TY - JOUR
T1 - The Krypto Knight Family of Light-Weight Protocols for Authentication and Key Distribution
AU - Bird, Ray
AU - Gopal, Inder
AU - Kutten, Shay
AU - Herzberg, Amir
AU - Yung, Moti
AU - Janson, Phil
AU - Molva, Refik
PY - 1995/2
Y1 - 1995/2
N2 - An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of a comprehensive security subsystem prototype called Krypto Knight, whose software and implementation aspects are discussed in [16], and which is the basis for the recently announced IBM Network Security Program product.
AB - An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of a comprehensive security subsystem prototype called Krypto Knight, whose software and implementation aspects are discussed in [16], and which is the basis for the recently announced IBM Network Security Program product.
UR - http://www.scopus.com/inward/record.url?scp=0029250361&partnerID=8YFLogxK
U2 - 10.1109/90.365435
DO - 10.1109/90.365435
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:0029250361
SN - 1063-6692
VL - 3
SP - 31
EP - 41
JO - IEEE/ACM Transactions on Networking
JF - IEEE/ACM Transactions on Networking
IS - 1
ER -