{"title":"PorKI:使用户PKI在异构可信的机器上安全","authors":"S. Sinclair, Sean W. Smith","doi":"10.1109/CSAC.2005.43","DOIUrl":null,"url":null,"abstract":"As evidenced by the proliferation of phishing attacks and keystroke loggers, we know that human beings are not well-equipped to make trust decisions about when to use their passwords or other personal credentials. Public key cryptography can reduce this risk of attack, because authentication using PKI is designed to not give away sensitive data. However, using private keys on standard platforms exposes the user to \"keyjacking\"; mobile users wishing to use keypairs on an unfamiliar and potentially untrusted workstation face even more obstacles. In this paper we present the design and prototype of PorKI, a software application for mobile devices that offers an alternative solution to the portable key problem. Through the use of temporary keypairs, proxy certificates, and wireless protocols, PorKI enables a user to employ her PKI credentials on any Bluetooth-enabled workstation, including those not part of her organization's network, and even those that might be malicious. Moreover, by crafting XACML policy statements that limit the key usage to the workstation's trustworthiness level, and inserting these statements into extensions of the proxy certificates, PorKI provides the user or the relying party with the ability to limit the amount of trust that can be put in the temporary keypair used on that workstation, and thus the scope of a potential compromise","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"PorKI: making user PKI safe on machines of heterogeneous trustworthiness\",\"authors\":\"S. Sinclair, Sean W. Smith\",\"doi\":\"10.1109/CSAC.2005.43\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As evidenced by the proliferation of phishing attacks and keystroke loggers, we know that human beings are not well-equipped to make trust decisions about when to use their passwords or other personal credentials. Public key cryptography can reduce this risk of attack, because authentication using PKI is designed to not give away sensitive data. However, using private keys on standard platforms exposes the user to \\\"keyjacking\\\"; mobile users wishing to use keypairs on an unfamiliar and potentially untrusted workstation face even more obstacles. In this paper we present the design and prototype of PorKI, a software application for mobile devices that offers an alternative solution to the portable key problem. Through the use of temporary keypairs, proxy certificates, and wireless protocols, PorKI enables a user to employ her PKI credentials on any Bluetooth-enabled workstation, including those not part of her organization's network, and even those that might be malicious. Moreover, by crafting XACML policy statements that limit the key usage to the workstation's trustworthiness level, and inserting these statements into extensions of the proxy certificates, PorKI provides the user or the relying party with the ability to limit the amount of trust that can be put in the temporary keypair used on that workstation, and thus the scope of a potential compromise\",\"PeriodicalId\":422994,\"journal\":{\"name\":\"21st Annual Computer Security Applications Conference (ACSAC'05)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-12-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"21st Annual Computer Security Applications Conference (ACSAC'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAC.2005.43\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st Annual Computer Security Applications Conference (ACSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2005.43","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
PorKI: making user PKI safe on machines of heterogeneous trustworthiness
As evidenced by the proliferation of phishing attacks and keystroke loggers, we know that human beings are not well-equipped to make trust decisions about when to use their passwords or other personal credentials. Public key cryptography can reduce this risk of attack, because authentication using PKI is designed to not give away sensitive data. However, using private keys on standard platforms exposes the user to "keyjacking"; mobile users wishing to use keypairs on an unfamiliar and potentially untrusted workstation face even more obstacles. In this paper we present the design and prototype of PorKI, a software application for mobile devices that offers an alternative solution to the portable key problem. Through the use of temporary keypairs, proxy certificates, and wireless protocols, PorKI enables a user to employ her PKI credentials on any Bluetooth-enabled workstation, including those not part of her organization's network, and even those that might be malicious. Moreover, by crafting XACML policy statements that limit the key usage to the workstation's trustworthiness level, and inserting these statements into extensions of the proxy certificates, PorKI provides the user or the relying party with the ability to limit the amount of trust that can be put in the temporary keypair used on that workstation, and thus the scope of a potential compromise
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
