Offline Trusted Device and Proxy Architecture based on a new TLS Switching technique - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2017

Offline Trusted Device and Proxy Architecture based on a new TLS Switching technique

Denis Migdal
Audun Jøsang
  • Fonction : Auteur
  • PersonId : 983840

Résumé

Infection of client devices poses a significant threat to secure user authentication. Combining vulnerable client devices with special security devices, as often the case in e-banking, can increase significantly the security. However, these often incur usability hurdles. This paper describes a new architecture where an untrusted proxy on the client device communicates both with server applications, and a trusted application running on a trusted device. The proxy switches between two TLS channels, one from the client application, and another from the trusted device. The result is a highly usable and flexible architecture with strong security assurances which, moreover, is transparent to the client or server applications, thus allowing it to be deployed in existing systems. We have implemented a PoC (available open source) and demonstrated it using the OffPAD device. Various applications of our architecture can be imagined, some of which we present in the end of the paper, applicable to web services and IoT systems.
Fichier principal
Vignette du fichier
2017-siot-paper.pdf (364.96 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01590191 , version 1 (19-09-2017)

Licence

Paternité

Identifiants

  • HAL Id : hal-01590191 , version 1

Citer

Denis Migdal, Christian Johansen, Audun Jøsang. Offline Trusted Device and Proxy Architecture based on a new TLS Switching technique. International Workshop on Secure Internet of Things SIOT 2017, Sep 2017, Oslo, Norway. ⟨hal-01590191⟩
268 Consultations
527 Téléchargements

Partager

Gmail Facebook X LinkedIn More