A Nonce-Based Protocol For Multiple Authentications

The Kerberos authentication service, a part of MIT's Project Athena, is based on the Needham and Schroeder protocol. Timestamps depending on reliable synchronized clocks are used to guarantee the freshness of messages. As an improvement, we present a nonce-based protocol offering the same features as Kerberos. We generate a ticket in an initial message exchange which includes a generalized timestamp. Checking this generalized timestamp is left to the principal who created it. Consequently we do not need synchronized clocks. Our protocol has the property of using a minimal number of messages to establish an authenticated session key. 1 Introduction In computer networks and distributed computing systems a mechanism is needed to provide secure communication. To trust the identity of each other, two principals must run a procedure resulting in mutual authentication. Key distribution protocols establish secret authenticated session keys using conventional cryptography, also called symmetri..