The Untrusted Computer Problem and Camera-Based Authentication
Pervasive '02 Proceedings of the First International Conference on Pervasive Computing
How to Make Personalized Web Browising Simple, Secure, and Anonymous
FC '97 Proceedings of the First International Conference on Financial Cryptography
Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Hand-held computers can be better smart cards
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A usability study and critique of two password managers
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Using the mobile phone as a security token for unified authentication
ICSNC '07 Proceedings of the Second International Conference on Systems and Networks Communications
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Transaction generators: root kits for web
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Lest we remember: cold-boot attacks on encryption keys
Communications of the ACM - Security in the Browser
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Correcting errors in RSA private keys
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Hi-index | 0.00 |
In modern attacks, the attacker's goal often entails illegal gathering of user credentials such as passwords or browser cookies from a compromised web browser. An attacker first compromises the computer via some kind of attack, and then uses the control over the system to steal interesting data that she can utilize for other kinds of attacks (e.g., impersonation attacks). Protecting user credentials from such attacks is a challenging task, especially if we assume to not have trustworthy computer systems. While users may be inclined to trust their personal computers and smartphones, they might not invest the same confidence in the external machines of others, although they sometimes have no choice but to rely on them, e.g., in their co-workers' offices. To relieve the user from the trust he or she has to grant to these computers, we propose a privacy proxy called SmartProxy, running on a smartphone. The point of this proxy is that it can be accessed from untrusted or even compromised machines via a WiFi or a USB connection, so as to enable secure logins, while at the same time preventing the attacker (who is controlling the machine) from seeing crucial data like user credentials or browser cookies. SmartProxy is capable of handling both HTTP and HTTPS connections and uses either the smartphone's Internet connection, or the fast connection provided by the computer it is linked to. Our solution combines the security benefits of a trusted smartphone with the comfort of using a regular, yet untrusted, computer, i.e., this functionality is especially appealing to those who value the use of a full-sized screen and keyboard.