Untraceable off-line cash in wallet with observers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
WMCSA '02 Proceedings of the Fourth IEEE Workshop on Mobile Computing Systems and Applications
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Securing a Remote Terminal Application with a Mobile Trusted Device
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Using visual tags to bypass Bluetooth device discovery
ACM SIGMOBILE Mobile Computing and Communications Review
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Reincarnating PCs with portable SoulPads
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Hand-held computers can be better smart cards
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Bump in the ether: a framework for securing sensitive user input
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
IEEE Pervasive Computing
Rapid Trust Establishment for Pervasive Personal Computing
IEEE Pervasive Computing
Towards Trustworthy Kiosk Computing
HOTMOBILE '07 Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Turtles all the way down: research challenges in user-based attestation
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure mobile computing via public terminals
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Bootstrapping trust in a "trusted" platform
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Leveraging smart phones to reduce mobility footprints
Proceedings of the 7th international conference on Mobile systems, applications, and services
Tagging the Turtle: Local Attestation for Kiosk Computing
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
SessionMagnifier: a simple approach to secure and convenient kiosk browsing
Proceedings of the 11th international conference on Ubiquitous computing
Newport: enabling sharing during mobile calls
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Augmented smartphone applications through clone cloud execution
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
Scalable integrity monitoring in virtualized environments
Proceedings of the fifth ACM workshop on Scalable trusted computing
Securing interactive sessions using mobile device through visual channel and visual inspection
Proceedings of the 26th Annual Computer Security Applications Conference
Kells: a protection framework for portable data
Proceedings of the 26th Annual Computer Security Applications Conference
Cheating attacks and resistance techniques in GeoGame design
Futureplay '10 Proceedings of the International Academic Conference on the Future of Game Design and Technology
An approach to introducing locality in remote attestation using near field communications
The Journal of Supercomputing
CloneCloud: elastic execution between mobile device and cloud
Proceedings of the sixth conference on Computer systems
PorKI: portable PKI credentials via proxy certificates
EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
Unicorn: two-factor attestation for data security
Proceedings of the 18th ACM conference on Computer and communications security
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Interactive phone call: synchronous remote collaboration and projected interactive surfaces
Proceedings of the ACM International Conference on Interactive Tabletops and Surfaces
Trust extension for commodity computers
Communications of the ACM
SessionJuggler: secure web login from an untrusted terminal using session hijacking
Proceedings of the 21st international conference on World Wide Web
CommunitySourcing: engaging local crowds to perform expert work via physical kiosks
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Optimizing Storage Performance for VM-Based Mobile Computing
ACM Transactions on Computer Systems (TOCS)
Hi-index | 0.02 |
Many people desire ubiquitous access to their personal computing environments. We present a system in which a user leverages a personal mobile device to establish trust in a public computing device, or kiosk, prior to resuming her environment on the kiosk. We have designed a protocol by which the mobile device determines the identity and integrity of all software loaded on the kiosk, in order to inform the user whether the kiosk is trustworthy. Our system exploits emerging hardware security technologies, namely the Trusted Platform Module and new support in x86 processors for establishing a dynamic root of trust. We have demonstrated the viability of our approach by implementing and evaluating our system on commodity hardware. Through a brief survey, we found that respondents are generally willing to endure a delay in exchange for an increased assurance of data privacy, and that the delay incurred by our unoptimized prototype is close to the range tolerable to the respondents. We have focused on allowing the user to personalize a kiosk by running her own virtual machine there. However, our work is generally applicable to establishing trust on public computing devices before revealing any sensitive information to those devices.