The WHO Hardware Token Security Model ( Position Paper )

نویسندگان

  • E. K. Wang
  • S. M. Yiu
  • Z. L. Jiang
چکیده

Existing Internet applications usually rely on a secure communication channel (such as SSL) or users’ passwords to provide a secure communication. And usually we assume that the browser and the computer we are using are trustworthy. However, these assumptions are obviously unrealistic. In this paper, we try to address these issues, in particular, we describe a trust model, call the WHO model, which does not rely on a trusted computer to communicate with the server. The key ideas of the model rely on a carefully designed hardware material accessing module as well as an open-source in-house developed trusted browser. Prototype systems are currently implemented. Preliminary results show that the systems are secure, convenient to use, and are flexible for incorporating different secure protocols.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Universally Composable Secure Two and Multi-party Computation in the Corruptible Tamper-Proof Hardware Token Model

In this work we introduce the corruptible token model. This model generalizes the stateless tamper-proof token model introduced by Katz (EUROCRYPT ’07) and relaxes the trust assumption. Our improved model is motivated by the real-world practice of outsourcing hardware production to possibly untrusted manufacturers and allows tokens created by honest parties to be corrupted at the time of their ...

متن کامل

From Stateful Hardware to Resettable Hardware Using Symmetric Assumptions

Universally composable multi-party computation is impossible without setup assumptions. Motivated by the ubiquitous use of secure hardware in many real world security applications, Katz (EUROCRYPT 2007) proposed a model of tamper-proof hardware as a UC-setup assumption. An important aspect of this model is whether the hardware token is allowed to hold a state or not. Real world examples of tamp...

متن کامل

hPIN/hTAN: A Lightweight and Low-Cost E-Banking Solution against Untrusted Computers

In this paper, we propose hPIN/hTAN, a low-cost hardware token based PIN/TAN system for protecting e-banking systems against the strong threat model where the adversary has full control over the user’s computer. This threat model covers various kinds of attacks related to untrusted terminal computers, such as keyloggers, screen scrapers, session hijackers, Trojan horses and transaction generato...

متن کامل

Attacks on and Countermeasures for USB Hardware Token Devices

This paper presents the methods used to attempt access to private data stored in Universal Serial Bus (USB) hardware tokens without having legitimate credentials. We look at the current state-of-theart products of the commercial world. Our research is based on an approach of using only common, off-the-shelf tools, yet we still succeed in defeating the security features and gaining access to pri...

متن کامل

Secure Set Intersection with Untrusted Hardware Tokens

Secure set intersection protocols are the core building block for a manifold of privacy-preserving applications. In a recent work, Hazay and Lindell (ACM CCS 2008) introduced the idea of using trusted hardware tokens for the set intersection problem, devising protocols which improve over previous (in the standard model of two-party computation) protocols in terms of efficiency and secure compos...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006