@book{f2d8d487510a48548802573f2c6e8064,
title = "OnBoard credentials platform design and implementation",
abstract = "Securely storing and using credentials is critical for ensuring the security of many modern distributed applications. Existing approaches to address this problem fall short. User memorizable passwords are flexible and cheap, but they suffer from bad usability. On the other hand, dedicated hardware tokens provide high levels of security, but the logistics of manufacturing and provisioning smartcards are expensive, which makes it unattractive for most service providers. Several types of general-purpose secure hardware, like TPM and M-shield, are becoming widely deployed. These platforms enable, to different degrees, a strongly isolated secure environment. In this report, we describe how we use general-purpose secure hardware to develop a platform for credentials which we call OnBoard Credentials (ObCs). ObCs combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware. Besides secure storage and execution the ObC architecture supports secure provisioning of both credential algorithms and secrets. The architecture is widely applicable and in this report we describe prototype implementations for three different platforms: an M-shield enabled mobile phone, a TPM-based Linux PC, and a mobile Linux tablet with para-virtualization",
keywords = "platform security, mobile phones, secure hardware, credentials",
author = "Jan-Erik Ekberg and N. Asokan and Kari Kostiainen and Pasi Eronen and Aarne Rantala and Aishvarya Sharma",
year = "2008",
language = "English",
series = "Nokia Research Center Technical Report",
number = "NRC-TR-2008-001",
}