Security and Privacy in Mobile Information and Communication Systems. Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers

Research Article

User Authentication for Online Applications Using a USB-Based Trust Device

Download90 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-17502-2_2,
        author={Julian Jang and Dongxi Liu and Surya Nepal and John Zic},
        title={User Authentication for Online Applications Using a USB-Based Trust Device},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={5},
        keywords={user authentication trusted computing trust device web communication},
        doi={10.1007/978-3-642-17502-2_2}
    }
    
  • Julian Jang
    Dongxi Liu
    Surya Nepal
    John Zic
    Year: 2012
    User Authentication for Online Applications Using a USB-Based Trust Device
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-17502-2_2
Julian Jang1,*, Dongxi Liu1,*, Surya Nepal1,*, John Zic1,*
  • 1: CSIRO ICT Centre
*Contact email: julian.jang@csiro.au, dongxi.liu@csiro.au, surya.nepal@csiro.au, john.zic@csiro.au

Abstract

We present a system that enables secure user authentication by leveraging a portable USB-based trusted device. The heart of our system runs a protocol which guarantees trusted behavior at multiple layers; from the hardware device itself, to the software executing on the hardware, and finally to the application hosted in the remote server. This combination assures end-to-end trust and makes our system resilient to physical attacks (e.g. to the device and wire tapping) as well as logical attacks (e.g. main-in-the-middle attack). Our system utilizes web-based proxy communication using standard HTML tags and JavaScript to coordinate communication amongst different components. This enables our system not having to install any extra drivers typically required for supporting communication in most existing technologies.