||Short-Lived Certicates as a Mobile Authentication Method
||Sharma, Pranav Kumar
||Probst, Christian W. (Language-Based Technology, Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
||Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
||Convergence of mobile phones and the Internet opens up unlimited opportunities
to service providers and users alike. For service providers, it offers an
opportunity to deploy innovative services for a large base of users and boost
revenue. For users, it brings them closer to the dream of "anytime-anywhere"
services available in "all-in-one" device. However, exploiting these opportunities
into real world requires an assurance to both service providers and mobile users
that the services adheres to well known security models.
The Public Key Infrastructure for mobile phones (mobile PKI) is emerging as
enabling technology for accessing services over the Internet. Yet, authentication
of service providers and users in the mobile PKI brings its own set of challenges.
For example, check for certificate revocation is vital but it is resource consuming
and requires connectivity. Security of the private key is central to PKI but
portable nature of mobile phones exacerbate the issue. Existing practices of
offline credential verification to issue a certificate restrict usability of certificates
for mobile users.
This thesis proposes an authentication method based on short-lived standard
X.509 certificates. The objectives are to minimize need for certificate revocation
checks, secure credential store and online certificate request, verification and issuance.
We present an architecture for obtaining certicates online to mobile
phones using existing credentials. We also provide a mechanism for secure storage
and usage of credentials in mobile phones so that the mobile signatures
qualify for European Telecommunication Standards.
We focus on specific usage scenarios and lay down the system requirements in
terms of usability, technical merits and use of open standards. After the description
of the solution, we present a prototype implementation and illustrate how
the usage scenarios benefit from the proposed method. We analyze and validate
the solution against requirement criteria using the Goal Matrix Approach.
Creation date: 2009-06-23
Update date: 2010-08-25