Abstract

Infection of client devices poses a significant threat to secure user authentication. Combining vulnerable client devices with special security devices, as often the case in e-banking, can increase significantly the security. However, these often incur usability hurdles. This paper describes a new architecture where an untrusted proxy on the client device communicates both with server applications, and a trusted application running on a trusted device. The proxy switches between two TLS channels, one from the client application, and another from the trusted device. The result is a highly usable and flexible architecture with strong security assurances which, moreover, is transparent to the client or server applications, thus allowing it to be deployed in existing systems. We have implemented a PoC (available open source) and demonstrated it using the OffPAD device. Various applications of our architecture can be imagined, some of which we present in the end of the paper, applicable to web services and IoT systems.

Highlights

  • Server applications typically require user authentication based on user credentials, i.e., only registered, authorized and authenticated users are granted access to services

  • We propose the Offline Trusted Device and Proxy (OTDP) architecture which combines a Proxy that is sitting on the untrusted client device, and communicates with a trusted app running on an offline trusted device, holding sensitive information like user credentials

  • Two applications of OTDP have been demonstrated at [37] using the OffPAD device [46], namely: cognitive server authentication based on the petname system [18], and user authentication based on the extended challenge-response protocol XDAA [25] involving the trusted device

Read more

Summary

Introduction

Server applications (server apps) typically require user authentication based on user credentials, i.e., only registered, authorized and authenticated users are granted access to services. Since communications from the trusted app to server apps goes through the (possibly infected) client device, any sensitive information would need to be protected This concept of using a separate trusted device for sensitive computations is used by HTTP XDAA [25], an extension of the standard HTTP DAA [20] where the credentials and the challenge-response computations are handled by a separate trusted device. In such an architecture, the trusted app does not remain transparent to neither the client apps nor the server apps. We present an architecture and a prototype implementation that combines the above described traditional architectures, i.e., using a proxy on the client device and a peripheral OTD

Contributions
The Offline Trusted Device and Proxy architecture
The OTDP architecture
Design decisions and implementation of the Proxy
Motivation
Description
Related work
TLS Switching implementation
Implementation discussions
Applications of the OTDP and TLS Switching
Server app authentication
User authentication
Identifying messages
Trusted app authentications
Modifying web pages
Privacy watchdog in Smart Grid metering
Secure authentication in eHospitals
Secure applications in Smart Transportation
Security considerations
Usability considerations
User authentication to the trusted device
User interaction
User behaviour
Findings
Conclusion and Future Work
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call