The Zurich Trusted Information Channel --- An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks

Authors:
Thomas Weigold;Thorsten Kramp;Reto Hermann;Frank Höring;Peter Buhler;Michael Baentsch
Affiliations:
IBM Zurich Research Laboratory,;IBM Zurich Research Laboratory,;IBM Zurich Research Laboratory,;IBM Zurich Research Laboratory,;IBM Zurich Research Laboratory,;IBM Zurich Research Laboratory,
Venue:
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Year:
2008

Citing 3
Cited 11

Two-factor authentication: too little, too late

Communications of the ACM - Transforming China
Secure Internet Banking Authentication

IEEE Security and Privacy
Remote Client Authentication

IEEE Security and Privacy

On the Theory and Practice of Personal Digital Signatures

Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Breaking e-banking CAPTCHAs

Proceedings of the 26th Annual Computer Security Applications Conference
Kells: a protection framework for portable data

Proceedings of the 26th Annual Computer Security Applications Conference
Attacking of smartcard-based banking applications with javascript-based rootkits

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
hPIN/hTAN: a lightweight and low-cost e-banking solution against untrusted computers

FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Secure lazy provisioning of virtual desktops to a portable storage device

Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date
The secure enterprise desktop: changing today's computing infrastructure

ESOCC'12 Proceedings of the First European conference on Service-Oriented and Cloud Computing
Designed to fail: a USB-Connected reader for online banking

NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
The secure platform problem taxonomy and analysis of existing proposals to address this problem

Proceedings of the 6th International Conference on Theory and Practice of Electronic Governance
Secure inspection of web transactions

International Journal of Internet Technology and Secured Transactions
Attacking the verification code mechanism in the norwegian internet voting system

Vote-ID'13 Proceedings of the 4th international conference on E-Voting and Identity

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper introduces the Zurich Trusted Information Channel (ZTIC, for short), a cost-efficient and easy-to-use approach to defend online services from man-in-the-middle and malicious software attacks. A small, cheap to manufacture and zero-installation USB device with a display runs a highly efficient security software stack providing the communications endpoint between server and customer. The insecure user PC is used solely to relay IP packets and display non-critical transaction information. All critical information is parsed out of the mutually-authenticated SSL/TLS connections that the ZTIC establishes to the server and shown on the display for explicit user approval.