Speaker: Sara Sinclair
Title: PorKI: Using Personal Devices to Protect Personal Credentials
Abstract:
Public key cryptography offers obvious advantages over
passwords as an
authentication interface. However, it has proved to be unwieldy in
diverse computing environments, where users have multiple machines or
are required to be highly mobile (especially outside of their
organization's network of trusted machines). USB tokens or other
hardware solutions can solve this problem in many cases, but usually
require that workstations be equipped with special drivers and software.
Furthermore, research in our lab has shown that private keys stored on
such USB tokens are susceptible to keyjacking when used on malicious
workstations.
PorKI, a portable key system for personal devices such as PDAs or eventually cellphones, has the potential to allow users to authenticate securely in diverse computing environments without requiring major software installation on workstations, and without opening the private key to keyjacking attacks. Furthermore, PorKI issues attribute certificates to provide the relying party with additional information about the workstation being used. The relying party can then craft its trust judgments based on policies regarding these attributes, which provides a more flexible, more human, understanding of trust than the binary "trusted, not trusted" model.
This talk will explore the design of the PorKI system and the implementation of the prototype, which is currently in progress. In particular, emphasis will be placed on the effort to design PorKI as a simple and intuitive interface replacement for passwords in environments requiring more secure authentication.
Biography:
Sara "Scout" Sinclair is a first year PhD student in the Department of
Computer Science at Dartmouth College. She is a member of the PKI/Trust
lab (http://www.cs.dartmouth.edu/~pkilab ), which is lead by Sean W.
Smith. Her current research surrounds novel uses for standard PKI
tools, security-enabling mobile devices, and human factors in secure
system design. Sara received her B.A. from Wellesley College with
honors in 2004, having majored in Computer Science and French.