On-board credentials with open provisioning

Kari Kostiainen, Jan-Erik Ekberg, N. Asokan, Aarne Rantala

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Securely storing and using credentials is critical for ensuring the security of many modern distributed applications. Dedicated hardware tokens provide high levels of security, but they are expensive, which makes them unattractive for most service providers. A new approach to address the problem has become possible due to the fact that several types of general-purpose secure hardware are becoming widely deployed. These platforms enable, to different degrees, a strongly isolated secure environment. In this paper, we describe how we use general-purpose secure hardware to develop an architecture for credentials which we call On-board Credentials (ObCs). ObCs combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware. A distinguishing feature of the ObC architecture is that it is open: it allows anyone to design and deploy new credential algorithms to ObC-capable devices without approval from the device manufacturer or any other third party. The primary contribution of this paper is showing and solving the technical challenges in achieving openness while avoiding additional costs and without compromising security. Our proposed architecture is designed with the constraints existing secure hardware in mind and has been prototyped on several different platforms including mobile devices based on M-Shield secure hardware.
Original languageEnglish
Title of host publicationProceedings of the 4th International Symposium on Information, Computer, and Communications Security
Subtitle of host publicationASIACCS '09
EditorsWanqing Li, Willy Susilo
Place of PublicationNew York
PublisherAssociation for Computing Machinery ACM
Pages104-115
ISBN (Print)978-1-60558-394-5
DOIs
Publication statusPublished - 2009
MoE publication typeA4 Article in a conference publication
Event2009 ACM Symposium on Information, Computer and Communications Security - Sydney, Australia
Duration: 10 Mar 200912 Mar 2009

Publication series

SeriesNokia Research Center Technical Report
NumberNRC-TR-2008-007

Conference

Conference2009 ACM Symposium on Information, Computer and Communications Security
Country/TerritoryAustralia
CitySydney
Period10/03/0912/03/09

Keywords

  • security and privacy
  • authentication
  • access control
  • secure execution environment
  • trusted computing
  • provisioning

Fingerprint

Dive into the research topics of 'On-board credentials with open provisioning'. Together they form a unique fingerprint.

Cite this