Abstract
This paper presents an architecture that affords mobile users greater trust and security when browsing the internet (e.g., when making personal/financial transactions) from public terminals at Internet Cafes or other unfamiliar locations. This is achieved by enabling web applications to split their client-side pages across a pair of browsers: one untrusted browser running on a public PC and one trusted browser running on the user's personal mobile device, composed into a single logical interface through a local connection, wired or wireless. Information entered via the personal device's keypad cannot be read by the PC, thwarting PC-based key-loggers. Similarly, information displayed on the personal device's screen is also hidden from the PC, preserving the confidentiality and integrity of security-critical data even in the presence of screen grabbing attacks and compromised PC browsers. We present a security policy model for split-trust web applications that defends against a range of crimeware-based attacks, including those based on active-injection (e.g. inserting malicious packets into the network or spoofing user-input events). Performance results of a prototype split-trust implementation are presented, using a commercially available cell phone as a trusted personal device.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
