Abstract
Hardware-based “trusted execution environments” (TrEEs) are becoming widely available and open credentials platforms allow any service provider to issue credentials to such TrEEs. Credential transfer in an open system poses usability challenges: Certain credential issuers may disallow direct credential migration and require explicit credential re-provisioning, and each credential provisioning typically requires separate user authentication. Additionally, the lack of secure user input mechanisms on existing TrEEs makes the required user identity binding to TrEEs challenging. In this paper we present a practical credential transfer protocol that can be implemented using devices available today. Our protocol makes credential transfer user-friendly with delegated, automatic re-provisioning, and can be integrated to a typical device initialization process.
Chapter PDF
Similar content being viewed by others
References
ARM. Trustzone-enabled processor, http://www.arm.com/products/processors/technologies/trustzone.php
Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Proc. Network and Distributed System Security Symposium (NDSS 2002) (2002)
Berger, S., Caceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM - virtualizing the trusted platform module. In: Proc. 15th Usenix Security Symposium (2006)
Boyen, X.: Hidden credential retrieval from a reusable password. In: Proc. 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009 (2009)
Cooper, A., Martin, A.: Towards an open, trusted digital rights management platform. In: Proc. ACM Workshop on Digital Rights Management, DRM 2006 (2006)
Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The trusted execution module: Commodity general-purpose trusted computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)
Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Cryptography 2 (1992)
Dolev, D., Yao, A.C.: On the security of public key protocols. Technical report, Stanford, CA, USA (1981)
Fischer, T., Sadeghi, A.-R., Winandy, M.: A pattern for secure graphical user interface systems. In: Bhowmick, S.S., Küng, J., Wagner, R. (eds.) DEXA 2009. LNCS, vol. 5690. Springer, Heidelberg (2009)
Gajek, S., Löhr, H., Sadeghi, A.-R., Winandy, M.: Truwallet: trustworthy and migratable wallet-based web authentication. In: Proc. ACM Workshop on Scalable Trusted Computing, STC 2009 (2009)
Harrop, P., Das, R.: Nfc-enabled phones and contactless smart cards 2010-2020. Technical report, IDTechEx (2010), http://www.idtechex.com/research/
Holtmanns, S., Niemi, V., Ginzboorg, P., Laitinen, P., Asokan, N.: Cellular Authentication for Mobile and Internet Services. Wiley, Chichester (2008)
Kostiainen, K., Asokan, N., Ekberg, J.-E.: Credential disabling from trusted execution environments. In: Proc. of Nordic Conference in Secure IT Systems, Nordsec 2010 (2010)
Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proc. ACM Symposium on Information, Computer & Communications Security, ASIACCS 2009 (2009)
Kühn, U., Kursawe, K., Lucks, S., Sadeghi, A.-R., Stüble, C.: Secure data management in trusted computing. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 324–338. Springer, Heidelberg (2005)
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Seshadri, A.: Minimal TCB Code Execution (Extended Abstract). In: Proc. IEEE Symposium on Security and Privacy (May 2007)
Poitner, M.: Mobile security becomes reality – the mobile security card (2008), http://www.ctst.com/CTST08/pdf/Poitner.pdf
Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)
Sadeghi, A.-R., Wolf, M., Stüble, C., Asokan, N., Ekberg, J.-E.: Enabling fairer digital rights management with trusted computing. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 53–70. Springer, Heidelberg (2007)
Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: Proc. IEEE Symposium on Security and Privacy, SP 2007 (2007)
Schellekens, D., Tuyls, P., Preneel, B.: Embedded trusted computing with authenticated non-volatile memory. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 60–74. Springer, Heidelberg (2008)
Schmidt, A., Kuntze, N., Kasper, M.: On the deployment of mobile trusted modules. In: Proc. Wireless Communications and Networking Conference, WCNC 2008 (2008)
Selhorst, M., Stüble, C., Feldmann, F., Gnaida, U.: Towards a trusted mobile desktop. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 78–94. Springer, Heidelberg (2010)
Srage, J., Azema, J.: M-Shield mobile security technology (2005), TI White paper, http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf
TCG. TPM Specifications (July 2007), http://www.trustedcomputinggroup.org/resources/tpm_main_specification
Viganò, L.: Automated security protocol analysis with the avispa tool. Electronic Notes in Theoretical Computer Science 155, 61–86 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kostiainen, K., Asokan, N., Afanasyeva, A. (2011). Towards User-Friendly Credential Transfer on Open Credential Platforms. In: Lopez, J., Tsudik, G. (eds) Applied Cryptography and Network Security. ACNS 2011. Lecture Notes in Computer Science, vol 6715. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21554-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-21554-4_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21553-7
Online ISBN: 978-3-642-21554-4
eBook Packages: Computer ScienceComputer Science (R0)