Replicating the Kuperee authentication server for increased security and reliability

The current work proposes a new scheme for the replication of authentication services in Kuperee based on a public key cryptosystem, in response to the two main shortcomings of the traditional single server solutions, namely those of low availability and high security risks. The work represents further developments in the Kuperee authentication system. The Kuperee server is presented in its simplified design to aid the presentation of the replication scheme. The replication approach is based on the sharing of session public keys, together with a threshold or secret sharing scheme. However, unlike previous approaches, in the current work the object to be shared-out is instead a session secret key which is not directly available to the (untrusted) Client. The scheme gains advantages deriving from the use of public key cryptology, as well as from the manner in which the secret is shared-out. A comparison with the notable work of Gong (1993) is also presented

Replicating the Kuperee Authentication Server for Increased Security and Reliability (Abstract)

) Thomas Hardjono and Jennifer Seberry Centre for Computer Security Research Department of Computer Science, University of Wollongong, NSW 2522, Australia email: thomas/[email protected] Abstract The current work proposes a new scheme for the replication of authentication services in Kuperee based on a public key cryptosystem, in response to the two main shortcomings of the traditional single server solutions, namely those of low availability and high security risks. The work represents further developments in the Kuperee authentication system. The Kuperee server is presented in its basic form to aid the presentation of the replication scheme. Two protocols are presented based on the underlying public key cryptosystem. The first is based on the sharing of session public keys, while the second employs long term and short term public keys much in the traditional manner. The replication scheme is built upon a threshold or secret sharing scheme. However, unlike previous approaches, in..