Abstract
Securely storing and using credentials for authentication is an essential part of protecting financial applications like on-line banking and other distributed applications. Existing approaches fall short: Requiring users to memorize credentials suffers from bad usability and is vulnerable to phishing. “Password managers” ease the usability problem somewhat, but are open to software attacks, like Trojans that steal passwords. At the other extreme, dedicated hardware tokens provide high levels of security, but are expensive and not very flexible. We observe that general-purpose secure hardware are becoming widely available and use them to develop a platform for “OnBoard Credentials” (ObCs) which combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Asokan, N., et al.: On-board credentials platform: design and implementation, NRC report NRC-TR-2008-001 (to appear) (January 2008), http://research.nokia.com/files/NRCTR2008001.pdf
Ekberg, J.-E., Kylänpää, M.: Mobile trusted module. NRC report NRCTR- 2007-015 (2007), http://research.nokia.com/files/NRCTR2007015.pdf
Sharma, A.: On-board credentials: Hardware-assisted secure storage of credentials. Master’s thesis, Helsinki University of Technology (2007), http://asokan.org/asokan/research/Aish-Thesis-final.pdf
Srage, J., Azema, J.: M-shield mobile security technology, TI White paper (2005), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Asokan, N., Ekberg, JE. (2008). A Platform for OnBoard Credentials. In: Tsudik, G. (eds) Financial Cryptography and Data Security. FC 2008. Lecture Notes in Computer Science, vol 5143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85230-8_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-85230-8_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85229-2
Online ISBN: 978-3-540-85230-8
eBook Packages: Computer ScienceComputer Science (R0)