PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness

Sinclair, Sara; Smith, Sean W.

doi:10.1109/csac.2005.43

Cited by 7 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sinclair and Smith [27] propose that a phone, in possession of a sensitive private key, temporarily delegate authority to a short-lived keypair known to the kiosk. The trustworthiness of this kiosk is explicitly encoded in a credential signed by the system administrator.…”

Section: Related Workmentioning

confidence: 99%

Trustworthy and personalized computing on public kiosks

Garriss

Cáceres

Berger

et al. 2008

Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services

View full text Add to dashboard Cite

Many people desire ubiquitous access to their personal computing environments. We present a system in which a user leverages a personal mobile device to establish trust in a public computing device, or kiosk, prior to resuming her environment on the kiosk. We have designed a protocol by which the mobile device determines the identity and integrity of all software loaded on the kiosk, in order to inform the user whether the kiosk is trustworthy. Our system exploits emerging hardware security technologies, namely the Trusted Platform Module and new support in x86 processors for establishing a dynamic root of trust. We have demonstrated the viability of our approach by implementing and evaluating our system on commodity hardware. Through a brief survey, we found that respondents are generally willing to endure a delay in exchange for an increased assurance of data privacy, and that the delay incurred by our unoptimized prototype is close to the range tolerable to the respondents. We have focused on allowing the user to personalize a kiosk by running her own virtual machine there. However, our work is generally applicable to establishing trust on public computing devices before revealing any sensitive information to those devices.

show abstract

Section: Related Workmentioning

confidence: 99%

Trustworthy and personalized computing on public kiosks

Garriss

Cáceres

Berger

et al. 2008

Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services

View full text Add to dashboard Cite

show abstract

“…In grid field, a delegation mechanism named MyProxy [7] is proposed. In [8], a PorKI for PKI's mobility have been proposed. Compared with our work, most of researches related with mobility of grid based on trusted hardware have not focused on wireless environment problem.…”

Section: Wireless Grid Security Requirementsmentioning

confidence: 99%

An Improved Wireless Grid Security Infrastructure Based on Trusted Computing Technology

Yan

Zhang

Shen

et al. 2006

2006 International Conference on Wireless Communications, Networking and Mobile Computing

View full text Add to dashboard Cite

Current grid computing has developed from traditional high performance, distributed and site-fixed computing to pervasive, ubiquitous and wireless computing. In practice, PKI-based solutions are introduced to solve security of grid computing. Because of limited computation power and limited memory spaces, it is difficult for wireless grid computing to gain secure solution in collaboration environment. The trusted computing (TC) technologies are introduced to offer great potential to improve this situation. In this paper, with treated trusted platform module (TPM) as a tamper-resistance module, a TC-enabled architecture is proposed to improve wireless grid security. Especially authorization protection is discussed to demonstrate how to gain enhanced and distributed security in grid environment.

show abstract

“…This is a brief overview of related work; for a more complete treatment, see the earlier paper on the design of PorKI [14].…”

Section: Related Workmentioning

confidence: 99%

“…To transfer the shared device's trust measurement and the proxy credentials back to the shared device, PorKI needs a secured communication channel between the two devices. In our previous work [14], we focused on the usage of bluetooth [1] as the out-of-band channel for transferring the user's proxy credentials, but this proved to be too restrictive as most of the shared resources (eg., desktop computers) do not come with bluetooth capabilities. Therefore, we divided the pairing process into two separate phases.…”

Section: Smart Phone Applicationmentioning

confidence: 99%

PorKI: Portable PKI Credentials via Proxy Certificates

Pala

Sinclair

Smith

2011

Public Key Infrastructures, Services and Applications

View full text Add to dashboard Cite

Abstract. Authenticating human users using public key cryptography provides a number of useful security properties, such as being able to authenticate to remote party without giving away a secret. However, in many scenarios, users need to authenticate from a number of client machines, of varying degrees of trustworthiness. In previous work, we proposed an approach to solving this problem by giving users portable devices which wirelessly issue temporary, limited-use proxy certificates to the clients. In this paper, we describe our complete prototype, enabling the use of proxy credentials issued from a mobile device to securely authenticate users to remote servers via a shared (or otherwise not trusted) device. In particular, our PorKI implementation combines out-of-band authentication (via 2D barcode images), standard Proxy Certificates, and platform attestation to provide usable and secure temporary credentials for web-based applications.

show abstract

PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness

Cited by 7 publications

References 12 publications

Trustworthy and personalized computing on public kiosks

Trustworthy and personalized computing on public kiosks

An Improved Wireless Grid Security Infrastructure Based on Trusted Computing Technology

PorKI: Portable PKI Credentials via Proxy Certificates

Contact Info

Product

Resources

About