@inproceedings{ae6c351033224c158555689950106f45,
title = "On-board credentials with open provisioning",
abstract = "Securely storing and using credentials is critical for ensuring the security of many modern distributed applications. Dedicated hardware tokens provide high levels of security, but they are expensive, which makes them unattractive for most service providers. A new approach to address the problem has become possible due to the fact that several types of general-purpose secure hardware are becoming widely deployed. These platforms enable, to different degrees, a strongly isolated secure environment. In this paper, we describe how we use general-purpose secure hardware to develop an architecture for credentials which we call On-board Credentials (ObCs). ObCs combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware. A distinguishing feature of the ObC architecture is that it is open: it allows anyone to design and deploy new credential algorithms to ObC-capable devices without approval from the device manufacturer or any other third party. The primary contribution of this paper is showing and solving the technical challenges in achieving openness while avoiding additional costs and without compromising security. Our proposed architecture is designed with the constraints existing secure hardware in mind and has been prototyped on several different platforms including mobile devices based on M-Shield secure hardware.",
keywords = "security and privacy, authentication, access control, secure execution environment, trusted computing, provisioning",
author = "Kari Kostiainen and Jan-Erik Ekberg and N. Asokan and Aarne Rantala",
note = "Also published as Nokia Research Center Technical Report NRC-TR-2008-007 (2008). ; 2009 ACM Symposium on Information, Computer and Communications Security ; Conference date: 10-03-2009 Through 12-03-2009",
year = "2009",
doi = "10.1145/1533057.1533074",
language = "English",
isbn = "978-1-60558-394-5",
series = "Nokia Research Center Technical Report",
number = "NRC-TR-2008-007",
pages = "104--115",
editor = "Wanqing Li and Willy Susilo",
booktitle = "Proceedings of the 4th International Symposium on Information, Computer, and Communications Security",
publisher = "Association for Computing Machinery ACM",
address = "United States",
}