Towards User-Friendly Credential Transfer on Open Credential Platforms

  • Kari Kostiainen
  • N. Asokan
  • Alexandra Afanasyeva
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6715)


Hardware-based “trusted execution environments” (TrEEs) are becoming widely available and open credentials platforms allow any service provider to issue credentials to such TrEEs. Credential transfer in an open system poses usability challenges: Certain credential issuers may disallow direct credential migration and require explicit credential re-provisioning, and each credential provisioning typically requires separate user authentication. Additionally, the lack of secure user input mechanisms on existing TrEEs makes the required user identity binding to TrEEs challenging. In this paper we present a practical credential transfer protocol that can be implemented using devices available today. Our protocol makes credential transfer user-friendly with delegated, automatic re-provisioning, and can be integrated to a typical device initialization process.


security credential transfer trusted computing 


  1. 1.
  2. 2.
    Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Proc. Network and Distributed System Security Symposium (NDSS 2002) (2002)Google Scholar
  3. 3.
    Berger, S., Caceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM - virtualizing the trusted platform module. In: Proc. 15th Usenix Security Symposium (2006)Google Scholar
  4. 4.
    Boyen, X.: Hidden credential retrieval from a reusable password. In: Proc. 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009 (2009)Google Scholar
  5. 5.
    Cooper, A., Martin, A.: Towards an open, trusted digital rights management platform. In: Proc. ACM Workshop on Digital Rights Management, DRM 2006 (2006)Google Scholar
  6. 6.
    Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The trusted execution module: Commodity general-purpose trusted computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Cryptography 2 (1992)Google Scholar
  8. 8.
    Dolev, D., Yao, A.C.: On the security of public key protocols. Technical report, Stanford, CA, USA (1981)Google Scholar
  9. 9.
    Fischer, T., Sadeghi, A.-R., Winandy, M.: A pattern for secure graphical user interface systems. In: Bhowmick, S.S., Küng, J., Wagner, R. (eds.) DEXA 2009. LNCS, vol. 5690. Springer, Heidelberg (2009)Google Scholar
  10. 10.
    Gajek, S., Löhr, H., Sadeghi, A.-R., Winandy, M.: Truwallet: trustworthy and migratable wallet-based web authentication. In: Proc. ACM Workshop on Scalable Trusted Computing, STC 2009 (2009)Google Scholar
  11. 11.
    Harrop, P., Das, R.: Nfc-enabled phones and contactless smart cards 2010-2020. Technical report, IDTechEx (2010),
  12. 12.
    Holtmanns, S., Niemi, V., Ginzboorg, P., Laitinen, P., Asokan, N.: Cellular Authentication for Mobile and Internet Services. Wiley, Chichester (2008)Google Scholar
  13. 13.
    Kostiainen, K., Asokan, N., Ekberg, J.-E.: Credential disabling from trusted execution environments. In: Proc. of Nordic Conference in Secure IT Systems, Nordsec 2010 (2010)Google Scholar
  14. 14.
    Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proc. ACM Symposium on Information, Computer & Communications Security, ASIACCS 2009 (2009)Google Scholar
  15. 15.
    Kühn, U., Kursawe, K., Lucks, S., Sadeghi, A.-R., Stüble, C.: Secure data management in trusted computing. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 324–338. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Seshadri, A.: Minimal TCB Code Execution (Extended Abstract). In: Proc. IEEE Symposium on Security and Privacy (May 2007)Google Scholar
  17. 17.
    Poitner, M.: Mobile security becomes reality – the mobile security card (2008),
  18. 18.
    Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Sadeghi, A.-R., Wolf, M., Stüble, C., Asokan, N., Ekberg, J.-E.: Enabling fairer digital rights management with trusted computing. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 53–70. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: Proc. IEEE Symposium on Security and Privacy, SP 2007 (2007)Google Scholar
  21. 21.
    Schellekens, D., Tuyls, P., Preneel, B.: Embedded trusted computing with authenticated non-volatile memory. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 60–74. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Schmidt, A., Kuntze, N., Kasper, M.: On the deployment of mobile trusted modules. In: Proc. Wireless Communications and Networking Conference, WCNC 2008 (2008)Google Scholar
  23. 23.
    Selhorst, M., Stüble, C., Feldmann, F., Gnaida, U.: Towards a trusted mobile desktop. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 78–94. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Srage, J., Azema, J.: M-Shield mobile security technology (2005), TI White paper,
  25. 25.
  26. 26.
    Viganò, L.: Automated security protocol analysis with the avispa tool. Electronic Notes in Theoretical Computer Science 155, 61–86 (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Kari Kostiainen
    • 1
  • N. Asokan
    • 1
  • Alexandra Afanasyeva
    • 2
  1. 1.Nokia Research CenterHelsinkiFinland
  2. 2.Saint-Petersburg State University of Aerospace InstrumentationRussia

Personalised recommendations