Distributed System Authentication

According to [WL92], there are three main types of authentication in a distributed computing system.

• Message Content Authentication: the ability to verify that the message received is exactly the message that was sent. Message Content Authentication can be achieved by:
  1. applying a cryptographic checksum called a message authentication code (MAC), or
  2. by applying a public-key digital signature.
  The National Institute of Standards and Technology (NIST) Federal Information Processing Standard Publication (FIPS PUB) 113, ``Computer Data Authentication'' [FIP85] provides information on the use of NIST approved Message Authentication Code Standard, while the Draft FIPS PUB ``Digital Signature Standard'' [FIP93c] describes the NIST proposed digital signature standard.

• Message Origin Authentication: The ability to verify that the actual sender of a received message is in fact the sender claimed in the message. Using a symmetric (secret key) cryptosystem, the receiver of a message can be assured of the validity of the sender since only the sender and receiver of the message possess the key used to encrypt the message. This type of system needs a trusted third party, however, to provide a non-repudiation service. In an asymmetric (public key) cryptosystem, the use of a public key or digital signature can provide message origin authentication.

• General Identity Authentication: the ability to verify that a principal's identity is who is claimed. It is this type of authentication that is the focus of Section 10.4. The other two types of authentication, message content authentication and message origin authentication will be discussed when they are coupled with identity authentication in the authentication systems that will be examined.