Research Article
User Authentication for Online Applications Using a USB-Based Trust Device
@INPROCEEDINGS{10.1007/978-3-642-17502-2_2, author={Julian Jang and Dongxi Liu and Surya Nepal and John Zic}, title={User Authentication for Online Applications Using a USB-Based Trust Device}, proceedings={Security and Privacy in Mobile Information and Communication Systems. Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers}, proceedings_a={MOBISEC}, year={2012}, month={5}, keywords={user authentication trusted computing trust device web communication}, doi={10.1007/978-3-642-17502-2_2} }
- Julian Jang
Dongxi Liu
Surya Nepal
John Zic
Year: 2012
User Authentication for Online Applications Using a USB-Based Trust Device
MOBISEC
Springer
DOI: 10.1007/978-3-642-17502-2_2
Abstract
We present a system that enables secure user authentication by leveraging a portable USB-based trusted device. The heart of our system runs a protocol which guarantees trusted behavior at multiple layers; from the hardware device itself, to the software executing on the hardware, and finally to the application hosted in the remote server. This combination assures end-to-end trust and makes our system resilient to physical attacks (e.g. to the device and wire tapping) as well as logical attacks (e.g. main-in-the-middle attack). Our system utilizes web-based proxy communication using standard HTML tags and JavaScript to coordinate communication amongst different components. This enables our system not having to install any extra drivers typically required for supporting communication in most existing technologies.