Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Using handhelds and PCs together
Communications of the ACM
A composable framework for secure multi-modal access to internet services from Post-PC devices
Mobile Networks and Applications
The Personal Server: Changing the Way We Think about Ubiquitous Computing
UbiComp '02 Proceedings of the 4th international conference on Ubiquitous Computing
Creating Applications with Mozilla
Creating Applications with Mozilla
Securing a Remote Terminal Application with a Mobile Trusted Device
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
JavaScript: The Definitive Guide
JavaScript: The Definitive Guide
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Hand-held computers can be better smart cards
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Bump in the ether: a framework for securing sensitive user input
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Towards Trustworthy Kiosk Computing
HOTMOBILE '07 Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications
Secure mobile computing via public terminals
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
SessionMagnifier: a simple approach to secure and convenient kiosk browsing
Proceedings of the 11th international conference on Ubiquitous computing
Supporting distributed private and public user interfaces in urban environments
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
XICE windowing toolkit: Seamless display annexation
ACM Transactions on Computer-Human Interaction (TOCHI)
Leasing service for networks of interactive public displays in urban spaces
GPC'11 Proceedings of the 6th international conference on Advances in grid and pervasive computing
Leasing service for networks of interactive public displays in urban spaces
GPC'11 Proceedings of the 6th international conference on Advances in grid and pervasive computing
PorKI: portable PKI credentials via proxy certificates
EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
SessionJuggler: secure web login from an untrusted terminal using session hijacking
Proceedings of the 21st international conference on World Wide Web
Privacy-aware shared UI toolkit for nomadic environments
Software—Practice & Experience
Security in migratory interactive web applications
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
Interaction techniques for creating and exchanging content with public displays
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
| Hi-index | 0.00 |
This paper presents an architecture that affords mobile users greater trust and security when browsing the internet (e.g., when making personal/financial transactions) from public terminals at Internet Cafes or other unfamiliar locations. This is achieved by enabling web applications to split their client-side pages across a pair of browsers: one untrusted browser running on a public PC and one trusted browser running on the user's personal mobile device, composed into a single logical interface through a local connection, wired or wireless. Information entered via the personal device's keypad cannot be read by the PC, thwarting PC-based key-loggers. Similarly, information displayed on the personal device's screen is also hidden from the PC, preserving the confidentiality and integrity of security-critical data even in the presence of screen grabbing attacks and compromised PC browsers. We present a security policy model for split-trust web applications that defends against a range of crimeware-based attacks, including those based on active-injection (e.g. inserting malicious packets into the network or spoofing user-input events). Performance results of a prototype split-trust implementation are presented, using a commercially available cell phone as a trusted personal device.