Sciweavers

ACSAC
2004
IEEE

Securing a Remote Terminal Application with a Mobile Trusted Device

14 years 3 months ago
Securing a Remote Terminal Application with a Mobile Trusted Device
Many real-world applications use credentials such as passwords as means of user authentication. When accessed from untrusted public terminals, such applications are vulnerable to credential sniffing attacks, as shown by recent highly publicized compromises [20]. In this paper, we describe a secure remote terminal application that allows users possessing a trusted device to delegate their credentials for performing a task to a public terminal without being in danger of disclosing any longterm secrets. Instead, the user gives the terminal the capability of performing a task temporarily (as long as the user is in its proximity). Our model is intuitive in the sense that the user exposes to the untrusted terminal only what he sees on the display, and nothing else. We present the design and implementation of such a system. The overhead
Alina Oprea, Dirk Balfanz, Glenn Durfee, Diana K.
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where ACSAC
Authors Alina Oprea, Dirk Balfanz, Glenn Durfee, Diana K. Smetters
Comments (0)