liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Re-authentication of Critical Operations
Linköping University, Department of Electrical Engineering.
2002 (English)Independent thesis Basic level (professional degree)Student thesisAlternative title
Återautentisering av Kritiska Operationer (Swedish)
Abstract [en]

This is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operation that can cause serious damage to a network node or a set of network nodes, if it is done without one giving it a second thought. The purpose is to prevent mistakes and secure the users’ audit trail.

The main task is to propose and implement a re-authentication prototype, that is to enable the incorporation of the re-authentication prototype to an already complete security architecture and yet preserve the security and performance level of the architecture.

This thesis deals with this problem by using digitally signed certificates to provide the necessary security issues. The certificates used are called re- authentication certificates and follows the X.509 attribute certificate standard. The re-authentication certificate is optimised so that it only holds authorisation information regarding one critical operation. An access control decision function is used to decide if the re-authentication certificate and its owner are authentic. On basis of that decision the user can get the authority to execute critical operations.

The finished prototype confirms that a re-authentication can be incorporated with the security architecture. The report also shows that the security status of the architecture is preserved. The performance of the prototype is rather difficult to prove since the prototype implementation only initialises the objects that are required to prove the security issues. A performance test can therefore never prove how the prototype will perform in an authentic environment. The performance is assumed to be adequate since it uses the same authentication function that is used by the security architecture.

Place, publisher, year, edition, pages
Institutionen för systemteknik , 2002. , 98 p.
LiTH-ISY-Ex, 3276
Keyword [en]
Informationsteknik, Computer Security, Distributed Systems, Access-control, Certificates, Re-authentication Certificates, Cryptography.
Keyword [sv]
National Category
Computer and Information Science
URN: urn:nbn:se:liu:diva-1174OAI: diva2:18154
Available from: 2002-04-29 Created: 2002-04-29

Open Access in DiVA

fulltext(724 kB)386 downloads
File information
File name FULLTEXT01.pdfFile size 724 kBChecksum SHA-1
Type fulltextMimetype application/pdf

By organisation
Department of Electrical Engineering
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 386 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 535 hits
ReferencesLink to record
Permanent link

Direct link