Skip to Main content Skip to Navigation
Conference papers

Offline Trusted Device and Proxy Architecture based on a new TLS Switching technique

Denis Migdal 1 Christian Johansen 2 Audun Jøsang 2 
1 Equipe SAFE - Laboratoire GREYC - UMR6072
GREYC - Groupe de Recherche en Informatique, Image et Instrumentation de Caen
Abstract : Infection of client devices poses a significant threat to secure user authentication. Combining vulnerable client devices with special security devices, as often the case in e-banking, can increase significantly the security. However, these often incur usability hurdles. This paper describes a new architecture where an untrusted proxy on the client device communicates both with server applications, and a trusted application running on a trusted device. The proxy switches between two TLS channels, one from the client application, and another from the trusted device. The result is a highly usable and flexible architecture with strong security assurances which, moreover, is transparent to the client or server applications, thus allowing it to be deployed in existing systems. We have implemented a PoC (available open source) and demonstrated it using the OffPAD device. Various applications of our architecture can be imagined, some of which we present in the end of the paper, applicable to web services and IoT systems.
Document type :
Conference papers
Complete list of metadata

Cited literature [42 references]  Display  Hide  Download
Contributor : Denis Migdal Connect in order to contact the contributor
Submitted on : Tuesday, September 19, 2017 - 1:06:07 PM
Last modification on : Saturday, June 25, 2022 - 9:51:32 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License


  • HAL Id : hal-01590191, version 1


Denis Migdal, Christian Johansen, Audun Jøsang. Offline Trusted Device and Proxy Architecture based on a new TLS Switching technique. International Workshop on Secure Internet of Things SIOT 2017, Sep 2017, Oslo, Norway. ⟨hal-01590191⟩



Record views


Files downloads