Using a personal device to strengthen password authentication from an untrusted computer

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4886 LNCS, Issue , 2007, Pages 88-103

  Mannan, Mohammad ^a   Van Oorschot, P C ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; CRYPTOGRAPHY; DIGITAL DEVICES; NETWORK PROTOCOLS; USER INTERFACES;

KEYLOGGING; PASSWORD AUTHENTICATION; PHISHING ATTACKS; UNTRUSTED COMPUTER;

SECURITY OF DATA;

EID: 38549118817     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-77366-5_11     Document Type: Conference Paper

References (36)

1. Anti-Phishing Working Group: Phishing Activity Trends Report (July 2006)
2. Armando et al.: The AVISPA tool for the automated validation of Internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, Springer, Heidelberg (2005), http://www.avispa-project. org
3. Balfanz, D., Felten, E.: Hand-held computers can be better smart cards. In: USENIX Security (1999)
4. Bond, M.: Phantom withdrawals: On-line resources for victims of ATM fraud, http://www.phantomwithdrawals.com
5. CA Virus Information Center: Win32.Grams.I (February 2005)
6. Chiasson, S., van Oorschot, P., Biddle, R.: A usability study and critique of two password managers. In: USENIX Security (2006)
7. Clarke, et al.: The untrusted computer problem and camera-based authentication. In: Mattern, F., Naghshineh, M. (eds.) Pervasive Computing. LNCS, vol. 2414, pp. 114-124. Springer, Heidelberg (2002)
8. F-Secure. F-Secure virus descriptions: Cabir (June 2004)
9. F-Secure. F-Secure trojan information pages: Redbrowser.A, (March 2006)
10. Felten, E.W., Balfanz, D., Dean, D., Wallach, D.S.: Web spoofing: An Internet con game. In: National Information Systems Security Conference (October 1997)
11. Gostev, A., Shevchenko, A.: Kaspersky security bulletin, January - June 2006: Malicious programs for mobile devices (September 2006), http://www.viruslist.com
12. Haller, N.: The S/KEY one-time password system. RFC 1760 (February 1995)
13. Heiser, G.: Secure embedded systems need microkernels,; login: (December 2005)
14. ICANN Security and Stability Advisory Committee: Domain name hijacking: Incidents, threats, risks, and remedial actions (July 2005), http://www.icann.org
15. Jackson, C., Boneh, D., Mitchell, J.: Spyware resistant web authentication using virtual machines, http://crypto.stanford.edu/spyblock
16. King, et al.: SubVirt: Implementing malware with virtual machines. In: IEEE Symposium on Security and Privacy (May 2006)
17. Mannan, M., van Oorschot, P.C.: AVISPA test code for Mobile Password Authentication (MP-Auth), http://www.scs.carleton.ca/~mmannan/mpauth
18. Mannan, M., van Oorschot, P.C.: Using a personal device to strengthen password authentication from an untrusted computer, Technical Report TR-07-11 (March 2007), http://www.scs.carleton.ca/research/tech_reports/
19. Margolin, N.B., Wright, M.K., Levine, B.N.: Guardian: A framework for privacy control in untrusted environments. Technical Report 04-37 (University of Massachusetts, Amherst) (June 2004)
20. McCune, J.M., Perrig, A., Reiter, M.K.: Bump in the Ether: A framework for securing sensitive user input. In: USENIX Annual Technical Conference (2006)
21. McCune et al.: Seeing-is-believing: Using camera phones for human-verifiable authentication. In: IEEE Symposium on Security and Privacy (2005)
22. Milletary, J.: Technical trends in phishing attacks. US-CERT, Reading room article, http://www.us-cert.gov/reading_room/phishing_trends0511.pdf
23. Mobile Antivirus Researchers Association: Analyzing the crossover virus: The first PC to Windows handheld cross-infector (2006), http://www.informit.com
24. Mobile Phone Work Group (MPWG): TCG mobile trusted module specification, Draft, version 0.9 (September 2006)
25. Moshchuk, A., Bragin, T., Gribble, S.D., Levy, H.: A crawler-based study of spyware in the web. In: Network and Distributed System Security (NDSS) (2006)
26. Oprea, A., Balfanz, D., Durfee, G., Smetters, D.: Securing a remote terminal application with a mobile trusted device. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol. 3189, Springer, Heidelberg (2004)
27. Parno, B., Kuo, C., Perrig, A.: Phoolproof phishing prevention. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, Springer, Heidelberg (2006)
28. Perrig, A., Song, D.: Hash visualization: A new technique to improve real-world security. In: Cryptographic Techniques and E-Commerce (CrypTEC) (July 1999)
29. Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.: Stronger password authentication using browser extensions. In: USENIX Security (2005)
30. Rutkowska, J.: Introducing Blue Pill, Presented at SyScan (2006), http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html
31. Stefan Berger, R.C., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the trusted platform module. In: USENIX Security (2006)
32. Trend Micro: Mobile security, http://www.trendmicro.com/en/products/ mobile/tmms/evaluate/overview.htm
33. Tuch, H., Klein, G., Heiser, G.: OS verification - now! In: Hot Topics in Operating Systems (June 2005)
34. van Oorschot, P.C.: Message authentication by integrity with public corroboration. In: New Security Paradigms Workshop (NSPW) (September 2005)
35. Wu, M., Garfinkel, S., Miller, R.: Secure web authentication with mobile phones. In: DIMACS Workshop on Usable Privacy and Security Systems (July 2004)
36. Ye, Z.E., Smith, S., Anthony, D.: Trusted paths for browsers. ACM Transactions on Information and System Security (TISSEC) 8(2) (2005)