On Sat, 15 Dec 2001, Tim Churches wrote: ... > It is this latter paper which is a minor but useful generalistaion of > the method described by Pommerening et al.
Hi Tim, In either case, the SDSS method is not too useful yet aside from academic discussions. :-) > The method described in your US patent does, however, seem very similar > to the Kerberos system developed at and described by MIT at least a > decade earlier. The main difference is that in Kerberos the > authentication database passes a time-limited authentication ticket > directly back to the user, who then packages that ticket with his/her > request, whereas in your system the authentication ticket is passed > directly from the authentication database to the storage database, Almost right. The SDSS architecture passes the "linking code" - in addition to the authentication ticket! I suppose you can say that the linking code is a minor generalization of the "authentication ticket" - but I disagree. Authentication ticket is unique to each user and/or request instance. "Linking code" is not. Now, perhaps you view passing the authentication ticket back to the user vs. directly forwarding the ticket to the next database as yet another minor difference - but I believe most people working with protocol design would disagree. :-) There are significant security and performance implications to this "minor" difference. Your thoughts? > which may or may not be an advantage, depending on the circumstances. Exactly! Kerberos chose to use a _time-limited_ authentication ticket precisely to mitigate potential replay attack (by the users). A SDSS system would not have this vulnerability. What vulnerabilities do you see with the SDSS system, if any? > Later versions of Kerberos introduced PKI and associated key > management very similar to that described in your US patent, but they > still pre-date it. Pre-dating is irrelevant when it is significantly different. :-) Use of PKI and associated PKI key management in SDSS is not interesting. If there are 5 database-sites that one wishes to "scatter" a particular secret to, one would split the secret information into five shares and encrypt each share such that only the intended database site is able to decrypt each share. PKI is useful in this context merely because prior secure key exchange is not required. Use of PKI reduces overhead for scaling the system (e.g. from scattering across 2 sites to 200 sites :-). ... > If the idea had appeared as a scientific paper, then you would have > deserved our congratulations Thanks! Unfortunately, it is far premature to even call this a substantive contribution. When I can successfully describe and explain this to my colleagues, then I may be making an intellectual contribution. > for advancing the science of security by describing a useful > simplification of the Kerberos protocol combined with the work of > Pommerening et al.. There are significant differences in security trade-offs between the Kerberos protocol and SDSS such that I would be hesitant to suggest that SDSS is a simplification or replacement for Kerberos. With regards to the Pommerening system, I would say that we were thinking along the same lines, except they were more concerned with anonymizing records - while I had to solve the problem of handling personally identifiable and non-specifically "sensitive" records. It is impossible to know whether they would have stumbled upon the same design if they were forced to solve the same problem. ... Best regards, Andrew --- Andrew P. Ho, M.D. OIO: Open Infrastructure for Outcomes www.TxOutcome.Org (Hosting OIO Library #1 and OSHCA Mirror #1)
