TwoKind authentication: protecting private information in untrustworthy environments
Proceedings of the 7th ACM workshop on Privacy in the electronic society
PorKI: portable PKI credentials via proxy certificates
EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
Digital identity security architecture in Ethos
Proceedings of the 7th ACM workshop on Digital identity management
Daonity: an experience on enhancing grid security by trusted computing technology
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
| Hi-index | 0.00 |
As evidenced by the proliferation of phishing attacks and keystroke loggers, we know that human beings are not wellequipped to make trust decisions about when to use their passwords or other personal credentials. Public key cryptography can reduce this risk of attack, because authentication using PKI is designed to not give away sensitive data. However, using private keys on standard platforms exposes the user to "keyjacking"; mobile users wishing to use keypairs on an unfamiliar and potentially untrusted workstation face even more obstacles. In this paper we present the design and prototype of PorKI, a software application for mobile devices that offers an alternative solution to the portable key problem. Through the use of temporary keypairs, proxy certificates, and wireless protocols, PorKI enables a user to employ her PKI credentials on any Bluetoothenabled workstation, including those not part of her organization's network, and even those that might be malicious. Moreover, by crafting XACML policy statements that limit the key usage to the workstation's trustworthiness level, and inserting these statements into extensions of the proxy certificates, PorKI provides the user or the relying party with the ability to limit the amount of trust that can be put in the temporary keypair used on that workstation, and thus the scope of a potential compromise.