ABSTRACT
Many people use public computers to browse the Web and perform important online activities. However, public computers are usually far less trustworthy than peoples' own computers because they are more vulnerable to various security attacks. In this paper, we propose SessionMagnifier, a simple approach to secure and convenient kiosk browsing. The key idea of SessionMagnifier is to enable an extended browser on a mobile device and a regular browser on a public computer to collaboratively support a Web session. This approach simply requires a SessionMagnifier browser extension to be installed on a trusted mobile device. A user can securely perform sensitive interactions on the mobile device and conveniently perform other browsing interactions on the public computer. We implemented SessionMagnifier for Mozilla's Fennec browser and evaluated it on a Nokia N810 Internet Tablet. Our evaluation and analysis demonstrate that SessionMagnifier is simple, secure, and usable.
- D. Balfanz and E.W. Felten. Hand-held computers can be better smart cards. In Proc. of the USENIX Security Symposium, 1999. Google ScholarDigital Library
- S. Chiasson, P. van Oorschot, and R. Biddle. A usability study and critique of two password managers. In Proc. of the USENIX Security Symposium, 2006. Google ScholarDigital Library
- D.E. Clarke, B. Gassend, T. Kotwal, M. Burnside, M. van Dijk, S. Devadas, and R. L. Rivest. The untrusted computer problem and camera-based authentication. In Proc. of the Pervasive Computing, 2002. Google ScholarDigital Library
- D. Florencio and C. Herley. Klassp: Entering passwords on a spyware infected machine using a shared-secret proxy. In Proc. of the ACSAC, 2006. Google ScholarDigital Library
- S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Trustworthy and personalized computing on public kiosks. In Proc. of the MobiSys, 2008. Google ScholarDigital Library
- R.C. Jammalamadaka, T.W. van der Horst, S. Mehrotra, K.E. Seamons, and N. Venkasubramanian. Delegate: A proxy based architecture for secure website access from an untrusted machine. In Proc. of the ACSAC, 2006. Google ScholarDigital Library
- M. Mannan and P.C. van Oorschot. Using a personal device to strengthen password authentication from an untrusted computer. In Proc. of the Financial Cryptography, 2007. Google ScholarDigital Library
- N.B. Margolin, M. Wright, and B.N. Levine. Guardian: A framework for privacy control in untrusted environments. Technical Report, University of Massachusetts, Amherst, 2004.Google Scholar
- J.M. McCune, A. Perrig, and M.K. Reiter. Bump in the ether: a framework for securing sensitive user input. In Proc. of the USENIX Annual Technical Conference, 2006. Google ScholarDigital Library
- A. Oprea, D. Balfanz, G. Durfee, and D.K. Smetters. Securing a remote terminal application with a mobile trusted device. In Proc. of the ACSAC, 2004. Google ScholarDigital Library
- B. Parno, C. Kuo, and A. Perrig. Phoolproof phishing prevention. In Proc. of the Financial Cryptography, 2006. Google ScholarDigital Library
- T. Richardson, Q. Stafford-Fraser, K.R. Wood, and A. Hopper. Virtual network computing. IEEE Internet Computing, 2(1):33--38, 1998. Google ScholarDigital Library
- S.J. Ross, J.L. Hill, M.Y. Chen, A.D. Joseph, D.E. Culler, and E.A. Brewer. A composable framework for secure multi-modal access to internet services from post-pc devices. Mob. Netw. Appl., 7(5):389--406, 2002. Google ScholarDigital Library
- R. Sharp, A. Madhavapeddy, R. Want, and T. Pering. Enhancing web browsing security on public terminals using mobile composition. In Proceeding of the MobiSys, 2008. Google ScholarDigital Library
- R. Sharp, J. Scott, and A.R. Beresford. Secure mobile computing via public terminals. In Proc. of the Pervasive Computing, 2006. Google ScholarDigital Library
- R. Want, T. Pering, G. Danneels, M. Kumar, M. Sundar, and J. Light. The personal server: Changing the way we think about ubiquitous computing. In Proc. of the Ubicomp, 2002. Google ScholarDigital Library
- M. Wu, S. Garfinkel, and R. Miller. Secure web authentication with mobile phones. In Proc. of the DIMACS Workshop on Usable Privacy and Security Software, 2004.Google Scholar
- https://developer.mozilla.org/en/Extensions.Google Scholar
- http://msdn.microsoft.com/en-us/library/aa753587(VS.85).aspx.Google Scholar
- http://en.wikipedia.org/wiki/Ajax\_(programming).Google Scholar
- http://en.wikipedia.org/wiki/Likert\_scale.Google Scholar
- 5 safety tips for using a public computer. http://www.microsoft.com/protect/yourself/mobile/publicpc.mspx.Google Scholar
- Fennec. https://wiki.mozilla.org/Fennec.Google Scholar
Index Terms
- SessionMagnifier: a simple approach to secure and convenient kiosk browsing
Recommendations
RSVP Browser: Web Browsing on Small Screen Devices
In this paper, we illustrate the use of space-time trade-offs for information presentation on small screens. We propose the use of Rapid Serial Visual Presentation (RSVP) to provide a rich set of navigational information for Web browsing. The principle ...
Designing and Implementing the OP and OP2 Web Browsers
Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern ...
Not quite the average: An empirical study of Web use
In the past decade, the World Wide Web has been subject to dramatic changes. Web sites have evolved from static information resources to dynamic and interactive applications that are used for a broad scope of activities on a daily basis. To examine the ...
Comments