TU Darmstadt / ULB / TUbiblio

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication

Gajek, Sebastian ; Löhr, Hans ; Sadeghi, Ahmad-Reza ; Winandy, Marcel (2009)
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Identity theft has fostered to a major security problem on the Internet, in particular stealing passwords for web applications through phishing and malware. We present TruWallet, a wallet-based authentication tool that improves previous solutions for protecting web-based authentication. In contrast to other wallet-based solutions, TruWallet provides (i) strong protection for users' credentials and sensitive data by cryptographically binding them to the user's platform configuration based on Trusted Computing technology, (ii) an automated login procedure where the server is authenticated independently from (SSL) certificates, thus limiting the possibility of attacks based on hijacked certificates and allowing less dependency on the SSL PKI model, and (iii) a secure migration protocol for transferring wallet data to other platforms. Our implementation uses a small virtualization-based security kernel with trusted computing support and works with standard SSL-based authentication solutions for the web, where only minor modifications and extensions are required. It is interoperable so that we can re-use existing operating systems and applications like web browsers.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2009
Autor(en): Gajek, Sebastian ; Löhr, Hans ; Sadeghi, Ahmad-Reza ; Winandy, Marcel
Art des Eintrags: Bibliographie
Titel: TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
Sprache: Deutsch
Publikationsjahr: November 2009
Buchtitel: 4th ACM Workshop on Scalable Trusted Computing
Zugehörige Links:
Kurzbeschreibung (Abstract):

Identity theft has fostered to a major security problem on the Internet, in particular stealing passwords for web applications through phishing and malware. We present TruWallet, a wallet-based authentication tool that improves previous solutions for protecting web-based authentication. In contrast to other wallet-based solutions, TruWallet provides (i) strong protection for users' credentials and sensitive data by cryptographically binding them to the user's platform configuration based on Trusted Computing technology, (ii) an automated login procedure where the server is authenticated independently from (SSL) certificates, thus limiting the possibility of attacks based on hijacked certificates and allowing less dependency on the SSL PKI model, and (iii) a secure migration protocol for transferring wallet data to other platforms. Our implementation uses a small virtualization-based security kernel with trusted computing support and works with standard SSL-based authentication solutions for the web, where only minor modifications and extensions are required. It is interoperable so that we can re-use existing operating systems and applications like web browsers.

Freie Schlagworte: Secure Things;authentication, TruWallet, Web Authentication
ID-Nummer: TUD-CS-2009-1846
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 10 Mär 2016 10:18
Letzte Änderung: 03 Jun 2018 21:31
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen