Enhancing web browsing security on public terminals using mobile composition
Proceedings of the 6th international conference on Mobile systems, applications, and services
Trustworthy and personalized computing on public kiosks
Proceedings of the 6th international conference on Mobile systems, applications, and services
Practical security for rural internet kiosks
Proceedings of the second ACM SIGCOMM workshop on Networked systems for developing regions
Tagging the Turtle: Local Attestation for Kiosk Computing
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
SessionMagnifier: a simple approach to secure and convenient kiosk browsing
Proceedings of the 11th international conference on Ubiquitous computing
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
An approach to introducing locality in remote attestation using near field communications
The Journal of Supercomputing
XICE windowing toolkit: Seamless display annexation
ACM Transactions on Computer-Human Interaction (TOCHI)
Secure mobile computing via public terminals
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Instant matchmaking: simple and secure integrated ubiquitous computing environments
UbiComp'06 Proceedings of the 8th international conference on Ubiquitous Computing
Privacy-aware shared UI toolkit for nomadic environments
Software—Practice & Experience
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
A snapshot of trusted personal devices applicable to transaction processing
Personal and Ubiquitous Computing
Hi-index | 0.00 |
Many real-world applications use credentials such as passwords as means of user authentication. When accessed from untrusted public terminals, such applications are vulnerable to credential sniffing attacks, as shown by recent highly publicized compromises. In this paper, we describe a secure remote terminal application that allows users possessing a trusted device to delegate their credentials for performing a task to a public terminal without being in danger of disclosing any long-term secrets. Instead, the user gives the terminal the capability of performing a task temporarily (as long as the user is in its proximity). Our model is intuitive in the sense that the user exposes to the untrusted terminal only what he sees on the display, and nothing else. We present the design and implementation of such a system. The overhead - in terms of additional network traffic - created by introducing a trusted third party is a moderate 12%.