Dartmouth logo Dartmouth College Computer Science
Technical Report series
CS home
TR home
TR search TR listserv
By author: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
By number: 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1994, 1993, 1992, 1991, 1990, 1989, 1988, 1987, 1986

Secure Hardware Enhanced MyProxy
John Marchesini, Sean W. Smith
Dartmouth TR2004-525

Abstract: In 1976, Whitfield Diffie and Martin Hellman demonstrated how "New Directions In Cryptography" could enable secure information exchange between parties that do not share secrets. In order for public key cryptography to work in modern distributed environments, we need an infrastructure for finding and trusting other parties' public keys (i.e., a PKI). A number of useful applications become possible with PKI. While the applications differ in how they use keys (e.g., S/MIME uses the key for message encryption and signing, while client-side SSL uses the key for authentication), all applications share one assumption: users have keypairs.

In previous work, we examined the security aspects of some of the standard keystores and the their interaction with the OS. We concluded that desktops are not safe places to store private keys, and we demonstrated the permeability of keystores such as the default Microsoft keystore and the Mozilla keystore. In addition to being unsafe, these desktop keystores have the added disadvantage of being immobile.

In other previous work, we examined trusted computing. In industry, a new trusted computing initiative has emerged: the Trusted Computing Platform Alliance (TCPA) (now renamed the Trusted Computing Group (TCG)). The goal of the TCG design is lower-assurance security that protects an entire desktop platform and is cheap enough to be commercially feasible. Last year, we built a trusted computing platform based on the TCG specifications and hardware.

The picture painted by these previous projects suggests that common desktops are not secure enough for use as PKI clients, and trusted computing can improve the security of client machines. The question that I propose to investigate is: "Can I build a system which applies trusted computing hardware in a reasonable manner in order to make desktops usable for PKI?" My design begins with the Grid community's "MyProxy" credential repository, and enhances it to take advantage of secure hardware on the clients, at the repository, and in the policy framework. The result is called "Secure Hardware Enhanced MyProxy".


PDF PDF (208KB)

Bibliographic citation for this report: [plain text] [BIB] [BibTeX] [Refer]

Or copy and paste:
   John Marchesini and Sean W. Smith, "Secure Hardware Enhanced MyProxy." Dartmouth Computer Science Technical Report TR2004-525, November 2004.


Notify me about new tech reports.

Search the technical reports.

To receive paper copy of a report, by mail, send your address and the TR number to reports AT cs.dartmouth.edu


Copyright notice: The documents contained in this server are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Technical reports collection maintained by David Kotz.