A Platform for OnBoard Credentials
Securely storing and using credentials for authentication is an essential part of protecting financial applications like on-line banking and other distributed applications. Existing approaches fall short: Requiring users to memorize credentials suffers from bad usability and is vulnerable to phishing. “Password managers” ease the usability problem somewhat, but are open to software attacks, like Trojans that steal passwords. At the other extreme, dedicated hardware tokens provide high levels of security, but are expensive and not very flexible. We observe that general-purpose secure hardware are becoming widely available and use them to develop a platform for “OnBoard Credentials” (ObCs) which combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware.
Unable to display preview. Download preview PDF.
- 1.Asokan, N., et al.: On-board credentials platform: design and implementation, NRC report NRC-TR-2008-001 (to appear) (January 2008), http://research.nokia.com/files/NRCTR2008001.pdf
- 2.Ekberg, J.-E., Kylänpää, M.: Mobile trusted module. NRC report NRCTR- 2007-015 (2007), http://research.nokia.com/files/NRCTR2007015.pdf
- 3.Sharma, A.: On-board credentials: Hardware-assisted secure storage of credentials. Master’s thesis, Helsinki University of Technology (2007), http://asokan.org/asokan/research/Aish-Thesis-final.pdf
- 4.Srage, J., Azema, J.: M-shield mobile security technology, TI White paper (2005), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf