In a large scale distributed environment or large open networks like WIDE Internet which is an academic and reserch network in Japan, the authentication system is the fundamental building block for providing security mechanisms. We have developed a trusted third-party authentication system called SPLICE|AS for the WIDE Interet. The authetication protocol adopted in SPLICE|AS is based on the public-key encryptosystem, originally proposed by Needham. We made several extensions to detct some sort of security attacks like replay attacks which were not considered in the original Needham's approach. Furthermore, the domain-based management scheme and protocol extensions are introduced to our system since management principals are scatterd across the WIDE Internet. The whole network is logically subdivided into several domains based on network management policies, and each domain is managed by a single authentication server. Then, the domain concept is applied in a hierarchical manner to provide the inter-domain access. An authentication server existing in an upper domain authorizes and controls inter-domain accesses between subdomains. This paper describes the design of SPLICE|AS, and its implementatins.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Suguru YAMAGUCHI, Kiyohiko OKAYAMA, Hideo MIYAHARA, "The Design and Implementation of an Authentication System for the Wide Area Distributed Environment" in IEICE TRANSACTIONS on Information,
vol. E74-D, no. 11, pp. 3902-3909, November 1991, doi: .
Abstract: In a large scale distributed environment or large open networks like WIDE Internet which is an academic and reserch network in Japan, the authentication system is the fundamental building block for providing security mechanisms. We have developed a trusted third-party authentication system called SPLICE|AS for the WIDE Interet. The authetication protocol adopted in SPLICE|AS is based on the public-key encryptosystem, originally proposed by Needham. We made several extensions to detct some sort of security attacks like replay attacks which were not considered in the original Needham's approach. Furthermore, the domain-based management scheme and protocol extensions are introduced to our system since management principals are scatterd across the WIDE Internet. The whole network is logically subdivided into several domains based on network management policies, and each domain is managed by a single authentication server. Then, the domain concept is applied in a hierarchical manner to provide the inter-domain access. An authentication server existing in an upper domain authorizes and controls inter-domain accesses between subdomains. This paper describes the design of SPLICE|AS, and its implementatins.
URL: https://global.ieice.org/en_transactions/information/10.1587/e74-d_11_3902/_p
Copy
@ARTICLE{e74-d_11_3902,
author={Suguru YAMAGUCHI, Kiyohiko OKAYAMA, Hideo MIYAHARA, },
journal={IEICE TRANSACTIONS on Information},
title={The Design and Implementation of an Authentication System for the Wide Area Distributed Environment},
year={1991},
volume={E74-D},
number={11},
pages={3902-3909},
abstract={In a large scale distributed environment or large open networks like WIDE Internet which is an academic and reserch network in Japan, the authentication system is the fundamental building block for providing security mechanisms. We have developed a trusted third-party authentication system called SPLICE|AS for the WIDE Interet. The authetication protocol adopted in SPLICE|AS is based on the public-key encryptosystem, originally proposed by Needham. We made several extensions to detct some sort of security attacks like replay attacks which were not considered in the original Needham's approach. Furthermore, the domain-based management scheme and protocol extensions are introduced to our system since management principals are scatterd across the WIDE Internet. The whole network is logically subdivided into several domains based on network management policies, and each domain is managed by a single authentication server. Then, the domain concept is applied in a hierarchical manner to provide the inter-domain access. An authentication server existing in an upper domain authorizes and controls inter-domain accesses between subdomains. This paper describes the design of SPLICE|AS, and its implementatins.},
keywords={},
doi={},
ISSN={},
month={November},}
Copy
TY - JOUR
TI - The Design and Implementation of an Authentication System for the Wide Area Distributed Environment
T2 - IEICE TRANSACTIONS on Information
SP - 3902
EP - 3909
AU - Suguru YAMAGUCHI
AU - Kiyohiko OKAYAMA
AU - Hideo MIYAHARA
PY - 1991
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E74-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 1991
AB - In a large scale distributed environment or large open networks like WIDE Internet which is an academic and reserch network in Japan, the authentication system is the fundamental building block for providing security mechanisms. We have developed a trusted third-party authentication system called SPLICE|AS for the WIDE Interet. The authetication protocol adopted in SPLICE|AS is based on the public-key encryptosystem, originally proposed by Needham. We made several extensions to detct some sort of security attacks like replay attacks which were not considered in the original Needham's approach. Furthermore, the domain-based management scheme and protocol extensions are introduced to our system since management principals are scatterd across the WIDE Internet. The whole network is logically subdivided into several domains based on network management policies, and each domain is managed by a single authentication server. Then, the domain concept is applied in a hierarchical manner to provide the inter-domain access. An authentication server existing in an upper domain authorizes and controls inter-domain accesses between subdomains. This paper describes the design of SPLICE|AS, and its implementatins.
ER -