PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness

Sara Sinclair
Dartmouth College Computer Science Department

Sean W. Smith
Dartmouth College Computer Science Department

As evidenced by the proliferation of phishing attacks and keystroke
loggers, we know that human beings are not well-equipped to make trust
decisions about when to use their passwords or other personal
credentials. Public key cryptography can reduce this risk of attack,
because authentication using PKI is designed to not give away
sensitive data. However, using private keys on standard platforms
exposes the user to ``keyjacking''; mobile users wishing to use
keypairs on an unfamiliar and potentially untrusted workstation face
even more obstacles.

In this paper we present the design and prototype of PorKI, a software
application for mobile devices that offers an alternative solution to
the portable key problem. Through the use of temporary keypairs, proxy
certificates, and wireless protocols, PorKI enables a user to employ
her PKI credentials on any Bluetooth-enabled workstation, including
those not part of her organization's network, and even those that
might be malicious. Moreover, by crafting XACML policy statements
which limit the key usage to the workstation's trustworthiness level
and inserting them into extensions of these proxy certificates, PorKI
provides the user with the ability to limit the amount of trust that
can be put on the temporary keypair used on that workstation, and thus
the scope of a potential compromise.

Keywords: PKI, proxy certificates, delegation, mobile devices

Read Paper Read Paper (in PDF)