The present invention relates to a method of secure user authentication in a dynamic network and more particularly to a method of secure user authentication in which a service does not need to obtain authentication tickets for all dynamic services that could respond to a request in advance of enquiring of the dynamic services whether they can handle the request.
Kerberos is an authentication protocol for distributed networks of computers. Based on the Needham-Schroder Symmetric Key Protocol, it has gained widespread popularity and is supported on a wide range of platforms including Windows, Linux, Solaris, AIX, and z/OS (Kerberos is a trademark of Massachusetts Institute of Technology (MIT), Windows is a trademark of Microsoft Corp., Linux is a trademark of Linus Torvalds, Solaris is a trademark of Oracle America Inc. and AIX and z/OS are trademarks of International Business Machines Corporation).
The Kerberos protocol provides a secure connection between a client and a server providing a service using a central server, known as the Authentication Server (AS), which authenticates a client and also authenticates specified services that have registered with the Authentication Server (AS). The protocol is based on the use of tickets, which are short-lived credentials passed to services that a client would like to access. These tickets are obtained from a Ticket Granting Service (TGS). The specified services and the client each only work together when they confirm that the other is authenticated with the Authentication Server.
From its inception it was noted that the traditional Kerberos protocol presents a number of challenges in terms of its scalability and the potential vulnerability of a centralised certificate authority, the Authorisation Server (AS). This gave rise to significant research into alternative approaches that are better suited to a peer to peer authentication with various public key cryptographic (PKC) services being devised.
D. Boneh and X. Boyen, “Efficient selective-id secure identity-based encryption without random oracles”, Advances in Cryptology—EUROCRYPT 2004. Springer, 2004, pp. 223-38 discloses an identity based PKC (ID-PKC). Identity-based encryption (IBE) provides a public key encryption mechanism where a public key is an arbitrary string such as an e-mail address or a telephone number. The corresponding private key can only be generated by a Private Key Generator (PKG) which has knowledge of a master secret. In an IBE system, users authenticate themselves to the PKG and obtain private keys corresponding to their identities.
S. Al-Riyami and K. Paterson, “Certificateless public key cryptography”, Advances in Cryptology-ASIACRYPT 2003, pp. 452-73, 2003 discloses a certificateless public key cryptography (CL-PKC) scheme. In contrast to traditional public key cryptographic systems, CL-PKC does not require the use of certificates to guarantee the authenticity of public keys. It does rely on the use of a trusted third party (TTP) who is in possession of a master key. In these respects, CL-PKC is similar to identity-based public key cryptography (ID-PKC). On the other hand, CL-PKC does not suffer from the key escrow property that seems to be inherent in ID-PKC. Thus CL-PKC can be seen as a model for the use of public key cryptography that is intermediate between traditional certificated PKC and ID-PKC.
Nevertheless Kerberos has stood the test of time and given its wide range of platform support, particularly Windows, it is not surprising to find that it is widely adopted.
Kerberos is designed to work in systems where a service that can fulfil a client's request is known in advance, and the set of services involved in one request is small and constant. When employed in a dynamic network where multiple unknown services could respond to one request, the design does not work so well. A ticket must be requested for every service that could be involved in a request, and authentication must be carried out with each service prior to (or during) the request.
G. Bent, P. Dantressangle, D. Vyvyan, A. Mowshowitz, and V. Mitsou, “A dynamic distributed federated database” in Proc. 2nd Ann. Conf. International Technology Alliance, 2008 discloses the “GaianDB” Database, in which this set of services could be very large. A new type of database architecture is defined as a dynamic distributed federated database (DDFD). Biologically inspired principles of network growth combined with graph theoretic methods are used to develop and maintain the DDFD. The DDFD uses a ‘Store Locally Query Anywhere’ mechanism (SLQA), which provides for global access to data from any vertex in the database network.