The Community for Technology Leaders
Computer Security Applications Conference, Annual (2005)
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISSN: 1063-9527
ISBN: 0-7695-2461-3
pp: 419-430
Sean W. Smith , Dartmouth College
Sara Sinclair , Dartmouth College
ABSTRACT
<p>As evidenced by the proliferation of phishing attacks and keystroke loggers, we know that human beings are not wellequipped to make trust decisions about when to use their passwords or other personal credentials. Public key cryptography can reduce this risk of attack, because authentication using PKI is designed to not give away sensitive data. However, using private keys on standard platforms exposes the user to "keyjacking"; mobile users wishing to use keypairs on an unfamiliar and potentially untrusted workstation face even more obstacles.</p> <p>In this paper we present the design and prototype of PorKI, a software application for mobile devices that offers an alternative solution to the portable key problem. Through the use of temporary keypairs, proxy certificates, and wireless protocols, PorKI enables a user to employ her PKI credentials on any Bluetoothenabled workstation, including those not part of her organization?s network, and even those that might be malicious. Moreover, by crafting XACML policy statements that limit the key usage to the workstation?s trustworthiness level, and inserting these statements into extensions of the proxy certificates, PorKI provides the user or the relying party with the ability to limit the amount of trust that can be put in the temporary keypair used on that workstation, and thus the scope of a potential compromise.</p>
INDEX TERMS
null
CITATION
Sean W. Smith, Sara Sinclair, "PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness", Computer Security Applications Conference, Annual, vol. 00, no. , pp. 419-430, 2005, doi:10.1109/CSAC.2005.43
92 ms
(Ver )