Securing a Remote Terminal Application with a Mobile Trusted Device

Authors:
Alina Oprea;Dirk Balfanz;Glenn Durfee;D. K. Smetters
Affiliations:
Carnegie Mellon University, Pittsburgh, PA;Palo Alto Research Center, Palo Alto, CA;Palo Alto Research Center, Palo Alto, CA;Palo Alto Research Center, Palo Alto, CA
Venue:
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Year:
2004

Citing 0
Cited 13

Enhancing web browsing security on public terminals using mobile composition

Proceedings of the 6th international conference on Mobile systems, applications, and services
Trustworthy and personalized computing on public kiosks

Proceedings of the 6th international conference on Mobile systems, applications, and services
Practical security for rural internet kiosks

Proceedings of the second ACM SIGCOMM workshop on Networked systems for developing regions
Tagging the Turtle: Local Attestation for Kiosk Computing

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
SessionMagnifier: a simple approach to secure and convenient kiosk browsing

Proceedings of the 11th international conference on Ubiquitous computing
Using a personal device to strengthen password authentication from an untrusted computer

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
An approach to introducing locality in remote attestation using near field communications

The Journal of Supercomputing
XICE windowing toolkit: Seamless display annexation

ACM Transactions on Computer-Human Interaction (TOCHI)
Secure mobile computing via public terminals

PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Instant matchmaking: simple and secure integrated ubiquitous computing environments

UbiComp'06 Proceedings of the 8th international conference on Ubiquitous Computing
Privacy-aware shared UI toolkit for nomadic environments

Software—Practice & Experience
Virtualization based password protection against malware in untrusted operating systems

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
A snapshot of trusted personal devices applicable to transaction processing

Personal and Ubiquitous Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many real-world applications use credentials such as passwords as means of user authentication. When accessed from untrusted public terminals, such applications are vulnerable to credential sniffing attacks, as shown by recent highly publicized compromises. In this paper, we describe a secure remote terminal application that allows users possessing a trusted device to delegate their credentials for performing a task to a public terminal without being in danger of disclosing any long-term secrets. Instead, the user gives the terminal the capability of performing a task temporarily (as long as the user is in its proximity). Our model is intuitive in the sense that the user exposes to the untrusted terminal only what he sees on the display, and nothing else. We present the design and implementation of such a system. The overhead - in terms of additional network traffic - created by introducing a trusted third party is a moderate 12%.