Document Type

Technical Report

Publication Date


Technical Report Number



In 1976, Whitfield Diffie and Martin Hellman demonstrated how "New Directions In Cryptography" could enable secure information exchange between parties that do not share secrets. In order for public key cryptography to work in modern distributed environments, we need an infrastructure for finding and trusting other parties' public keys (i.e., a PKI). A number of useful applications become possible with PKI. While the applications differ in how they use keys (e.g., S/MIME uses the key for message encryption and signing, while client-side SSL uses the key for authentication), all applications share one assumption: users have keypairs. In previous work, we examined the security aspects of some of the standard keystores and the their interaction with the OS. We concluded that desktops are not safe places to store private keys, and we demonstrated the permeability of keystores such as the default Microsoft keystore and the Mozilla keystore. In addition to being unsafe, these desktop keystores have the added disadvantage of being immobile. In other previous work, we examined trusted computing. In industry, a new trusted computing initiative has emerged: the Trusted Computing Platform Alliance (TCPA) (now renamed the Trusted Computing Group (TCG)). The goal of the TCG design is lower-assurance security that protects an entire desktop platform and is cheap enough to be commercially feasible. Last year, we built a trusted computing platform based on the TCG specifications and hardware. The picture painted by these previous projects suggests that common desktops are not secure enough for use as PKI clients, and trusted computing can improve the security of client machines. The question that I propose to investigate is: "Can I build a system which applies trusted computing hardware in a reasonable manner in order to make desktops usable for PKI?" My design begins with the Grid community's "MyProxy" credential repository, and enhances it to take advantage of secure hardware on the clients, at the repository, and in the policy framework. The result is called "Secure Hardware Enhanced MyProxy".