1st TIPPI Workshop

Trustworthy Interfaces for Passwords and Personal Information

Speaker: Sara Sinclair

Title: PorKI: Using Personal Devices to Protect Personal Credentials

Public key cryptography offers obvious advantages over passwords as an authentication interface. However, it has proved to be unwieldy in diverse computing environments, where users have multiple machines or are required to be highly mobile (especially outside of their organization's network of trusted machines). USB tokens or other hardware solutions can solve this problem in many cases, but usually require that workstations be equipped with special drivers and software. Furthermore, research in our lab has shown that private keys stored on such USB tokens are susceptible to keyjacking when used on malicious workstations.

PorKI, a portable key system for personal devices such as PDAs or eventually cellphones, has the potential to allow users to authenticate securely in diverse computing environments without requiring major software installation on workstations, and without opening the private key to keyjacking attacks. Furthermore, PorKI issues attribute certificates to provide the relying party with additional information about the workstation being used. The relying party can then craft its trust judgments based on policies regarding these attributes, which provides a more flexible, more human, understanding of trust than the binary "trusted, not trusted" model.

This talk will explore the design of the PorKI system and the implementation of the prototype, which is currently in progress. In particular, emphasis will be placed on the effort to design PorKI as a simple and intuitive interface replacement for passwords in environments requiring more secure authentication.

Sara "Scout" Sinclair is a first year PhD student in the Department of Computer Science at Dartmouth College. She is a member of the PKI/Trust lab (http://www.cs.dartmouth.edu/~pkilab ), which is lead by Sean W. Smith. Her current research surrounds novel uses for standard PKI tools, security-enabling mobile devices, and human factors in secure system design. Sara received her B.A. from Wellesley College with honors in 2004, having majored in Computer Science and French.

Back to TIPPI workshop page