A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
High-Bandwidth Encryption with Low-Bandwidth Smartcards
Proceedings of the Third International Workshop on Fast Software Encryption
Smart cards in hostile environments
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Software security and privacy risks in mobile e-commerce
Communications of the ACM
A trusted process to digitally sign a document
Proceedings of the 2001 workshop on New security paradigms
A composable framework for secure multi-modal access to internet services from Post-PC devices
Mobile Networks and Applications
Photographic Authentication through Untrusted Terminals
IEEE Pervasive Computing
Generating RSA Keys on a Handheld Using an Untrusted Server
INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Protecting cryptographic keys and computations via virtual secure coprocessing
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
Security analysis of the palm operating system and its weaknesses against malicious code threats
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Security analysis of the palm operating system and its weaknesses against malicious code threats
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Secure roaming with identity metasystems
Proceedings of the 7th symposium on Identity and trust on the Internet
Enhancing web browsing security on public terminals using mobile composition
Proceedings of the 6th international conference on Mobile systems, applications, and services
Trustworthy and personalized computing on public kiosks
Proceedings of the 6th international conference on Mobile systems, applications, and services
Building secure web applications with automatic partitioning
Communications of the ACM - Inspiring Women in Computing
Near-field communication-based secure mobile payment service
Proceedings of the 11th International Conference on Electronic Commerce
Choose the red pill and the blue pill: a position paper
Proceedings of the 2008 workshop on New security paradigms
SessionMagnifier: a simple approach to secure and convenient kiosk browsing
Proceedings of the 11th international conference on Ubiquitous computing
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Tunneled TLS for multi-factor authentication
Proceedings of the 11th annual ACM workshop on Digital rights management
Unicorn: two-factor attestation for data security
Proceedings of the 18th ACM conference on Computer and communications security
Using multiple smart cards for signing messages at malicious terminals
ISC'06 Proceedings of the 9th international conference on Information Security
Secure mobile computing via public terminals
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Can hand-held computers still be better smart cards?
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
SessionJuggler: secure web login from an untrusted terminal using session hijacking
Proceedings of the 21st international conference on World Wide Web
SMARTPROXY: secure smartphone-assisted login on compromised machines
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.02 |
Smart cards are convenient and secure. They protect sensitive information (e.g., private keys) from malicious applications. However, they do not protect the owner from abuse of the smart card: An application could for example cause a smart card to digitally sign any message, at any time, without the knowledge of the owner. In this paper we suggest that small, hand-held computers can be used instead of smart cards. They can communicate with the user directly and therefore do not exhibit the above mentioned problem. We have implemented smart card functionality for a 3COM PalmPilot. Our implementation is a PKCS#11 module that plugs into Netscape Communicator and takes about 5 seconds to sign an email message. Generalizing from this experience, we argue that applications that are split between a PC and a hand-held device can be more secure. While such an application remains fast and convenient to use, it gains additional security assurances from the fact that part of it runs on a trusted device.