A Course Module on Authentication in Distributed Systems
Michael Reiter
UNC Chapel Hill

Below is a course module on authentication in distributed systems, based on material that I have refined over a few course offerings. The module is based on the treatment of the subject in

This paper has highly influenced the course module and is, in my view, mandatory reading for anyone who is going to study access control in distributed systems. That said, the course module adapts and extends the treatment in the above paper in a few ways.

The course module is targeted at upper-level undergraduates in a computer science program, and typically consumes about four to five hours of class time. The module does not presume that the students have a background in cryptography, and I tend to cover this material in my own classes before any discussion of cryptography. It also does not assume previous familiarity with any details of trusted platforms, SSL/TLS or DNS/DNSSEC. For what it's worth, several students have expressed to me the usefulness of the way of thinking about authentication and access-control advocated in this module, though this feedback typically comes from students after they have left the classroom and had to face complicated distributed systems security problems in their jobs.

You are free to modify the module to suit your needs, and I'd be grateful to receive any improvements, adaptations or extensions of these materials in return.

Additional reading

Authorization logics have proven to be quite useful for reasoning about authentication and access-control in distributed systems and, more recently, for implementing authentication and access-control in such systems using automated proof verification techniques. To my knowledge, the first paper to advocate for using such logics to enforce access-control policy in distributed systems was

Some examples of research projects in which I've been involved that implement authentication in this way are described in the following readings:

Comments and corrections are welcomed and appreciated. I am very grateful for support from Intel for producing this module.