Kari Kostiainen: On-board Credentials: An Open Credential Platform for Mobile Devices
Opponent: Prof. Chris Mitchell, Royal Holloway, University of London, UK.
Supervisor: Prof. Tuomas Aura, Aalto University, Department of Computer Science and Engineering.
Traditional credential solutions have well-known drawbacks. Purely software-based credentials are vulnerable to many attacks, while hardware-based security tokens and smart cards are expensive to deploy and, due to their typical single-purpose nature, force users to carry multiple hardware credentials with them. Recently, general-purpose security elements and architectures have started to become widely available on many commodity devices. On mobile devices, ARM TrustZone is a widely adopted security architecture. Such trusted execution environments enable realization of credentials that combine the flexibility of software solutions with the higher level of protection traditionally offered only by hardware credentials.
In this dissertation, we present several aspects of On-board Credentials (ObC), a novel credential platform for mobile devices. The ObC platform allows flexible creation of arbitrary credentials that utilize hardware security mechanisms for higher level of security. We challenge the prevailing thinking that a credential system must be centralized and closed in order to provide a sufficient level of security and usability. The distinguishing
feature of the ObC platform is an open provisioning model that allows any service provider to deploy new credential instances to end-user devices without having to request approval from a centralized authority.
We study credential life-cycle management in open credential systems and present novel protocols for credential migration, temporary disabling and updates. We also describe mechanisms for key and application attestation. Our application attestation model makes property-based attestation practical by bootstrapping application authentication from existing certification infrastructures. We also compare open and closed credential platforms and show that openness does not have to imply decreased security or usability.
We have implemented the On-board Credentials platform for Symbian phones using the TrustZone trusted execution environment. Our implementation is part of the latest Nokia Symbian devices, and the On-board Credentials platform is currently being ported to other smartphone platforms. The first substantial credential deployments are now starting.