Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Transaction generators: root kits for web
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Measuring Semantic Integrity for Remote Attestation
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
On-board credentials with open provisioning
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Practical uses of virtual machines for protection of sensitive user data
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Towards a trusted mobile desktop
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
SmartTokens: delegable access control with NFC-Enabled smartphones
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Secure inspection of web transactions
International Journal of Internet Technology and Secured Transactions
| Hi-index | 0.00 |
Mobile phones are increasingly used as general purpose computing devices with permanent Internet connection. This imposes several threats as the phone operating system (OS) is typically derived from desktop counterparts and, hence, inherits the same or similar security shortcomings. In particular, the protection of login credentials when accessing web services becomes crucial under phishing and malware attacks. On the other hand many modern mobile phones provide hardware-supported security mechanisms currently unused by most phone OSs. In this paper, we show how to use these mechanisms, in particular trusted execution environments, to protect the user's login credentials. We present the design and implementation proposal (based on Nokia N900 mobile platform) of TruWalletM, a wallet-like password manager and authentication agent towards the protection of login credentials on a mobile phone without the need to trust the whole OS software. We preserve compatibility to existing standard web authentication mechanisms.