BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2001-401
ENTRY:: February 10, 2002
ORGANIZATION:: Dartmouth College, Computer Science
TITLE:: Outbound Authentication for Programmable Secure Coprocessors
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Smith, Sean W.
DATE:: March 2001
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: Compressed Postscript at http://www.cs.dartmouth.edu/reports/TR2001-401.ps.Z
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2001-401.pdf
ABSTRACT:: 
   A programmable secure coprocessor platform can help solve many
security problems in distributed computing.  These solutions usually
require that coprocessor applications be able to participate as
full-fledged parties in distributed cryptographic protocols.  Thus, to
fully enable these solutions, a generic platform must not only provide
programmability, maintenance, and configuration in the hostile
field---it must also provide outbound authentication for the
entities that result.  A particular application on a particular
untampered device must be able to prove who it is to a party on the
other side of the Internet.
   To be effective, a secure outbound authentication service must closely
mesh with the overall security architecture.  Our initial architecture
only sketched a rough design for this service, and did not complete
it.  This paper presents our research and development experience in
refining and implementing this design, to provide PKI-based outbound
authentication for the IBM 4758 Model 2 secure coprocessor platform.
END:: ncstrl.dartmouthcs//TR2001-401