Offline Trusted Device and Proxy Architecture based on a new TLS Switching technique

Denis Migdal 1 Christian Johansen 2 Audun Jøsang 2
1 Equipe Monétique & Biométrie - Laboratoire GREYC - UMR6072
GREYC - Groupe de Recherche en Informatique, Image, Automatique et Instrumentation de Caen
Abstract : Infection of client devices poses a significant threat to secure user authentication. Combining vulnerable client devices with special security devices, as often the case in e-banking, can increase significantly the security. However, these often incur usability hurdles. This paper describes a new architecture where an untrusted proxy on the client device communicates both with server applications, and a trusted application running on a trusted device. The proxy switches between two TLS channels, one from the client application, and another from the trusted device. The result is a highly usable and flexible architecture with strong security assurances which, moreover, is transparent to the client or server applications, thus allowing it to be deployed in existing systems. We have implemented a PoC (available open source) and demonstrated it using the OffPAD device. Various applications of our architecture can be imagined, some of which we present in the end of the paper, applicable to web services and IoT systems.
Document type :
Conference papers
Complete list of metadatas

Cited literature [42 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01590191
Contributor : Denis Migdal <>
Submitted on : Tuesday, September 19, 2017 - 1:06:07 PM
Last modification on : Thursday, February 7, 2019 - 5:38:24 PM

File

2017-siot-paper.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

  • HAL Id : hal-01590191, version 1

Citation

Denis Migdal, Christian Johansen, Audun Jøsang. Offline Trusted Device and Proxy Architecture based on a new TLS Switching technique. International Workshop on Secure Internet of Things SIOT 2017, Sep 2017, Oslo, Norway. ⟨hal-01590191⟩

Share

Metrics

Record views

309

Files downloads

366