Securely storing and using credentials is critical for ensuring the security of many modern distributed applications. Existing approaches to address this problem fall short. User memorizable passwords are flexible and cheap, but they suffer from bad usability and low security. On the other hand, dedicated hardware tokens provide high levels of security, but the logistics of manufacturing and provisioning such tokens are expensive, which makes them unattractive for most service providers. A new approach to address the problem has become possible due to the fact that several types of general-purpose secure hardware, like TPM and M-shield, are becoming widely deployed. These platforms enable, to different degrees, a strongly isolated secure environment. In this paper, we describe how we use general-purpose secure hardware to develop an architecture for credentials which we call On-board Credentials (ObCs). ObCs combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware. A distinguishing feature of the ObC architecture is that it is open: it allows anyone to design and deploy new credential algorithms to ObC-capable devices without approval from the device manufacturer or any other third party. The primary contribution of this paper is showing and solving the technical challenges in achieving openness while avoiding additional costs (by making use of already deployed secure hardware) and without compromising security (e.g., ensuring strong isolation). Our proposed architecture is designed with the constraints of existing secure hardware in mind and has been prototyped on several different platforms including mobile devices based on M-Shield secure hardware.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	ARM. Trustzone-enabled processor. http://www.arm.com/pdfs/DDI0301D_arm1176jzfs_r0p2_trm.pdf.
	2	Victor Costan , Luis F. Sarmenta , Marten Dijk , Srinivas Devadas, The Trusted Execution Module: Commodity General-Purpose Trusted Computing, Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications, p.133-148, September 08-11, 2008, London, UK  [doi>10.1007/978-3-540-85893-5_10]
	3	A. Doherty et al. Dynamic symmetric key provisioning protocol (dskpp). IETF Internet Draft, version 06, November 2008. http://tools.ietf.org/html/ draft-ietf-keyprov-dskpp-06.
	4	Jeffrey S. Dwoskin , Ruby B. Lee, Hardware-rooted trust for secure key management and transient trust, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA  [doi>10.1145/1315245.1315294]
	5	Jan-Erik Ekberg , N. Asokan , Kari Kostiainen , Aarne Rantala, Scheduling execution of credentials in constrained secure environments, Proceedings of the 3rd ACM workshop on Scalable trusted computing, October 31-31, 2008, Alexandria, Virginia, USA  [doi>10.1145/1456455.1456465]
	6	Jan-Erik Ekberg et al. Onboard credentials platform: Design and implementation. Technical Report NRC-TR-2008-001, Nokia Research Center, January 2008. http://research.nokia.com/files/NRCTR2008001.pdf.
	7	Jan-Erik Ekberg and Markku Kylänpää. Mobile trusted module. Technical Report NRC-TR-2007-015, Nokia Research Center, November 2007. http://research.nokia.com/files/NRCTR2007015.pdf.
	8	Sebastian Gajek , Ahmad-Reza Sadeghi , Christian Stuble , Marcel Winandy, Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing, Proceedings of the The Second International Conference on Availability, Reliability and Security, p.120-127, April 10-13, 2007  [doi>10.1109/ARES.2007.59]
	9	GlobalPlatform. Why the mobile industry is evolving towards security, August 2007. GlobalPlatform white paper. http://www.globalplatform.org/uploads/ STIP_WhitePaper.pdf.
	10	J. Alex Halderman , Seth D. Schoen , Nadia Heninger , William Clarkson , William Paul , Joseph A. Calandrino , Ariel J. Feldman , Jacob Appelbaum , Edward W. Felten, Lest we remember: cold boot attacks on encryption keys, Proceedings of the 17th conference on Security symposium, p.45-60, July 28-August 01, 2008, San Jose, CA
	11	JavaCard Technology. http://java.sun.com/products/javacard/.
	12	Ruby B. Lee , Peter C. S. Kwan , John P. McGregor , Jeffrey Dwoskin , Zhenghong Wang, Architecture for Protecting Critical Secrets in Microprocessors, Proceedings of the 32nd annual international symposium on Computer Architecture, p.2-13, June 04-08, 2005
	13	The Programming Language Lua. http://www.lua.org/.
	14	Jonathan M. McCune , Bryan Parno , Adrian Perrig , Michael K. Reiter , Arvind Seshadri, Minimal TCB Code Execution, Proceedings of the 2007 IEEE Symposium on Security and Privacy, p.267-272, May 20-23, 2007  [doi>10.1109/SP.2007.27]
	15	Magnus Nyström. Cryptographic Token Key Initialization Protocol (CT-KIP). IETF RFC 4758, November 2006.
	16	Open Mobile Alliance - Device Management Working Group. http://www.openmobilealliance.org/Technical/DM.aspx.
	17	Jay Srage and Jérôme Azema. M-Shield mobile security technology, 2005. TI White paper. http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf.
	18	G. Edward Suh , Charles W. O'Donnell , Ishan Sachdev , Srinivas Devadas, Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions, Proceedings of the 32nd annual international symposium on Computer Architecture, p.25-36, June 04-08, 2005
	19	TCG Infrastructure Workgroup. Subject Key Attestation Evidence Extension", Specification Version 1.0 Revision 7, June 2005. https://www.trustedcomputinggroup.org/specs/IWG/.
	20	Trusted Platform Module (TPM) Specifications. https://www.trustedcomputinggroup.org/specs/TPM/.
	21	WiMAX Forum. WiMAX Forum X. 509 Device Certificate Profile Approved Specification, April 2008. http://www.wimaxforum.org/certification/x509_ certificates/pdfs/wimax_forum_x509_device_certificate_profile.pdf.