Two-factor authentication: too little, too late
Communications of the ACM - Transforming China
Secure Internet Banking Authentication
IEEE Security and Privacy
IEEE Security and Privacy
On the Theory and Practice of Personal Digital Signatures
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Proceedings of the 26th Annual Computer Security Applications Conference
Kells: a protection framework for portable data
Proceedings of the 26th Annual Computer Security Applications Conference
Attacking of smartcard-based banking applications with javascript-based rootkits
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
hPIN/hTAN: a lightweight and low-cost e-banking solution against untrusted computers
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Secure lazy provisioning of virtual desktops to a portable storage device
Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date
The secure enterprise desktop: changing today's computing infrastructure
ESOCC'12 Proceedings of the First European conference on Service-Oriented and Cloud Computing
Designed to fail: a USB-Connected reader for online banking
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
The secure platform problem taxonomy and analysis of existing proposals to address this problem
Proceedings of the 6th International Conference on Theory and Practice of Electronic Governance
Secure inspection of web transactions
International Journal of Internet Technology and Secured Transactions
Attacking the verification code mechanism in the norwegian internet voting system
Vote-ID'13 Proceedings of the 4th international conference on E-Voting and Identity
Hi-index | 0.00 |
This paper introduces the Zurich Trusted Information Channel (ZTIC, for short), a cost-efficient and easy-to-use approach to defend online services from man-in-the-middle and malicious software attacks. A small, cheap to manufacture and zero-installation USB device with a display runs a highly efficient security software stack providing the communications endpoint between server and customer. The insecure user PC is used solely to relay IP packets and display non-critical transaction information. All critical information is parsed out of the mutually-authenticated SSL/TLS connections that the ZTIC establishes to the server and shown on the display for explicit user approval.