and analysis of authentication. %0 Conference Proceedings %A Bull, John A. %A Gong, Li %A Sollins, Karen R. %D 1992 %T Towards Security in an Open Systems Federation %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 5-20 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Access Control %L BGS92 %X This paper argues that security desing for Open Distributed Processing (ODP) would benefit from a shift of focus from the infrastructure to individual servers as the owners and enforcers of security policy. It debates the policy nuances, mechanisms, and protocol design consequences, that would follow from such a change of emphasis. In ODP, physically separate systems federate into heterogeneous networks of unlimited scale, so there can be no central authority, nor ubiquitous security infrastructure. Servers that offer, trade, supply and consume services must maintain their own security policies and defend themselves. For servers to take security policy and enforcement devisions, design is concerned with how they might seek advice and guidance from higher authority. This contrasts with an administrator imposed policy on a closed homogeneous network, where an infrastructure enforces administrator declared access rights to potential clients, including rights to delegate rights. %0 Conference Proceedings %A Calas, Christel %D 1992 %T GDoM: A Multilevel Document Manager %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 393-408 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F System Architectures %K computer security, multilevel security, mls application, mls document manager, mls Unix kernel %L Calas92 %X This paper presents GDoM, a multilevel security document manager. GDoM is an application that offers to diversely cleared users, secure services to store, consult, manage and transfer classified information. It relies on a specific Unix kernel, a multilevel network and a particular machine (M2S: Machine for Multilevel Security) which enforce a complete multilevel security of their data and their processes. This multilevel security makes it possible to enforce a complete security inside an untrusted application like GDoM. %0 Conference Proceedings %A d'Ausbourg, Bruno %A Llareus, Jean-Henri %D 1992 %T M2S: A Machine for Multilevel Security %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 373-391 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F System Architectures %L AL92 %X In this paper we describe the architecture of a computer machine ensuring a protection for data and processes of various classification levels, concurrently running on behalf of various cleared users. The security, enforced by a hardware security subsystem, is based on an internal information flow control that prevents building any illicit channel. Mechanisms and services of standard operating systems may be built on this machine. It permits also to build and manage multilevel data structures and multilevel computations which are able to satisfy the highest security requirement of new applications. %0 Conference Proceedings %A Daemen, Joan %A Govaerts, René %A Vandewalle, Joos %D 1992 %T A Hardware Design Model for Cryptographic Algorithms %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 417-434 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Applications %K Hardware cryptography, stream ciphers, block ciphers, cryptographic hash functions, pseudorandom sequence generators %L DGV92 %X A hardware implementation model is proposed that can be used in the design of stream ciphers, block ciphers and cryptographic hash functions. The cryptographic finite state machine (CFSM) model is no mathematical tool, but a set of criteria that have to be met by a real hardware finite state machine that will be used in the implementation of a cryptographic algorithm. Diffusion is studied by means of the diffusion graph and dependency matrix. For the study of confusion differential cryptanalysis is used. In the paper the design of a high-speed cryptographic coprocessor is presented called Subterranean. This coprocessor can be used for both cryptographic pseudorandom sequence generation and cryptographic hashing. It can be implemented in a straightforward way as (part of) a chip. The small gate-delay allows high clockfrequencies, and even a moderate estimation of 20 MHz leads to a (stream-)encryption speed of 0.3 Gbit/s and hashing speed of 0.6 Gbit/s. %0 Conference Proceedings %A Desmedt, Yvo %D 1992 %T Breaking the Traditional Computer Security Research Barriers %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 125-138 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Invited Talk %L Desmedt92 %X The security of networked computers must be dramatically improved. Other research disciplines may be useful in achieving this goal. Some topics being studied in computer security are being investigated in cryptography also. We overview some progress made in cryptography in these topics. We propose how increasing the use of cryptography in computer security can be helpful in designing more secure hardware and software for a future generation of computers. %0 Conference Proceedings %A Fabre, Jean-Charles %A Randell, Brian %D 1992 %T An Object-Oriented View of Fragmented Data Processing for Fault and Intrusion Tolerance in Distributed Systems %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 193-208 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Distributed Systems %L FR92 %X This paper describes a technique, called Object-Oriented Fragmented Data Processing, for jointly improving the reliability and security with which distributed computing systems process sensitive information. The technique protects the information contained in, and the processing performed by, a given object by first fragmenting the object into the subsidiary objects of which it is composed. It then relies on (i) the correct execution of a majority of a set of copies of these subsidiary objects, and (ii) the reliable storage of a majority of a set of copies of each of these subsidiary objects, having distributed the subsidiary objects widely across a number of computers in a distributed computing system. The intent is to impede intruders and to tolerate faults, and involves ensuring that an isolated subsidiary object is not significant, due to the lack of information it would provide to a potential intruder. This technique can be applied to application objects and/or to the objects used in the implementation of the basic object-oriented system. The paper illustrates the technique using a detailed example, of an "electronic diary", that has been designed using Eiffel, and experimented with using the DELTA-4 Support Environment. %0 Conference Proceedings %A Habra, Naji %A Le Charlier, Baudouin %A Mathien, Isabelle %A Abdelaziz, Mounji %D 1992 %T ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 435-450 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Applications %L HCMA92 %X After a brief survey of the problems related to audit trail analysis and of some approaches to deal with them, the paper outlines the project ASAX which aims at providing an advanced tool to support such analysis. One key feature of ASAX is its elegant architecture build on top of a universal analysis tool allowing any audit trail to be analysed after a straight forward adaptation. Another key feature of the project ASAX is the language RUSSEL used to express queries on audit trails. RUSSEL is a rule-based language which is tailor-made for the analysis of sequential files in one and only one pass. The conception of RUSSEL makes a good compromise with respect to the needed efficiency on the one hand and to the suitable declarative look on the other hand. The language is illustrated by examples of rules for the detection of some representative classical security breaches. %0 Conference Proceedings %A Hauser, Ralf C. %D 1992 %T Verification and Modelling of Authentication Protocols %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 141-154 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication I %L Hauser92 %X With the emergence of numerous distributed services, the importance of electronic authentication in networks is rapidly increasing. Many authentication protocols have been proposed and discussed. Burrows, Abadi and Needham created a logic of authentication to formally analyze authentication protocols. This BAN-logic has been subject to critique and several extensions have been suggested. Nonetheless, due to its straightforward design and its ease-of-use, it attracts the attention of current research. In this paper, an authentication logic is proposed which is built closely after the BAN-logic. It addresses answers to important criticisms of BAN like the non-disclosure problem, and avoids some newly discovered weaknesses of BAN, e.g. with respect to freshness. It also does not require any idealization which is a major hurdle to the correct usage of BAN. This extended BAN-logic is instrumented as a verification tool which also allows for modelling the different protocols participants as finite state machines. Also, actions of intruders, consequences of such intrusions, and the respective counter-measures can be modelled and simulated. %0 Conference Proceedings %A He, Jingsha %A Gligor, Virgil D. %D 1992 %T Formal Methods and Automated Tool for Timing-Channel Identification in TCB Source Code %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 57-75 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Formal Methods %L HG92 %X We characterize the properties of timing channels that are reflected in source code and present formal methods for the identification of these channels in source code of trusted computing bases (TCBs). Our study differs significantly from previous ones which focus on a high-level characterization of timing channels without leading to practical methods for their identification. We also discuss how to integrate the formal methods presented into the automated system that has been previously developed for storage-channel identification to build an automated tool for timing-channel identification in TCB source code which, otherwise, is still carried out in an ad-hoc way due to the lack of general and practical methods. The presented methods, however, cannot be directly applied for detecting hardware channels that result from hardware system configurations. %0 Conference Proceedings %A Jones, Andrew J. I. %A Sergot, Marek %D 1992 %T Formal Specification of Security Requirements using the Theory of Normative Positions %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 103-121 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Formal Methods %L JS92 %X We use a number of the examples presented in Ting1990 to illustrate how the formal theory of normative positions may serve as a tool for clarifying, and making precise, the specification of security requirements, particularly in regard to access control. We describe the basic features of the theory of normative positions (which has its roots in the analytical theory of law), and of the modal logics (deontic and action logics) involved in its formulation. We the indicate three levels of software we have under development, which aim to turn the analytical procedures into a practical tool. Our concluding remarks relate our discussion of Ting's examples to some particular issues in the formal specification of computer systems. %0 Conference Proceedings %A Kang, I.E. %A Keefe, T.F. %D 1992 %T On Transaction Processing for Multilevel Secure Replicated Databases %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 329-347 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Database Security %K Transaction processing, Multilevel secure, Replicated database, Global transaction manager %L KK92 %X Transaction scheduling in MultiLevel Secure (MLS) replicated databases has received much attention recently. However, several proposed protocols exhibit subtle flaws which can result in schedules which are not serializable. In this paper, we explain the problem and present a transaction scheduling protocol for MLS replicated databases free from this problem. We also show the protocol is one-copy serializable and demonstrate that it is secure. In addition, our protocol requires only a small trusted portion and it accepts a larger class of transactions (those that can "write-up") than previous protocols. It is interesting that the protocol can be adopted for use with heterogeneous databases because it does not require an atomic commitment protocol, and does not assume homogeneous concurrency control and recovery algorithms in local databases. %0 Conference Proceedings %A Kelter, Udo %D 1992 %T Type-Level Access Controls for Distributed Structurally Object-Oriented Database Systems %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 21-40 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Access Control %L Kelter92 %K views, discretionary access controls, object-oriented database systems, distribution, multiple inheritance, group-orientation, access control lists %X Structurally object-oriented database systems are a new class of dedicated data storage systems which are intented to form the basis of CAD, CASE and other design environments which are to support large, distributed development teams. Several concepts of discretionary access controls (DAC) for such systems have been proposed; these concepts support nested complex objects and nested working groups. However, they do not support roles in development teams such as designers, reviewers, managers, etc., whose access rights are typically given in terms of object types rather than only in terms of objects. This paper presents a concept of type-level DAC which is intended to complement the instance-level DAC and to support roles in development projects. The concept consists of a formal model of the state of the object base with regard to access controls and a formula which derives from this state and the security context of a process the type-rights of this process. Our model has virtually no built-in, enforced policies; it allows users to realize a wide range of application-specific security policies. It supports multiple inheritance; in order to prevent inconsistent rights on types with common subtypes, certain consistency constraints are introduced. The model is group-oriented in that it supports nested working groups and inheritance of rights along group hierarchies. Access to individual types can be explicitly denied. It is implementable in a distributed system; the administration of rights can be fully decentralized. %0 Conference Proceedings %A Kessler, Volker %D 1992 %T On the Chinese Wall Model %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 41-54 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Access Control %L Kessler92 %X We present a modified version of the Chinese Wall model. Especially, we make some investigations on the indirect information flow induced by the write access. In the original Brewer-Nash model the write permission is very restricted. There a subject can get write access to one object only and only during early states of the system. We change this rule and introduce a dynamic concept of the "conflict of interest relation". Thus, we prevent an indirect information flow by building more Chinese Walls. Finally, we prove that the system is "conflict secure", i.e. a subject can never get sensitive information from two or more objects which are in conflict of interest to each other. %0 Conference Proceedings %A Lam, Kwok-Yan %A Gollmann, Dieter %D 1992 %T Freshness Assurance of Authentication Protocols %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 261-271 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication II %K Distributed operating systems, authentication protocols, network security, clock synchronization protocol %L LG92 %X This paper describes various ways of providing freshness assurance of authentication protocols. It approaches the issue bu discussing the notion of time in distributed authentication. In the context of authentication, we identify the places where the concept of time is needed, and describe the ways that timeliness of authentication protocols can be achieved. %0 Conference Proceedings %A Lam, Kwok-Yan %A Beth, Thomas %D 1992 %T Timely Authentication in Distributed Systems %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 293-303 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication II %K Distributed operating systems, authentication protocols, interprocess communications %L LB92 %X This paper discusses the use of time in distributed authentication. Our first objective is to give reasons for the provision of authentication protocols whose correctness depends on the correct generation of timestamps. Our second objective is to explain that this proposal is not, at least theoretically, as insecure as it first seems to be. The conclusion of this paper motivated our current effort of designing a secure clock synchronization protocol as a part of our overall goal of building a secure distributed system. %0 Conference Proceedings %A Molva, Refik %A Tsudik, Gene %A Van Herreweghen, Els %A Zatti, Stefano %D 1992 %T KryptoKnight Authentication and Key Distribution System %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 155-174 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication I %L MTHZ92 %X This paper describes KryptoKnight, an authentication and key distribution system that provides facilities for secure communication in any type of network environment. KryptoKnight was designed with the goal of providing network security services with a high degree of compactness and flexibility. Message compactness of KryptoKnight's protocols allows it to secure communication protocols at any layer, without requiring any major protocol augmentations in order to accommodate security-related information. Moreover, since KryptoKnight avoids the use of bulk encryption it is easily exportable. Owing to its architectural flexibility, KryptoKnight functions at both endpoints of communication can perform different security tasks depending on the particular network configuration. These and other novel features make KryptoKnight an attractive solution for providing security services to existing applications irrespective of the protocol layer, network configuration or communication paradigm. %0 Conference Proceedings %A Pernul, G. %D 1992 %T Security Constraint Processing in Multilevel Secure AMAC Schemata %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 349-370 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Database Security %L Pernul92 %X We describe the design environment AMAC which may be used as an aid for the construction of multilevel secure databases. The technique proposed consists of high-level data and security modeling using entity-relationship techniques, a decomposition approach for the construction of single level fragments from multilevel base relations, a supporting policy for the automated determination of labels for security objects and subjects, and security enforcement by using database triggers. As in most security critical civil database applications labeled data items are not available the proposed approach serves well as an underluing basis for the construction of a computerized design tool that aids a human database or security administrator during the different phases of the construction of a MLS database. %0 Conference Proceedings %A Sandhu, Ravi S. %A Jajodia, Sushil %D 1992 %T Polyinstantiation for Cover Stories %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 307-328 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Database Security %L SJ92 %X In this paper we study the use of polyinstantiation, for the purpose of implementing cover stories in multilevel secure relational database systems. We define a particular semantics for polyinstantiation called PCS (i.e., polyinstantiation for cover stories). PCS allows two alternatives for each attribute (or attribute group) of a multilevel entity: (i) no polyinstantiation, or (ii) polyinstantiation at the explicit request of a user to whom the polyinstantiation is visible. PCS strictly limits the extent of polyinstantiation by requiring that each entity in a multilevel relation has at most one tuple per security class. We demonstrate that PCS provides a natural, intuitive and useful technique for implementing cover stories. A particularly attractive feature of PCS is its run-time flexibility regarding the use of cover stories. A particular attribute may have cover stories for some entities and not for others. Even for the same entity, a particular attribute may be polyinstantiated at some time and not at other times. %0 Conference Proceedings %A Tarah, Anas %A Huitema, Christian %D 1992 %T Associating Metrics to Certification Paths %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 173-189 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication I %L TH92 %X This paper presents a part of our work on open systems' security in conformance with the X509 framework. The Chimaera model tries to cover all X509's lacks especially for what concerns Certification Authorities CA. Although our primary concern was the elaboration of a security scheme, we quickly meet the need for a convenient distribution of CAs and the manipulation of both certificates and certification paths. The main trends of the scheme are: the elaboration of the CA concepts, the elaboration of a communication protocol between these authorities by and the introduction of the evaluation notion of both certificates and Certification Paths CP. In the first part, a brief introduction to major security trends and mechanisms is given, the some implementations and standards are cited. At this level, deficiencies of actual models and the need of more convenient scheme are shown. In the next part, main trends of the Chimaera and its OSI environment are presented. We describe the a protocol for the exchange and evaluation of both certificates and CP, Certification Paths, hence ensuring a secure propagation of trust and knowledge over the network. Finally, the added value of the given scheme is discussed in relation to certificate's establishment and revocation. %0 Conference Proceedings %A Toussaint, Marie-Jeanne %D 1992 %T Separating the Specification and Implementation Phases in Cryptology %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 77-101 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Formal Methods %K cryptology, security, cryptographic protocol, formal verification, knowledge state, protocol execution tree %L Toussaint92 %X We propose to separate the specification and implementation phases in the conception of the cryptographic protocols. The specification phase describes the logic of the protocol. We develop a method for formally verifying this logic before the publication of the protocol. The implementation phase contains the choice of an appropriate cryptographic function. %0 Conference Proceedings %A Tsudik, Gene %D 1992 %T Policy Enforcement in Stub Autonomous Domains %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 229-257 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Distributed Systems %K inter-domain communication, authentication protocols, data integrity, communication security, network protocols, internetworking %L Tsudik92 %X Interconnection across administrative boundaries prompts the need for comprehensive policy enforcement (i.e., access control) with respect to inter-domain packet traffic. Due to the nature of the communication services they provide, stub and transit domains require different mechanisms for policing inter-domain traffic. This paper addresses the design of a policy enforcement mechanism geared specifically towards stub domains. With the aid of some basic concepts borrowed from Visa protocol, a much more powerful mechanism is developed and analyzed. Protocol implementation and experimental results are discussed. %0 Conference Proceedings %A Wang, Michael %A Goscinski, Andrzej %D 1992 %T The Development and Testing of the Identity-based Conference Key Distribution System for the RHODOS Distributed System %J Second European Symposium on Research in Computer Security (ESORICS 92) %E Deswarte, Y. %E Eizenberg, G. %E Quisquater, J.-J. %I Springer-Verlag %C Toulouse, France %6 1 %P 209-228 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Distributed Systems %K Identity-based conference key distribution, authentication, distributed operating systems, distributed systems %L WG92 %X In this paper, we demonstrate that it is possible to develop an authentication service as an integral part of a distributed operating system, subject to some requirements and extensions to the original Koyama-Ohta system. The basic RHODOS requirement is that users cannot be trusted, and therefore they cannot hold any cryptographic parameters, but their own passwords. The Authentication Service supported by the RHODOS distributed operating system provides the following operations: the distribution of the initial cryptographic parameters, user login authentication, one-way and two-way authentication, and conference authentication. The operational properties have been demonstrated by setting up a conference and authenticating conference participants in different circumstance.