Securing a Remote Terminal Application with a Mobile Trusted Device

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Alina Oprea Articles by Dirk Balfanz Articles by Glenn Durfee Articles by D. K. Smetters

20th Annual Computer Security Applications Conference (ACSAC'04)

Tucson, Arizona

December 06-December 10

ISBN: 0-7695-2252-1

	ASCII Text	x
	Alina Oprea, Dirk Balfanz, Glenn Durfee, D. K. Smetters, "Securing a Remote Terminal Application with a Mobile Trusted Device," Computer Security Applications Conference, Annual, pp. 438-447, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004.

	BibTex	x
	@article{ 10.1109/CSAC.2004.33, author = {Alina Oprea and Dirk Balfanz and Glenn Durfee and D. K. Smetters}, title = {Securing a Remote Terminal Application with a Mobile Trusted Device}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2004}, issn = {1063-9527}, pages = {438-447}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.33}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Securing a Remote Terminal Application with a Mobile Trusted Device SN - 1063-9527 SP438 EP447 A1 - Alina Oprea, A1 - Dirk Balfanz, A1 - Glenn Durfee, A1 - D. K. Smetters, PY - 2004 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Alina Oprea, Carnegie Mellon University, Pittsburgh, PA

Dirk Balfanz, Palo Alto Research Center, Palo Alto, CA

Glenn Durfee, Palo Alto Research Center, Palo Alto, CA

D. K. Smetters, Palo Alto Research Center, Palo Alto, CA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.33

Many real-world applications use credentials such as passwords as means of user authentication. When accessed from untrusted public terminals, such applications are vulnerable to credential sniffing attacks, as shown by recent highly publicized compromises.

In this paper, we describe a secure remote terminal application that allows users possessing a trusted device to delegate their credentials for performing a task to a public terminal without being in danger of disclosing any long-term secrets. Instead, the user gives the terminal the capability of performing a task temporarily (as long as the user is in its proximity). Our model is intuitive in the sense that the user exposes to the untrusted terminal only what he sees on the display, and nothing else. We present the design and implementation of such a system. The overhead - in terms of additional network traffic - created by introducing a trusted third party is a moderate 12%.

Citation:

Alina Oprea, Dirk Balfanz, Glenn Durfee, D. K. Smetters, "Securing a Remote Terminal Application with a Mobile Trusted Device," acsac, pp.438-447, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.