Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine

Jammalamadaka, Ravi Chandra; Horst, Timothy van der; Mehrotra, Sharad; Seamons, Kent E.; Venkasubramanian, Nalini

doi:10.1109/acsac.2006.23

Cited by 24 publications

(22 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are also some more complicated variants of pTAN scheme, such as 3pTAN [12] and ppTAN [11], but their usability is worse than pTAN. Solutions based on trusted proxies: Some solutions base the security on trusted proxies [23,28,41,54]. Normally the user and the trusted proxy share some secret information so that the user can input transaction data in a way secure against the MitC attacks.…”

Section: Existing Solutionsmentioning

confidence: 99%

“…Finally, solutions based on trusted proxies [23,28,41,54] and the solutions proposed in [48,57] are designed for making secure transactions on untrusted public terminal computers. In other words, these solutions work only when the user is aware of the untrustworthiness of the computer and intentionally choose to use these solutions.…”

Section: Problems With Existing Solutionsmentioning

confidence: 99%

See 1 more Smart Citation

hPIN/hTAN: A Lightweight and Low-Cost E-Banking Solution against Untrusted Computers

Sadeghi

Heisrath

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we propose hPIN/hTAN, a low-cost hardware token based PIN/TAN system for protecting e-banking systems against the strong threat model where the adversary has full control over the user's computer. This threat model covers various kinds of attacks related to untrusted terminal computers, such as keyloggers, screen scrapers, session hijackers, Trojan horses and transaction generators. The core of hPIN/hTAN is a secure and easy user-computer-token interface. The security is guaranteed by the user-computer-token interface and two underlying security protocols for user/server/transaction authentication. The hPIN/hTAN system is designed as an open framework so that the underlying authentication protocols can be easily reconfigured. To minimize the costs and maximize usability, we chose two security protocols dependent on simple cryptography (a cryptographic hash function). In contrast to other hardware-based solutions, hPIN/hTAN depends on neither a second trusted channel nor a secure keypad nor external trusted center. Our prototype implementation does not involve cryptography beyond a cryptographic hash function. The minimalistic design can also help increase security because more complicated systems tend to have more security holes. As an important feature, hPIN/hTAN exploits human users' active involvement in the whole process to compensate security weaknesses caused by careless human behavior.

show abstract

Section: Existing Solutionsmentioning

confidence: 99%

Section: Problems With Existing Solutionsmentioning

confidence: 99%

hPIN/hTAN: A Lightweight and Low-Cost E-Banking Solution against Untrusted Computers

Sadeghi

Heisrath

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Jammalamadaka [4] presents Delegate, a proxybased architecture that enables a user to access websites without disclosing personal information to untrusted machines. Delegate enforces rules at the proxy to detect and prevent session hijacking.…”

Section: Related Workmentioning

confidence: 99%

Session Hijack in the Great Firewall of China

Pang

Chen

Jia

2009

2009 International Conference on Networks Security, Wireless Communications and Trusted Computing

View full text Add to dashboard Cite

Great Firewall of China" can close the specific connection by sending reset packets. However, it can be easily ignored through several simple methods, such as both endpoints ignore resets, encryption, and so on[1]. Session hijack is an old network attack, which is not often used because the attacker can't obtain the resource of the key router. However, the Great Firewall of China can use these routers. And session hijack can be used to restrict cyber crimes by the Greate Firewall of China, but it also carry out some bad infection. We described the behavior of session hijack based on above proposal, simulats the hijack process and analyses the RTTs(round trip time) of the process according to the results of simulation, and come up with Compare RTT Detecting to detect session hijack.

show abstract

“…To secure kiosk computing environments, researchers have proposed a number of solutions [3,4,5,6,7,8,9,10,11,13,14,15,17]. Most of these solutions use a trusted mobile device such as a PDA (Personal Digital Assistant) or a mobile phone to enhance the security of kiosk computing environments, and we refer to them as PDA-based solutions.…”

Section: Introductionmentioning

confidence: 99%

SessionMagnifier

Yue

Wang

2009

Proceedings of the 11th International Conference on Ubiquitous Computing

View full text Add to dashboard Cite

Many people use public computers to browse the Web and perform important online activities. However, public computers are usually far less trustworthy than peoples' own computers because they are more vulnerable to various security attacks. In this paper, we propose SessionMagnifier, a simple approach to secure and convenient kiosk browsing. The key idea of SessionMagnifier is to enable an extended browser on a mobile device and a regular browser on a public computer to collaboratively support a Web session. This approach simply requires a SessionMagnifier browser extension to be installed on a trusted mobile device. A user can securely perform sensitive interactions on the mobile device and conveniently perform other browsing interactions on the public computer. We implemented SessionMagnifier for Mozilla's Fennec browser and evaluated it on a Nokia N810 Internet Tablet. Our evaluation and analysis demonstrate that SessionMagnifier is simple, secure, and usable.

show abstract

Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine

Cited by 24 publications

References 3 publications

hPIN/hTAN: A Lightweight and Low-Cost E-Banking Solution against Untrusted Computers

hPIN/hTAN: A Lightweight and Low-Cost E-Banking Solution against Untrusted Computers

Session Hijack in the Great Firewall of China

SessionMagnifier

Contact Info

Product

Resources

About