short-paper

Credential life cycle management in open credential platforms (short paper)

Authors:

Kari Kostiainen,

N. AsokanAuthors Info & Claims

STC '11: Proceedings of the sixth ACM workshop on Scalable trusted computing

Pages 65 - 70

https://doi.org/10.1145/2046582.2046595

Published: 17 October 2011 Publication History

Abstract

Hardware-based trusted execution environments (TEEs) allow remote provisioning of secure credentials. In a closed credential platform installation of credentials to a TEE is controlled by a centralized authority. Due to the central control point credential life cycle management in closed credential platforms is straight-forward to implement, but credential installation is limited to credentials approved by the control point. Open credential platforms allow free credential provisioning by any credential issuer, but subsequent credential life cycle management is more challenging to realize. In this paper we identify requirements for credential life cycle management and outline a model that meets the needs of both credential issuers and end users. We compare credential life cycle management in open and closed platforms, and conclude that contrary to a common perception open provisioning model does not have to imply reduced security or usability in subsequent credential management.

References

[1]

Arm trustzone-enabled processor. http://www.arm.com/products/processors/technologies/trustzone.php.

[2]

Openid. http://openid.net/developers/specs/.

[3]

TPM Specifications, 2007. http://www.trustedcomputinggroup.org/resources/tpm_main_specification.

[4]

S. Berger et al. vTPM - virtualizing the trusted platform module. In Proc. 15th Usenix Security Symposium, 2006.

Digital Library

[5]

Xavier Boyen. Hidden credential retrieval from a reusable password. In Proc. 4th International Symposium on Information, Computer, and Communications Security (ASIACCS'09), 2009.

Digital Library

[6]

A. Cooper and A. Martin. Towards an open, trusted digital rights management platform. In Proc. ACM workshop on Digital rights management (DRM'06), 2006.

Digital Library

[7]

V. Costan et al. The trusted execution module: Commodity general-purpose trusted computing. In Proc. 8th Smart Card Research and Advanced Application Conference (CARDIS 2008), August 2008.

Digital Library

[8]

Mobey Forum. White paper: Alternatives for banks to offer secure mobile payments, 2010. http://www.mobeyforum.org/.

[9]

S. Gajek et al. Truwallet: trustworthy and migratable wallet-based web authentication. In Proc. ACM workshop on Scalable trusted computing (STC'09), 2009.

Digital Library

[10]

E. Hammer-Lahav et al. Rfc 5849: The oauth 1.0 protocol, 2010.

[11]

K. Kostiainen et al. On-board credentials with open provisioning. In Proc. ACM Symposium on Information, Computer and Communications Security (ASIACCS'09), 2009.

Digital Library

[12]

K. Kostiainen et al. Towards user-friendly credential transfer on open credential platforms. In Proc. of Applied Cryptography and Network Security (ACNS'11), 2011.

Digital Library

[13]

U. Kühn et al. Secure data management in trusted computing. In Proc. Workshop on Cryptographic Hardware and Embedded Systems (CHES 2005), 2005.

Digital Library

[14]

J. McCune et al. Minimal TCB Code Execution (Extended Abstract). In Proc. IEEE Symposium on Security and Privacy, May 2007.

Digital Library

[15]

M. Poitner. Mobile security becomes reality -- the mobile security card. http://www.ctst.com/CTST08/pdf/Poitner.pdf, 2008.

[16]

A. Rundgren. Sks -- secure key store. http://webpki.org/papers/keygen2/secure-key-store.pdf, 2009.

[17]

A. Rundgren. Sks (secure key storage) api and architecture. http://webpki.org/papers/keygen2/sks-api-arch.pdf, 2011.

[18]

A-R. Sadeghi et al. Enabling fairer digital rights management with trusted computing. In Proc. 10th International Conference on Information Security (ISC'07), 2007.

Digital Library

[19]

A. Schmidt et al. On the deployment of mobile trusted modules. In Proc. Wireless Communications and Networking Conference (WCNC'08), 2008.

[20]

M. Villalba. One-time passwords and remote credential management using on-board credentials. Master's thesis, Aalto University, 2011.

Cited By

Liu XGuo ZMa JSong Y(2022)A Secure Authentication Scheme for Wireless Sensor Networks Based on DAC and Intel SGXIEEE Internet of Things Journal10.1109/JIOT.2021.30979969:5(3533-3547)Online publication date: 1-Mar-2022
https://doi.org/10.1109/JIOT.2021.3097996
Akram RMarkantonakis KSauveron D(2016)Recovering from a lost digital walletPervasive and Mobile Computing10.1016/j.pmcj.2015.06.01829:C(113-129)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.1016/j.pmcj.2015.06.018
Arfaoui GGharout STraoré J(2014)Trusted Execution EnvironmentsProceedings of the 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering10.1109/MobileCloud.2014.47(259-266)Online publication date: 8-Apr-2014
https://dl.acm.org/doi/10.1109/MobileCloud.2014.47
Show More Cited By

Index Terms

Credential life cycle management in open credential platforms (short paper)
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Towards user-friendly credential transfer on open credential platforms
ACNS'11: Proceedings of the 9th international conference on Applied cryptography and network security

Hardware-based "trusted execution environments" (TrEEs) are becoming widely available and open credentials platforms allow any service provider to issue credentials to such TrEEs. Credential transfer in an open system poses usability challenges: Certain ...
Clustering subjects in a credential-based access control framework

Currently, access control of distributed Internet resources (such as files, documents and web services) has become extremely demanding. Several new access control models have been introduced. Most of the proposed approaches increase the complexity of ...
Abductive authorization credential gathering
POLICY'09: Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks

A central task in the context of logic-based decentralized authorization languages is that of gathering credentials from credential providers, required by the resource guard's policy to grant a user's access request. This paper presents an abduction-...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STC '11: Proceedings of the sixth ACM workshop on Scalable trusted computing

October 2011

86 pages

ISBN:9781450310017

DOI:10.1145/2046582

Conference Chair:
Shouhuai Xu
University of Texas, San Antonio, USA
,
General Chair:
Yan Chen
Northwestern University, USA
,
Program Chairs:
Ahmad-Reza Sadeghi
TU Darmstadt, Germany
,
Xinwen Zhang
Huawei Research Center, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 17, 2011

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 17 of 31 submissions, 55%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
199
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu XGuo ZMa JSong Y(2022)A Secure Authentication Scheme for Wireless Sensor Networks Based on DAC and Intel SGXIEEE Internet of Things Journal10.1109/JIOT.2021.30979969:5(3533-3547)Online publication date: 1-Mar-2022
https://doi.org/10.1109/JIOT.2021.3097996
Akram RMarkantonakis KSauveron D(2016)Recovering from a lost digital walletPervasive and Mobile Computing10.1016/j.pmcj.2015.06.01829:C(113-129)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.1016/j.pmcj.2015.06.018
Arfaoui GGharout STraoré J(2014)Trusted Execution EnvironmentsProceedings of the 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering10.1109/MobileCloud.2014.47(259-266)Online publication date: 8-Apr-2014
https://dl.acm.org/doi/10.1109/MobileCloud.2014.47
Asokan NDavi LDmitrienko AHeuser SKostiainen KReshetova ESadeghi A(2013)Mobile Platform SecuritySynthesis Lectures on Information Security, Privacy, and Trust10.2200/S00555ED1V01Y201312SPT0094:3(1-108)Online publication date: 26-Dec-2013
https://doi.org/10.2200/S00555ED1V01Y201312SPT009

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents