Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine

Authors:
Ravi Chandra Jammalamadaka;Timothy W. van der Horst;Sharad Mehrotra;Kent E. Seamons;Nalini Venkasubramanian
Affiliations:
University of California, Irvine, USA;Brigham Young University, USA;University of California, Irvine, USA;Brigham Young University, USA;University of California, Irvine, USA
Venue:
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Year:
2006

Citing 0
Cited 11

iDataGuard: middleware providing a secure network drive interface to untrusted internet data storage

EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
Securing network input via a trusted input proxy

HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Middleware support for protecting personal data from web based data services

Proceedings of the 4th on Middleware doctoral symposium
One-Time Password Access to Any Server without Changing the Server

ISC '08 Proceedings of the 11th international conference on Information Security
iDataGuard: an interoperable security middleware for untrusted internet data storage

Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference Companion
SessionMagnifier: a simple approach to secure and convenient kiosk browsing

Proceedings of the 11th international conference on Ubiquitous computing
TruWallet: trustworthy and migratable wallet-based web authentication

Proceedings of the 2009 ACM workshop on Scalable trusted computing
Enhancing cardspace authentication using a mobile device

DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
TruWalletM: secure web authentication on mobile platforms

INTRUST'10 Proceedings of the Second international conference on Trusted Systems
SMARTPROXY: secure smartphone-assisted login on compromised machines

DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
WebCallerID: Leveraging cellular networks for Web authentication

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Performing sensitive online transactions using computers found in cybercafés and public libraries is risky. The untrusted nature of these machines creates a target rich environment. A simple keystroke logger, a common payload of many viruses, records and transmits the secret information (e.g., passwords, credit card numbers, PIN numbers) entered into these machines. In addition, sophisticated malware can hijack a user's authenticated session to perform unauthorized transactions masquerading as the user. This paper presents Delegate, a proxy-based architecture that enables a user to access web sites without disclosing personal information to untrusted machines. Delegate enforces rules at the proxy to detect and prevent session hijacking. This architecture leverages users' trusted mobile devices, e.g., cell phones, and requires no modification to web servers or the untrusted machines. Delegate is designed to provide a balance between security and usability.