Abstract
Trusted input techniques can profoundly enhance a variety of scenarios like online banking, electronic voting, Virtual Private Networks, and even commands to a server or Industrial Control System. To protect the system from malware of the sender’s computer, input needs to be reliably authenticated. Previous research in this field is based on fixed assumptions about trustworthy components and is, thus, too rigid for this use case.
We present Smart-Guard, a method to protect user input into a system even if the attacker controls – to us unknown – parts of the underlying system. Our approach ensures integrity of user input even when up to two of three devices are compromised; confidentiality holds for one malicious device. In this way, Smart-Guard has flexible trust assumptions, and does not require any particular part of the system to be trusted. To prove our claims, we formally verified our protocol using the state-of-the-art protocol verifier ProVerif. Additionally, we define a new class of techniques, malware tolerance, which operate securely even when the system is infected with malware.
We present Smart-Guard, a method to protect user input into a system even if the attacker controls – to us unknown – parts of the underlying system. Our approach ensures integrity of user input even when up to two of three devices are compromised; confidentiality holds for one malicious device. In this way, Smart-Guard has flexible trust assumptions, and does not require any particular part of the system to be trusted. To prove our claims, we formally verified our protocol using the state-of-the-art protocol verifier ProVerif. Additionally, we define a new class of techniques, malware tolerance, which operate securely even when the system is infected with malware.
Original language | English |
---|---|
Title of host publication | 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld) |
Editors | Didier El Baz, Julien Bourgeois |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 502-509 |
Number of pages | 8 |
ISBN (Electronic) | 9781509027712 |
ISBN (Print) | 9781509027729 (PoD) |
DOIs | |
Publication status | Published - 16 Jan 2017 |
Event | 13th IEEE International Conference on Advanced and Trusted Computing - Toulouse, France Duration: 18 Jul 2016 → 21 Jul 2016 |
Conference
Conference | 13th IEEE International Conference on Advanced and Trusted Computing |
---|---|
Country/Territory | France |
City | Toulouse |
Period | 18/07/16 → 21/07/16 |
Keywords
- Keyboards
- Protocols
- Computers
- Encryption
- Malware