Architecture for Protecting Critical Secrets in Microprocessors
Proceedings of the 32nd annual international symposium on Computer Architecture
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions
Proceedings of the 32nd annual international symposium on Computer Architecture
Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Hardware-rooted trust for secure key management and transient trust
Proceedings of the 14th ACM conference on Computer and communications security
Scheduling execution of credentials in constrained secure environments
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Implementing an application-specific credential platform using late-launched mobile trusted module
Proceedings of the fifth ACM workshop on Scalable trusted computing
Towards customizable, application specific mobile trusted modules
Proceedings of the fifth ACM workshop on Scalable trusted computing
Key attestation from trusted execution environments
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Mobile Networks and Applications
Towards user-friendly credential transfer on open credential platforms
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Identity verification schemes for public transport ticketing with NFC phones
Proceedings of the sixth ACM workshop on Scalable trusted computing
Credential life cycle management in open credential platforms (short paper)
Proceedings of the sixth ACM workshop on Scalable trusted computing
Can hand-held computers still be better smart cards?
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
TruWalletM: secure web authentication on mobile platforms
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Credential disabling from trusted execution environments
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
A flexible software development and emulation framework for ARM trustzone
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Mass transit ticketing with NFC mobile phones
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Authenticated encryption primitives for size-constrained trusted computing
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Trustworthy execution on mobile devices: what security properties can my mobile platform give me?
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
SmartTokens: delegable access control with NFC-Enabled smartphones
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Strong authentication with mobile phone
ISC'12 Proceedings of the 15th international conference on Information Security
Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer
Proceedings of the third ACM conference on Data and application security and privacy
Trusted execution environments on mobile devices
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Secure enrollment and practical migration for mobile trusted execution environments
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
SEC'13 Proceedings of the 22nd USENIX conference on Security
Using ARM trustzone to build a trusted language runtime for mobile applications
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
| Hi-index | 0.00 |
Securely storing and using credentials is critical for ensuring the security of many modern distributed applications. Existing approaches to address this problem fall short. User memorizable passwords are flexible and cheap, but they suffer from bad usability and low security. On the other hand, dedicated hardware tokens provide high levels of security, but the logistics of manufacturing and provisioning such tokens are expensive, which makes them unattractive for most service providers. A new approach to address the problem has become possible due to the fact that several types of general-purpose secure hardware, like TPM and M-shield, are becoming widely deployed. These platforms enable, to different degrees, a strongly isolated secure environment. In this paper, we describe how we use general-purpose secure hardware to develop an architecture for credentials which we call On-board Credentials (ObCs). ObCs combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware. A distinguishing feature of the ObC architecture is that it is open: it allows anyone to design and deploy new credential algorithms to ObC-capable devices without approval from the device manufacturer or any other third party. The primary contribution of this paper is showing and solving the technical challenges in achieving openness while avoiding additional costs (by making use of already deployed secure hardware) and without compromising security (e.g., ensuring strong isolation). Our proposed architecture is designed with the constraints of existing secure hardware in mind and has been prototyped on several different platforms including mobile devices based on M-Shield secure hardware.