20. Password Authentication With Insecure Authendication
of 3
-
Upload
stopnaggingme -
Category
Documents
-
view
256 -
download
0
Transcript of 20. Password Authentication With Insecure Authendication
-
8/12/2019 20. Password Authentication With Insecure Authendication
1/3
a m p l e , a v o i c e p r i n t . S u c h a m e c h a n i s m i s b e y o n d t h es c o p e o f t h i s p a p e r , s o w e r e s t r ic t o u r s e l v e s t o t h e p r o b -l e m o f r e m o v i n g t h e f i r s t t w o w e a k n e s s e s .
T e c h n i c a l N o t eO p e r a t i n g S y s t e m s A n i t a K . J o n e sE d i t o rP a s s w o r d A u t h e n t i c a t i o n w i t hI n s e c u r e C o m m u n i c a t i o nL e s l i e L a m p o r tS R I I n t e r n a t i o n a l
A m e t h o d o f u s e r p a s s w o r d a u t h e n t i c a t i o n i s d e -s c r i b e d w h i c h i s s e c u r e e v e n i f a n i n t r u d e r c a n r e a d t h es y s t e m s d a t a , a n d c a n t a m p e r w i t h o r e a v e s d r o p o n t h ec o m m u n i c a t i o n b e t w e e n t h e u s e r a n d t h e s y s t em . T h em e t h o d a s s u m e s a s e c u r e o n e - w a y e n c r y p t io n f u n c ti o na n d c a n b e i m p l e m e n t e d w i t h a m i c r o c o m p u t e r i n t h eu s e r s t e r m i n a l .
K e y W o r d s a n d P h r a s e s : s e c u r i t y , a u t h e n t i c a t i o n ,p a s s w o r d s , o n e - w a y f u n c t i o nC R C a t e g o r i e s : 4 . 3 5 , 4 . 3 9
I . T h e P r o b l e mI n r e m o t e l y a c c e s se d c o m p u t e r s y s t e m s , a u s e r i d e n -
t i fi e s h i m s e l f t o t h e s y s t e m b y s e n d i n g a s e c r e t p a s s w o r d .T h e r e a r e t h r e e w a y s a n i n t r u d e r c o u l d l e a r n t h e u s e r ' ss e c r e t p a s s w o r d a n d t h e n i m p e r s o n a t e h i m w h e n i n t e r -a c t i n g w i t h t h e s y s t e m :( 1 ) B y g a i n i n g a c c e s s t o t h e i n f o r m a t i o n s t o r e d i n s i d e
t h e s y s t e m , e .g . , r e a d i n g t h e s y s t e m ' s p a s s w o r d f i le .( 2 ) B y i n t e r c e p ti n g t h e u se r ' s c o m m u n i c a t i o n w i t h t h es y s t e m , e . g . , e a v e s d r o p p i n g o n t h e l i n e c o n n e c t i n gt h e u s e r ' s t e r m i n a l w i t h t h e s y s te m , o r o b s e r v i n g t h ee x e c u t i o n o f t h e p a s s w o r d c h e c k i n g p r o g r a m .
( 3 ) B y th e u s e r ' s i n a d v e r t e n t d i s c lo s u r e o f h i s p a s s w o r d ,e . g. , c h o o s i n g a n e a s i l y g u e s s e d p a s s w o r d .
T h e t h i r d p o s s i b i l i t y c a n n o t b e p r e v e n t e d b y a n yp a s s w o r d p r o t o c o l , s i n c e t w o i n d i v i d u a l s p r e s e n t i n g t h es a m e p a s s w o r d i n f o r m a t i o n c a n n o t b e d i s t i n g u i s h e d b yt h e s y s t e m . E l i m i n a t i n g t h i s p o s s i b i l i t y r e q u i r e s s o m em e c h a n i s m f o r p h y s i c a l l y i d e n t i f y i n g t h e u s e r - - f o r e x -
P e r m i s s i o n t o c o p y w i t h o u t f e e a l l o r p a r t o f t h i s m a t e r ia l i sg r a n t e d p r o v i d e d t h a t t h e c o p i e s a re n o t m a d e o r d i s t r i b u t ed f o r d i r e c tc o m m e r c i a l a d v a n t a g e , t h e A C M c o p y r i g h t n o t i c e a n d t h e t i t l e o f t h ep u b l i c a t i o n a n d i t s d a t e a p p e a r , a n d n o t i c e i s g i v e n t h a t c o p y i n g i s b yp e r m i s s i o n o f th e A s s o c i a t i o n f o r C o m p u t i n g M a c h i n e r y . T o c o p yo t h e r w i s e , o r t o r e p u b l i s h , r e q u i r e s a f e e a n d / o r s p e c i fi c p e rm i s s i o n .T h i s w o r k w a s f u n d e d i n p a r t b y t h e N a t i o n a l S c i e n ce F o u n d a t i o nu n d e r G r a n t N o . M C S - 7 8 1 6 7 8 3 .A u t h o r ' s a d d r e s s : L e s l i e L a m p o r t , S R I I n t e r n a ti o n a l , 3 3 3 R a v e n s -w o o d A v e n u e , M e n l o P a r k , C A 9 40 25 19 8 1 A C M 0 0 0 1 - 0 7 8 2 / 8 1 / 110 0 - 7 7 0 $ 0 0 . 75 .7 7 0
I I. T h e S o l u t i o nT h e f ir s t w e a k n e s s c a n b e e l i m i n a t e d b y u s i n g a one-way unc t ion t o e n c o d e t h e p a ss w o r d . A o n e - w a y f u n c t i o ni s a m a p p i n g F f r o m s o m e s e t o f w o r d s i n t o i t s e l f s u c hth a t :
( 1 ) G i v e n a w o r d x , i t i s e a s y t o c o m p u t e F ( x ) .( 2 ) G i v e n a w o r d y , i t i s n o t f e a s i b le t o c o m p u t e a w o r dx su ch t h a t y = F ( x ) .
W e w i ll n o t b o t h e r t o s p e c i fy p r e c i se l y w h a t e a s y a n df e a s i b l e m e a n , s o o u r r e a s o n i n g w il l b e i n fo r m a l . N o t e
t h a t g i v e n F ( x ) , i t i s a l w a y s p o s s i b l e t o f r e d x b y a ne x h a u s t i v e s e a r c h . W e r e q u i r e t h a t s u c h a c o m p u t a t i o nb e t o o c o s t l y t o b e p r a c t ic a l . A o n e - w a y f u n c t i o n F c a nb e c o n s t r u c t e d f r o m a s e c u r e e n c r y p t i o n a l g o ri t h m : o n ec o m p u t e s F ( x ) b y e n c r y p t i n g a s t a n d a r d w o r d u s i n g xas a k ey [ 1 ] .I n s t e a d o f s to r i n g t h e u s e r ' s p a s s w o r d x , t h e s y s t e ms t o re s o n l y t h e v a l u e y = F ( x ) . T h e u s e r i d e n ti f ie s h i m s e l fb y s e n d i n g x t o t h e s y s t e m ; t h e s y s t e m a u t h e n t i c a t e s h i si d e n t i t y b y c o m p u t i n g F ( x ) a n d c h e c k i n g t h a t i t e q u a l st h e s t o r e d v a l u e y . A u t h e n t i c a t i o n i s e a s y , s i n c e o u r f i r s ta s s u m p t i o n a b o u t F i s t h a t i t i s e a s y t o c o m p u t e F ( x )f r o m x . A n y o n e e x a m i n i n g t h e s y s t e m ' s p e r m a n e n t l ys t o r e d i n f o r m a t i o n c a n d i s c o v e r o n l y y , a n d b y t h e s e c o n da s s u m p t i o n a b o u t F i t w i l l b e i n f e a s i b l e f o r h i m t oc o m p u t e a v a l u e x s u c h t h a t y = F ( x ) . T h i s i s a w i d e l yu s e d s c h e m e , a n d i s d e s c r i b e d i n [ 2 ] a n d [ 3 ] .W h i l e r e m o v i n g t h e f ir s t w e a k n e s s , t h is m e t h o d d o e sn o t e li m i n a t e t h e s e c o n d - - a n e a v e s d r o p p e r c a n d i s c o v e rt h e p a s s w o r d x a n d s u b s e q u e n t l y i m p e r s o n a t e t h e u s e r .T o p r e v e n t t h is , o n e m u s t u s e a s e q u e n c e o f p a s sw o r d sx l , x 2 . . . . x l0 oo , w h e r e x i i s t h e p a s s w o r d b y w h i c h t h eu s e r i d e n t i f i e s h i m s e l f f o r t h e i t h t i m e . ( O f c o u r s e , t h ev a l u e 1 0 0 0 i s q u i t e a r b i t r a r y . T h e a s s u m p t i o n w e w i llt a c i t l y m a k e i s t h a t 1 0 0 0 i s s m a l l e n o u g h s o t h a t i t i s
f e a s i b l e t o p e r f o r m 1 00 0 e a s y c o m p u t a t i o n s . ) T h es y s t e m m u s t k n o w t h e s e q u e n c e f l l . . . . . fll0O O, w h e r ey i = F (x i ) , a n d t h e y i m u s t b e d i s t in c t t o p r e v e n t a ni n t r u d e r f r o m r e u s i n g a p r i o r p a s s w o rd .
T h e r e a r e t w o o b v i o u s s c h e m e s f o r c h o o s i n g t h ep asswo rd s x ~ .( 1 ) A l l th e x~ a r e c h o s e n i n i ti a l ly , a n d t h e s y s t e m m a i n -t a i n s t h e e n t i r e s e q u e n c e o f v a l u e s y l . . . . . y ~o oo n
i t s s t o rag e .( 2 ) T h e u s e r s e n d s t h e v a l u e yi+~ t o t h e s y s t e m d u r i n gt h e i t h s e s s i o n - - a f t e r l o g g i n g o n w i t h x ~ .N e i t h e r s c h e m e i s c o m p l e t e l y s a t i s f a c t o r y : t h e f i r s t b e -c a u s e b o t h t h e u s e r a n d t h e s y s t e m m u s t s t o r e 1 0 0 0p i e c e s o f i n f o r m a t i o n , a n d t h e s e c o n d b e c a u s e i t i s n o tr o b u s t - - c o m m u n i c a t i o n f a il u re o r i n t e rf e r e n ce f r o m a nC o m m u n i c a t i o n s N o v e m b e r 1 98 1o f V o l u m e 2 4t h e A C M N u m b e r 11
-
8/12/2019 20. Password Authentication With Insecure Authendication
2/3
i n t r u d e r c o u l d p r e v e n t t h e s y s t e m f r o m l e a r n i n g t h ec o r r e c t v a l u e o f y i+ l. W e p r e s e n t h e r e a m e t h o d t h a tc o m b i n e s t h e b e s t f e a t u r e s o f b o t h s c h e m e s w i t h o u t t h e s ed r a w b a c k s .
O u r s o l u t i o n i s t o l e t t h e i t h p a s s w o r d xi e q u a lF'-i (x) f o r s o m e f i x e d w o r d x , w h e r e F n d e n o t e s ns u c c e s s iv e a p p l i c a t i o n s o f F . T h u s , t h e s e q u e n c e o f 1 0 0 0p a s s w o r d s i sFgag(x) . . . . . F ( F( F(x ) ) ) , F( F(x ) ) , F(x ) , x .T h e s e q u e n c e o f y i n e e d e d b y t h e s y s t e m t o a u t h e n t ic a t et h e s e p a s s w o r d s i sF l ( x ) . . . , F ( F ( F ( x ) ) ), F ( f ( x ) ) , F ( x ) .S in ce i t i s f eas ib l e t o c o m p u te F n fo r n _< 1 000 , p ro p er ty2 o f t h e o n e - w a y f u n c t i o n i m p l i e s t h a t t h e s e y i a r ed i s t i n c t . Fo r ex am p le , i f Fg S7(x ) = F1 2 a(x ) , t h e n g iv eny ' = F 12 3( X) , o n e c a n c o m p u t e x ' = F a S 6 (x ) w h e r e y ' =F ( x ' ) .
I t f o l l o w s f r o m o u r d e f i n i t i o n o f t h e x i t h a t y i = x i -1f o r i > 1 . I n o t h e r w o r d s , e a c h u s e r p a s s w o r d i s t h e v a l u en e e d e d b y t h e s y s t e m t o a u t h e n t i c a t e t h e n e x t p a s s w o r d .H e n c e , t h e s y s t e m m u s t i n i t i a l ly b e g i v e n t h e v a l u e y l =F~(x) a n d n e e d s u b s e q u e n t l y r e m e m b e r o n l y th e l a stp a s s w o r d s e n t b y t h e u s e r .
T o s e e t h a t t h e m e t h o d i s s e c u r e a g a i n s t e a v e s d r o p -p i n g a n d t a m p e r i n g w i t h t h e c o m m u n i c a t i o n , s u p p o s et h a t k n o w i n g t h e f i rs t 9 8 7 p a s s w o r d s Fgag(x) . . . . F l a ( x )e n a b l e d a n i n t r u d e r t o f i n d t h e n e x t p a s s w o r d F~2(x).T h e n g i ve n y ' = F~3(x), i t w o u l d b e f e a s i b l e t o c o m p u t eF'4(x ) . . . . . F ~ 9 ( x ) a n d t h e n c o m p u t e x ' = F12(x) w h e r ey ' = F ( x ' ) . T h i s w o u l d c o n t r a d i c t p r o p e r t y 2 o f t h e o n e -w a y f u n c t i o n F . S i n c e t h e p a s s w o r d s e q u e n c e i s d e t e r -m i n e d i n a d v a n c e , n o a m o u n t o f ta m p e r i n g w i t h th ec o m m u n i c a t i o n w i l l a l l ow a n i n t r u d e r t o i m p e r s o n a t e o rp e r m a n e n t l y l o c k o u t t h e u se r .O u r m e t h o d h a s a n i m p o r t a n t r o b u s t n e s s p r o p e r t y : I ft h e s y s te m a n d t h e u s e r h a v e g o t t e n o u t o f s y n c h r o n y - -t h e u s e r s e n d i n g x j a n d t h e s y s t e m u s i n g y k t o a u t h e n t i -c a t e i t, w i t h j ~ k - - t h e n t h i s c a n b e d e t e c t e d b y r e p e a t -e d l y a p p l y i n g F t o b o t h t h e p a s s w o r d a n d t h e s y s t e m ' sa u t h e n t i c a t i n g v a l u e u n t i l a m a t c h i s o b t a i n e d . F o r e x -a m p l e , i f t h e u s e r i s s e n d i n g x j a n d t h e s y s t e m i s c h e c k i n gw i t h yj+3, t h e n t h i s c a n b e d i s c o v e r e d b e c a u s e x i =F 2( yg -+ a) . T h e s y s t e m c a n a c c e p t t h e v a l u e o f x j i f j > k ,a n d c a n r e q u e s t a l a t e r v a l u e i f j < k .
T h i s r o b u s t n e s s c a n b e u s e d t o p r e v e n t a n i n t r u d e rf r o m t a k i n g a d v a n t a g e o f s y s te m c r a s h e s . R e s t a r t in gt h e s y s t e m a f t e r a c r a s h u s u a l l y r e q u i r e s b a c k i n g i t u pt o a p r i o r p o i n t - - a p o i n t a t w h i c h it c o u l d b e e x p e c t i n ga p a s s w o r d a l r e a d y s e n t b y t h e u s e r . F o r e x a m p l e , s u p -p o s e a n i n t r u d e r h a s b e e n r o u t i n e l y r e c o r d i n g a l l t r a n s -m i s s i o n s , a n d t h e s y s t e m c r a s h e s a f t e r t h e u s e r h a st r a n s m i t t e d X 3 7 4 . I f th e s y s t e m w e r e b a c k e d u p t o a p o i n tw h e r e i t w a s s t i l l e x p e c t i n g a p a s s w o r d t o b e c h e c k e dag ains t,v3 74, t h e i n t ru d er c o u ld t h e n o b t a in t h e v a lu e x 3 74f r o m t h e r e c o r d i n g h e h a d m a d e o f th e t r a n s m i ss i o n sa n d i m p e r s o n a t e t h e u s e r .771
W i t h o u r m e t h o d , b a c k i n g t h e s y s te m u p a f t e r a c r a s hd o e s n o t r e q u i r e b a c k i n g u p t o a p a s s w o r d t h a t m i g h ta l r e a d y h a v e b e e n u s e d. T h e s y st e m c a n b e j u m p e df o r w a r d i n st e a d . F o r e x a m p l e , s u p p o s e t h a t th e s y s te ma s a w h o l e i s b a c k e d u p t o a p o i n t a t w h i c h i t w a s u s i n g..1;374= F626(X) t o a u t h e n t i c a t e t h e n e x t p a s s w o r d . S u p p o s ef u r t h e r t h a t u se r s a re w a r n e d n o t t o p e r f o r m m o r e t h a no n e i d e n t i f i c a ti o n p e r h o u r . I f th e t i m e b e t w e e n t h e b a c k -u p p o i n t a n d t h e s y s t e m c r a s h i s l e s s t h a n t w o h o u r s ,t h e n t h e u s e r s h o u l d n o t h a v e t r a n s m i t t e d a n y p a s s w o r db e y o n d x 37 ~. T h e s y s t e m c a n t h e n a s k f o r X376 a s t h eu s e r ' s n e x t p a s s w o r d , s i n c e o n l y t h e u s e r s h o u l d b e a b l et o g e n e r a t e i t. T h e s y s t e m c a n a u t h e n t i c a t e t h e v a l u e o fX376 k n o wi n g o n l y f l3 74 b eca u se fl3 74 = F 3 ( X 3 76) . T h u s , a ne a v e s d r o p p e r c o u l d n o t u s e a n y o f th e p a s s w o r d s t h a t h eh a s d i s c o v e r e d e v e n i n t h e e v e n t o f a s y s t e m r e s t a r t .
III. ImplementationW e e n v is i on t h a t o u r m e t h o d w o u l d b e i m p l e m e n t e d
w i t h t h e a i d o f a m i c r o c o m p u t e r i n t h e u s e r 's t e r m i n a l .I n t h e f u t u r e , i n t e l l i g e n t t e r m i n a l s w i l l p r o b a b l y c o n -t a i n l o g i c t o p e r f o r m d a t a e n c r y p t i o n q u i c k l y , s o c o m -p u t a t i o n o f th e o n e - w a y f u n c t io n F p r e s e n t s n o p r o b l e m s .
T h e u s e r w o u l d f i r s t r a n d o m l y c h o o s e x . H e w o u l dt h e n e m p l o y h i s t e r m i n a l i n a s p e c i a l l o c a l m o d e t h a ta c c e p ts t h e v a l u e x a n d c o m p u t e s t h e v a l u e s F(x) , F2(x ) ,. . . . F ' (x ) . T h i s l a t t e r v a l u e w o u l d b e d i s p l a y e d o nt h e s c r e e n a n d t h e u s e r w o u l d d e l i v e r it t o t h e s y s t e m b ys o m e t a m p e r - p r o o f m e t h o d - - p e r h a p s c o p y in g it a n dp h y s i c a l l y c a r r y i n g i t t o t h e c o m p u t e r c e n t e r .
I n t h e s i m p l e s t i m p l e m e n t a t i o n , t h e u s e r w o u l d s e n dt h e s y s t e m hi s n a m e , a n d t h e s y s te m w o u l d r e s p o n d w i t ha v a l u e a n d a r e q u e s t t h a t t h e u s e r s e n d h is i t h p a s s w o r dxi . H e w o u l d t h e n e n t e r x a n d i i n t o hi s te r m i n a l a n d t h et e r m i n a l w o u ld c o m p u t e x i = F 1-i . C o m p u t i n g F ( x ' )f r o m x ' s h o u l d t a k e o n l y a c o u p l e o f m i l l is e c o n d s , s o t h ec o m p u t a t i o n o f x i w o u l d t a k e a t m o s t a c o u p l e o f se c o n ds .
I t is p o s s ib l e t o a v o i d t h i s c o m p u t a t i o n b y s a v i n g t h ev a l u e s x , F ( x ) . . . . . F 9 9 9 (x ) o b t a i n e d d u r i n g t h e o r i g i n a lc o m p u t a t i o n o f Fl(x). M o r e g e n e r a l ly , o n e c a n r e d u c ec o m p u t a t i o n a t t h e e x p e n s e o f s t or a g e b y s a v i ng t h ev a l u e s x , F ~ ( x ) , F2k(x) . . . . f o r s o m e k. T h e y c o u l d b es a v e d i n s o m e r e m o v a b l e s t o r a g e d e v i c e ( s u c h a s ac a s s e t t e ta p e ) t h a t i s i n s e r t e d i n t o t h e t e r m i n a l . T h i s t y p eo f r e m o v a b l e d e v i c e m i g h t b e a s t a n d a r d f e a t u r e o ff u t u r e t e r m i n a l s , s o t h a t d i f f e r e n t u s e r s c a n o p e r a t e t h es a m e t e r m i n a l a t d i f f e r e n t t i m e s , e a c h w i t h h i s o w np r i v a t e d a t a ( s u c h a s e n c r y p t i o n k e y s ) .
I f t h e u s e r c o m m u n i c a t e s w i t h s e v e r a l d i ff e r e n t s ys -t e m s , th e n h e m u s t a p p l y t h e sa m e m e t h o d i n d e p e n d e n t l yf o r e a c h s y s t e m u s i n g d i f f e r e n t v a lu e s o f x . W i t h r e m o v -a b l e s t o r a g e d e v i c e s f o r t h e t e r m i n a l , h e c o u l d u s e as e p a r a t e d e v i c e f o r e a c h s y s te m .
O f c o u r s e , a f t e r th e u s e r h a s i d e n t i f i e d h i m s e l f t o t h es y s t e m 1 00 0 ti m e s , h e m u s t c h o o s e a n e w v a l u e f o r xa n d r e p e a t t h e w h o l e p r o c e ss . H o w e v e r , o n e s h o u l d n o tComm unications Novem ber 1981of Volume 24the ACM Num ber 11
-
8/12/2019 20. Password Authentication With Insecure Authendication
3/3
aepeno upon me secrecy ot a smgle piece ot aat a tor toolong, so the user should choose a new value of x atregular intervals anyway.Received 12/79; revised 4/80; ac cepted 5/81R e f e r e n c e si. Diffie, W., and Hellman, M.E. New directions in cryptography.IEEE Trans. In form. Theory 1T-22 (Nov. 1976), 644-654.2. Evans, A., Kantrowitz, W., and Weiss, E. A user authentications c h e m e not requiri ng secrecy in the comput er. Comm. A CM 17, 8(Aug. 1974), 437-442.3. Wilkes, M.V. Time-Sharing Computer Systems. AmericanElsevier, New York, 1972.
Technical NoteOperating Systems Anita K. JonesEditorAuthentication of SignaturesU sing P ub lic Key EncryptionKellogg S. BoothUniversity of Waterloo, Canad a
O n e o f N e e d h a m a n d S c h r o e d e r s p r o p o se d s i g na t u r ea uthent i ca t io n pro to co l s i s sho wn to fa i l whe n there i s apo ss ib i l i ty o f co m pro m ised keys : th i s inva l ida tes o ne o fthe a ppl i ca t io ns o f the i r t echn ique . A m o re e la bo ra tem ec ha n i sm i s pro po sed wh ich do es n o t requ ire a netwo rkclock, but does require a third party to the transact ion.T he la t t er a ppro a ch i s sho wn to be re l i a b le in a fa i r lys tro ng sense .Key Wo rds a nd Phra ses : a u thent i ca t io n , d ig i ta l s i g -natures, notary, publ ic key encryption
CR Ca tego r i es : 3 .81 , 4 .31 , 4 .35
Corrigendum. Programming Techniques and Data Struc-tures.Paul Pritchard, A sublinear additive sieve for findingprime numbers. C o m m . A C M 2 4, 1 (Jan. 1981), 18-23.Page 18: In the fifth line after 1. Introduction deletethen .Page 19, Column 2: In line (2) of the def'mition o f I e ,replace '~oi with pl'Page 21, Column 1: The definition of x j should begin
x j = d f p . f j , ,Page 22, Table II: The second column should be headed
~r ( N ) , and the last column should be deleted.Page 23, Column 2, line 2: Insert algor ithm afterpractical .Corrigendum: Systems Modeling an d Perfo rmance Eval-uationMicha Hofri, Disk scheduling: FCFS vs. SSTF revisited.
C o m m . A C M 2 3, 11 (Nov. 1980) 645-653.G.J. Arnaudo from IMAG, Grenoble, France haspointed out that the second line in Eq. (3) has beenscrambled in the horizontal notation and should be:
- a M E 2 ( S ) ] / [ M ( 1 - a) - 1]}/2(1 - p). (3)The numbers in the paper were generated from thecorrect result.
772
I. Compromise in Publ i c Key SystemsNeedham and Schroeder [6] described a means forauthenticating signatures using public key encryption.User A sends user B a message which has been doublyencrypted, first with A's secret key and then with B'spublic key. Using Needham and Schroeder's notation,
this process is represented byA ~ B : ( ( t e x t - b l o c k ) S K a ) P ER .The receiver B can read the message by applying hissecret key first and then A's public key, thus decryptingthe text. B can convince an arbiter o f the authenticit y ofthe message and of A's authorship simply by allowingthe arbiter to apply A's public key to the message afterit has been decrypted by B's secret key. In a world ofpermanent and uncompromised keys this technique pro-vides a foolpro of authenti cation mechanism.
Permission to copy without fee all or part of this material isgranted provided that the copies are not made or distributed for directcommercial advantage, the ACM copyright notice and the title of thepublication and its date appear, and notice is given that copying is bypermission of the Association for Computing Machinery. To copyotherwise, or to republish, requires a fee and /o r specific permission.This paper was originally submitted in January, 1979. It languishedin the editoria l process until a recent chang e in editors. The Afterwordsection was added to cite several papers that have a prior publicationdate, but which were written contemporaneou sly with or after thispaper.Author 's present address: Kellogg S. Booth, Department of Com-puter Science, University of Waterloo, Waterloo, Ontario, CanadaN2L 3G1. 1981 ACM 0001-0782/81/1100-772 $00.75Communica tions Novem ber 1981of Volume 24the ACM Numbe r 11
