skip to main content
10.1145/1533057.1533074acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

On-board credentials with open provisioning

Published: 10 March 2009 Publication History

Abstract

Securely storing and using credentials is critical for ensuring the security of many modern distributed applications. Existing approaches to address this problem fall short. User memorizable passwords are flexible and cheap, but they suffer from bad usability and low security. On the other hand, dedicated hardware tokens provide high levels of security, but the logistics of manufacturing and provisioning such tokens are expensive, which makes them unattractive for most service providers. A new approach to address the problem has become possible due to the fact that several types of general-purpose secure hardware, like TPM and M-shield, are becoming widely deployed. These platforms enable, to different degrees, a strongly isolated secure environment. In this paper, we describe how we use general-purpose secure hardware to develop an architecture for credentials which we call On-board Credentials (ObCs). ObCs combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware. A distinguishing feature of the ObC architecture is that it is open: it allows anyone to design and deploy new credential algorithms to ObC-capable devices without approval from the device manufacturer or any other third party. The primary contribution of this paper is showing and solving the technical challenges in achieving openness while avoiding additional costs (by making use of already deployed secure hardware) and without compromising security (e.g., ensuring strong isolation). Our proposed architecture is designed with the constraints of existing secure hardware in mind and has been prototyped on several different platforms including mobile devices based on M-Shield secure hardware.

References

[1]
ARM. Trustzone-enabled processor. http://www.arm.com/pdfs/DDI0301D_arm1176jzfs_r0p2_trm.pdf.
[2]
Victor Costan, Luis Sarmenta, Marten van Dijk, and Srinivas Devadas. The trusted execution module: Commodity general-purpose trusted computing. In Proc. Eighth Smart Card Research and Advanced Application Conference, August 2008. http://people.csail.mit.edu/devadas/pubs/cardis08tem.pdf.
[3]
A. Doherty et al. Dynamic symmetric key provisioning protocol (dskpp). IETF Internet Draft, version 06, November 2008. http://tools.ietf.org/html/ draft-ietf-keyprov-dskpp-06.
[4]
Jeffrey Dwoskin and Ruby Lee. Hardware-rooted trust for secure key management and transient trust. In Proc. 14th ACM Conference on Computer and Communication Security, pages 389--400, October 2007.
[5]
Jan-Erik Ekberg, N. Asokan, Kari Kostiainen, and Aarne Rantala. Scheduling the execution of credentials in constrained secure environments. In Proc. ACM Workshop on Scalable Trusted Computing, Oct 2008.
[6]
Jan-Erik Ekberg et al. Onboard credentials platform: Design and implementation. Technical Report NRC-TR-2008-001, Nokia Research Center, January 2008. http://research.nokia.com/files/NRCTR2008001.pdf.
[7]
Jan-Erik Ekberg and Markku Kylänpää. Mobile trusted module. Technical Report NRC-TR-2007-015, Nokia Research Center, November 2007. http://research.nokia.com/files/NRCTR2007015.pdf.
[8]
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stueble, and Marcel Winandy. Compartmented security for browsers -- or how to thwart a phisher with trusted computing. In Proc. of IEEE International Conference on Availability, Reliability and Security (ARES'07), April 2007.
[9]
GlobalPlatform. Why the mobile industry is evolving towards security, August 2007. GlobalPlatform white paper. http://www.globalplatform.org/uploads/ STIP_WhitePaper.pdf.
[10]
Alex Halderman et al. Lest we remember: Cold boot attacks on encryption keys. In Proc. Usenix Security Symposium, 2008. http://citp.princeton.edu/memory/.
[11]
JavaCard Technology. http://java.sun.com/products/javacard/.
[12]
Ruby Lee et al. Architecture for protecting critical secrets in microprocessors. In Proc. 32nd International Symposium on Computer Architecture (ISCA '05), pages 2--13, May 2005.
[13]
The Programming Language Lua. http://www.lua.org/.
[14]
Jonathan McCune et al. Minimal TCB Code Execution (Extended Abstract). In Proc. IEEE Symposium on Security and Privacy, May 2007.
[15]
Magnus Nyström. Cryptographic Token Key Initialization Protocol (CT-KIP). IETF RFC 4758, November 2006.
[16]
Open Mobile Alliance - Device Management Working Group. http://www.openmobilealliance.org/Technical/DM.aspx.
[17]
Jay Srage and Jérôme Azema. M-Shield mobile security technology, 2005. TI White paper. http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf.
[18]
Edward Suh, Charles O'Donnell, Ishan Sachdev, and Srinivas Devadas. Design and implementation of the AEGIS single-chip secure processor using physical random function. In Proc. 32nd Annual International Symposium on Computer Architecture (ISCA '05), pages 25--36, May 2005.
[19]
TCG Infrastructure Workgroup. Subject Key Attestation Evidence Extension", Specification Version 1.0 Revision 7, June 2005. https://www.trustedcomputinggroup.org/specs/IWG/.
[20]
Trusted Platform Module (TPM) Specifications. https://www.trustedcomputinggroup.org/specs/TPM/.
[21]
WiMAX Forum. WiMAX Forum X. 509 Device Certificate Profile Approved Specification, April 2008. http://www.wimaxforum.org/certification/x509_ certificates/pdfs/wimax_forum_x509_device_certificate_profile.pdf.

Cited By

View all
  • (2023)Smaug: A TEE-Assisted Secured SQLite for Embedded SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321602020:5(3617-3635)Online publication date: 1-Sep-2023
  • (2023)Formal Verification of Interrupt Isolation for the TrustZone-based TEE2023 30th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC60848.2023.00041(309-318)Online publication date: 4-Dec-2023
  • (2022)3rdParTEE: Securing Third-Party IoT Services Using the Trusted Execution EnvironmentIEEE Internet of Things Journal10.1109/JIOT.2022.31525559:17(15814-15826)Online publication date: 1-Sep-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
March 2009
408 pages
ISBN:9781605583945
DOI:10.1145/1533057
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 March 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. credentials
  2. provisioning protocols
  3. secure hardware
  4. trusted computing

Qualifiers

  • Research-article

Conference

Asia CCS 09
Sponsor:

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)22
  • Downloads (Last 6 weeks)1
Reflects downloads up to 18 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Smaug: A TEE-Assisted Secured SQLite for Embedded SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321602020:5(3617-3635)Online publication date: 1-Sep-2023
  • (2023)Formal Verification of Interrupt Isolation for the TrustZone-based TEE2023 30th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC60848.2023.00041(309-318)Online publication date: 4-Dec-2023
  • (2022)3rdParTEE: Securing Third-Party IoT Services Using the Trusted Execution EnvironmentIEEE Internet of Things Journal10.1109/JIOT.2022.31525559:17(15814-15826)Online publication date: 1-Sep-2022
  • (2022)A Comprehensive Analysis of Trusted Execution Environments2022 8th International Conference on Information Technology Trends (ITT)10.1109/ITT56123.2022.9863962(61-66)Online publication date: 25-May-2022
  • (2022)Towards secure and trustworthy crowdsourcing: challenges, existing landscape, and future directionsWireless Networks10.1007/s11276-022-03015-8Online publication date: 7-Jun-2022
  • (2021)Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZoneSensors10.3390/s2102052021:2(520)Online publication date: 13-Jan-2021
  • (2020)Fine-Grained Isolation to Protect Data against In-Process Attacks on AArch64Electronics10.3390/electronics90202369:2(236)Online publication date: 1-Feb-2020
  • (2020)SelMonProceedings of the 18th International Conference on Mobile Systems, Applications, and Services10.1145/3386901.3389023(135-147)Online publication date: 15-Jun-2020
  • (2020)Learning from Hometown and Current CityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/33698223:4(1-28)Online publication date: 14-Sep-2020
  • (2020)PrOS: Light-Weight Privatized Se cure OSes in ARM TrustZoneIEEE Transactions on Mobile Computing10.1109/TMC.2019.291086119:6(1434-1447)Online publication date: 1-Jun-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media