Secure Hardware Enhanced MyProxy

Traditionally, users either put their key on some sort of hardware device such as a smart card or USB token, or they place it directly on the hard disk such as in a browser or system keystore. Most modern operating systems (such as Windows and Mac OSX) include a keystore and a set of Cryptographic Service Providers (CSPs) which use the key. In fact, many cross-platform software systems, such as the Java Runtime and the Netscape/Mozilla Web browser include their own keystore so that they may use a user’s keypair without having to rely on the underlying OS (thus enhancing portability).

[1]  Steven Tuecke,et al.  X.509 Proxy Certificates for Dynamic Delegation , 2004 .

[2]  Sean W. Smith,et al.  Trusted S/MIME Gateways , 2003 .

[3]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[4]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[5]  Stephen Farrell,et al.  Securely Available Credentials - Requirements , 2001, RFC.

[6]  Sean W. Smith,et al.  Using a High-Performance, Programmable Secure Coprocessor , 1998, Financial Cryptography.

[7]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[8]  Sean W. Smith,et al.  Keyjacking: Risks of the Current Client-side Infrastructure , 2003 .

[9]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[10]  Barbara Gengler Reports: Trusted Computing Platform Alliance , 2001 .

[11]  Sean W. Smith,et al.  Open-source applications of TCPA hardware , 2004, 20th Annual Computer Security Applications Conference.

[12]  Nick Feamster,et al.  Dos and don'ts of client authentication on the web , 2001 .

[13]  Sean W. Smith,et al.  Using SPKI/SDSI for Distributed Maintenance of Attribute Release Policies in Shibboleth , 2004, ICWI.

[14]  Tim Polk,et al.  Internet X.509 Public Key Infrastructure Representation of Elliptic Curve Digital Signature Algorithm (ECDSA) Keys and Signatures in Internet X.509 Public Key Infrastructure Certificates , 1999 .

[15]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[16]  Edward W. Felten,et al.  Understanding Trusted Computing: Will Its Benefits Outweigh Its Drawbacks? , 2003, IEEE Secur. Priv..

[17]  Bennet S. Yee,et al.  Secure Coprocessors in Electronic Commerce Applications , 1995, USENIX Workshop on Electronic Commerce.

[18]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[19]  Ueli Maurer,et al.  Reasoning about public-key certification: on bindings between entities and public keys , 1999, IEEE Journal on Selected Areas in Communications.

[20]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[21]  Sean W. Smith,et al.  WebALPS: a survey of E-commerce privacy and security applications , 2001, SECO.

[22]  David R. Safford The Need for TCPA , 2002 .

[23]  David R. Safford Clarifying Misinformation on TCPA , 2002 .

[24]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[25]  Jim Basney,et al.  A hardware-secured credential repository for Grid PKIs , 2004, IEEE International Symposium on Cluster Computing and the Grid, 2004. CCGrid 2004..

[26]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[27]  Naomaru Itoi Secure Coprocessor Integration with Kerberos V5 , 2000, USENIX Security Symposium.

[28]  Ami Marowka,et al.  The GRID: Blueprint for a New Computing Infrastructure , 2000, Parallel Distributed Comput. Pract..

[29]  Sean W. Smith,et al.  Greenpass: Flexible and Scalable Authorization for Wireless Networks , 2004 .

[30]  David W. Chadwick,et al.  Role-Based Access Control With X.509 Attribute Certificates , 2003, IEEE Internet Comput..

[31]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[32]  Sean W. Smith,et al.  Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear , 2003 .

[33]  Sean W. Smith,et al.  Securing Web servers against insider attack , 2001, Seventeenth Annual Computer Security Applications Conference.

[34]  Sean W. Smith,et al.  Secure coprocessing applications and research issues , 1996 .

[35]  Sean Smith,et al.  Virtual Hierarchies - An Architecture for Building and Maintaining Efficient and Resilient Trust Chains , 2002 .

[36]  Mike Bond,et al.  API-Level Attacks on Embedded Systems , 2001, Computer.

[37]  Stephen Farrell Securely Available Credentials Protocol , 2004, RFC.

[38]  John P. McGregor,et al.  Virtual Secure Coprocessing on General-purpose Processors , 2004 .

[39]  Pekka Nikander,et al.  Decentralized Jini Security , 2001, NDSS.

[40]  Ueli Maurer,et al.  Reasoning about public-key certification: on bindings between entities and public keys , 2000, IEEE J. Sel. Areas Commun..

[41]  Sean W. Smith,et al.  Distributing security-mediated PKI , 2004, International Journal of Information Security.

[42]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[43]  Sean W. Smith,et al.  Privacy-enhanced credential services , 2003 .

[44]  Fred B. Schneider Secure systems conundrum , 2002, CACM.

[45]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[46]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[47]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[48]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[49]  Sean W. Smith Outbound authentication for programmable secure coprocessors , 2004, International Journal of Information Security.

[50]  Paul England,et al.  Authenticated Operation of Open Computing Devices , 2002, ACISP.

[51]  Sean W. Smith,et al.  Keyjacking: the surprising insecurity of client-side SSL , 2005, Comput. Secur..

[52]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[53]  Tal Garfinkel,et al.  Flexible OS Support and Applications for Trusted Computing , 2003, HotOS.

[54]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[55]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[56]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[57]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[58]  Trevor Perrin,et al.  Delegated Cryptography , Online Trusted Third Parties , and PKI , 2002 .