SHEMP: Secure Hardware Enhanced MyProxy

Authors

John Marchesini, Dartmouth College
Sean Smith, Dartmouth College

Document Type

Technical Report

Publication Date

2-1-2005

Technical Report Number

TR2005-532

Abstract

While PKI applications differ in how they use keys, all applications share one assumption: users have keypairs. In previous work, we established that desktop keystores are not safe places to store private keys, because the TCB is too large. These keystores are also immobile, difficult to use, and make it impossible for relying parties to make reasonable trust judgments. Since we would like to use desktops as PKI clients and cannot realistically expect to redesign the entire desktop, this paper presents a system that works within the confines of modern desktops to shrink the TCB needed for PKI applications. Our system (called Secure Hardware Enhanced MyProxy (SHEMP)) shrinks the TCB in space and allows the TCB's size to vary over time and over various application sensitivity levels, thus making desktops usable for PKI.

Dartmouth Digital Commons Citation

Marchesini, John and Smith, Sean, "SHEMP: Secure Hardware Enhanced MyProxy" (2005). Computer Science Technical Report TR2005-532. https://digitalcommons.dartmouth.edu/cs_tr/266