PorKI: portable PKI credentials via proxy certificates

Authors:
Massimiliano Pala;Sara Sinclair;Sean W. Smith
Affiliations:
Computer Science Department, PKI/Trust Lab, Dartmouth College, Hanover, NH;Computer Science Department, PKI/Trust Lab, Dartmouth College, Hanover, NH;Computer Science Department, PKI/Trust Lab, Dartmouth College, Hanover, NH
Venue:
EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
Year:
2010

Citing 10
Cited 0

Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Shemp: secure hardware enhanced myproxy

Shemp: secure hardware enhanced myproxy
PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Two methods of authenticated positioning

Proceedings of the 2nd ACM international workshop on Quality of service & security for wireless and mobile networks
Password sharing: implications for security design based on social practice

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Enhancing web browsing security on public terminals using mobile composition

Proceedings of the 6th international conference on Mobile systems, applications, and services
Trustworthy and personalized computing on public kiosks

Proceedings of the 6th international conference on Mobile systems, applications, and services
Attacks on public WLAN-based positioning systems

Proceedings of the 7th international conference on Mobile systems, applications, and services
Design of anti-GPS for reasons of security

CIS'09 Proceedings of the international conference on Computational and information science 2009

Quantified Score

Hi-index	0.00

Visualization

Abstract

Authenticating human users using public key cryptography provides a number of useful security properties, such as being able to authenticate to remote party without giving away a secret. However, in many scenarios, users need to authenticate from a number of client machines, of varying degrees of trustworthiness. In previous work, we proposed an approach to solving this problem by giving users portable devices which wirelessly issue temporary, limited-use proxy certificates to the clients. In this paper, we describe our complete prototype, enabling the use of proxy credentials issued from a mobile device to securely authenticate users to remote servers via a shared (or otherwise not trusted) device. In particular, our PorKI implementation combines out-of-band authentication (via 2D barcode images), standard Proxy Certificates, and platform attestation to provide usable and secure temporary credentials for web-based applications.