Offline count-limited certificates

Authors:
Luis F. G. Sarmenta;Marten van Dijk;Jonathan Rhodes;Srinivas Devadas
Affiliations:
Massachusetts Institute of Technology, Cambridge, MA;Massachusetts Institute of Technology, Cambridge, MA;Massachusetts Institute of Technology, Cambridge, MA;Massachusetts Institute of Technology, Cambridge, MA
Venue:
Proceedings of the 2008 ACM symposium on Applied computing
Year:
2008

Citing 11
Cited 0

Secure audit logs to support computer forensics

ACM Transactions on Information and System Security (TISSEC)
Certificate chain discovery in SPKI?SDSI

Journal of Computer Security
How to Time-Stamp a Digital Document

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Decentralized Trust Management

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Smart Card Handbook

Smart Card Handbook
One-Time Capabilities for Authorizations without Trust

PERCOM '04 Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom'04)
Cassandra: Flexible Trust Management, Applied to Electronic Health Records

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Virtual monotonic counters and count-limited objects using a TPM without a trusted OS

Proceedings of the first ACM workshop on Scalable trusted computing
How to win the clonewars: efficient periodic n-times anonymous authentication

Proceedings of the 13th ACM conference on Computer and communications security
Certificate revocation and certificate update

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Dynamic k-times anonymous authentication

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present the idea of offline count-limited certificates (or clics for short), and show how these can be implemented using minimal trusted hardware functionality already widely available today. Offline count-limited certificates are digital certificates that: (1) specify usage conditions that depend on irreversible counters, and (2) are used in a protocol that guarantees that any attempt to use them in violation of these usage conditions will be detected even if the user of the certificate and the verifying party have no contact at all with the outside world at the time of the transaction. Such certificates enable many interesting applications not possible with traditional (unlimited use) certificates, including count-limited delegation and access, offline commerce and trading using cashlike migratable certificates, and others. We show how all these applications can be made possible by using only a simple trusted timestamping device (TTD), which can in turn be implemented using existing trusted hardware devices such as smartcards, and the Trusted Platform Module (TPM) chips embedded in PCs available today. Significantly, our solutions do not require trust in any other components in the host machines aside from the TTD itself; they remain tamper-evident as long as the TTD is not compromised, even if the entire host system, including the BIOS, CPU, OS and memory, is compromised. This not only provides better security by minimizing the required trusted computing base, but also makes implementation possible on present-day machines without requiring a particular kind of OS. We demonstrate all these ideas by implementing a prototype application that runs under both Linux and Windows, and presenting experimental performance results.