BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2005-532
ENTRY:: February 07, 2005
ORGANIZATION:: Dartmouth College, Computer Science
TITLE:: SHEMP: Secure Hardware Enhanced MyProxy
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Marchesini, John
AUTHOR:: Smith, Sean
DATE:: February 2005
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2005-532.pdf
ABSTRACT:: 
While PKI applications differ in how they use keys, all applications
share one assumption: users have keypairs.  In previous work, we
established that desktop keystores are not safe places to store
private keys, because the TCB is too large.  These keystores are also
immobile, difficult to use, and make it impossible for relying parties
to make reasonable trust judgments.  Since we would like to use
desktops as PKI clients and cannot realistically expect to redesign
the entire desktop, this paper presents a system that works within the
confines of modern desktops to shrink the TCB needed for PKI
applications.  Our system (called Secure Hardware Enhanced MyProxy
(SHEMP)) shrinks the TCB in space and allows the TCB's size to vary
over time and over various application sensitivity levels, thus making
desktops usable for PKI.
END:: ncstrl.dartmouthcs//TR2005-532