Title :
Securing a remote terminal application with a mobile trusted device
Author :
Oprea, Alina ; Balfanz, Dirk ; Durfee, Glenn ; Smetters, D.K.
Author_Institution :
Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
Many real-world applications use credentials such as passwords as means of user authentication. When accessed from untrusted public terminals, such applications are vulnerable to credential sniffing attacks, as shown by recent highly publicized compromises. In this paper, we describe a secure remote terminal application that allows users possessing a trusted device to delegate their credentials for performing a task to a public terminal without being in danger of disclosing any long-term secrets. Instead, the user gives the terminal the capability of performing a task temporarily (as long as the user is in its proximity). Our model is intuitive in the sense that the user exposes to the untrusted terminal only what he sees on the display, and nothing else. We present the design and implementation of such a system. The overhead - in terms of additional network traffic - created by introducing a trusted third party is a moderate 12%.
Keywords :
authorisation; message authentication; mobile computing; mobile trusted device; network traffic; public terminal; remote terminal application; user authentication; Authentication; Banking; Displays; Home computing; Keyboards; Mice; Personal communication networks; Personal digital assistants; Telecommunication traffic; Traffic control;
Conference_Titel :
Computer Security Applications Conference, 2004. 20th Annual
Print_ISBN :
0-7695-2252-1
DOI :
10.1109/CSAC.2004.33
