Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Trusted language runtime (TLR): enabling trusted applications on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Software abstractions for trusted sensors
Proceedings of the 10th international conference on Mobile systems, applications, and services
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Cloud terminal: secure access to sensitive applications from untrusted systems
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
A Research Agenda Acknowledging the Persistence of Passwords
IEEE Security and Privacy
Strengthening user authentication through opportunistic cryptographic identity assertions
Proceedings of the 2012 ACM conference on Computer and communications security
ScreenPass: secure password entry on touchscreen devices
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
| Hi-index | 0.00 |
Mobile apps increasingly require users to login to remote services such as Facebook and Twitter. Unfortunately, today's mobile platforms provide weak protection for login credentials such as passwords. To address this problem, we introduce the idea of an attested login and an embodiment of this idea called VeriUI. Attested login augments user credentials with a certificate describing the software and hardware that handled the credentials. Experiments with a VeriUI prototype found that it avoids the sluggish responsiveness of a thin-client approach, while a small app study indicates that VeriUI would require minor changes to existing apps.