Replicating the Kuperee authentication server for increased security and reliability

The current work proposes a new scheme for the replication of authentication services in Kuperee based on a public key cryptosystem, in response to the two main shortcomings of the traditional single server solutions, namely those of low availability and high security risks. The work represents further developments in the Kuperee authentication system. The Kuperee server is presented in its basic form to aid the presentation of the replication scheme. Two protocols are presented based on the underlying public key cryptosystem. The rst is based on the sharing of session public keys, while the second employs long term and short term public keys much in the traditional manner. The replication scheme is built upon a threshold or secret sharing scheme. However, unlike previous approaches, in the current work the object to be shared-out is instead a session secret key which is not directly available to the (untrusted) Client. The scheme gains advantages deriving from the use of public key cryptology, as well as from the manner in which the secret is shared-out. A comparison with the notable work of Gong (1993) is also presented.