Mobile phones are increasingly used as general purpose computing devices with permanent Internet connection. This imposes several threats as the phone operating system (OS) is typically derived from desktop counterparts and, hence, inherits the same or similar security shortcomings. In particular, the protection of login credentials when accessing web services becomes crucial under phishing and malware at-tacks. On the other hand many modern mobile phones provide hardware-supported security mechanisms currently unused by most phone OSs.In this paper, we show how to use these mechanisms, in particular trusted execution environments, to protect the user’s login credentials.We present the design and implementation proposal (based on NokiaN900 mobile platform) of TruWalletM, a wallet-like password manager and authentication agent towards the protection of login credentials ona mobile phone without the need to trust the whole OS software. We preserve compatibility to existing standard web authentication mechanisms.
%0 Conference Paper
%1 BDKSW2010
%A Bugiel, Sven
%A Dmitrienko, Alexandra
%A Kostiainen, Kari
%A Sadeghi, Ahmad-Reza
%A Winandy, Marcel
%B International Conference on Trusted Systems (INTRUST)
%D 2010
%K International-Conference-Workshop-Papers-Book-Chapters myown
%T TruWalletM: Secure Web Authentication on Mobile Platforms
%X Mobile phones are increasingly used as general purpose computing devices with permanent Internet connection. This imposes several threats as the phone operating system (OS) is typically derived from desktop counterparts and, hence, inherits the same or similar security shortcomings. In particular, the protection of login credentials when accessing web services becomes crucial under phishing and malware at-tacks. On the other hand many modern mobile phones provide hardware-supported security mechanisms currently unused by most phone OSs.In this paper, we show how to use these mechanisms, in particular trusted execution environments, to protect the user’s login credentials.We present the design and implementation proposal (based on NokiaN900 mobile platform) of TruWalletM, a wallet-like password manager and authentication agent towards the protection of login credentials ona mobile phone without the need to trust the whole OS software. We preserve compatibility to existing standard web authentication mechanisms.
@inproceedings{BDKSW2010,
abstract = {Mobile phones are increasingly used as general purpose computing devices with permanent Internet connection. This imposes several threats as the phone operating system (OS) is typically derived from desktop counterparts and, hence, inherits the same or similar security shortcomings. In particular, the protection of login credentials when accessing web services becomes crucial under phishing and malware at-tacks. On the other hand many modern mobile phones provide hardware-supported security mechanisms currently unused by most phone OSs.In this paper, we show how to use these mechanisms, in particular trusted execution environments, to protect the user’s login credentials.We present the design and implementation proposal (based on NokiaN900 mobile platform) of TruWalletM, a wallet-like password manager and authentication agent towards the protection of login credentials ona mobile phone without the need to trust the whole OS software. We preserve compatibility to existing standard web authentication mechanisms.},
added-at = {2020-05-03T20:09:10.000+0200},
author = {Bugiel, Sven and Dmitrienko, Alexandra and Kostiainen, Kari and Sadeghi, Ahmad-Reza and Winandy, Marcel},
biburl = {https://www.bibsonomy.org/bibtex/287c6aed863bed45cf1802271787ee478/sssgroup},
booktitle = {International Conference on Trusted Systems (INTRUST)},
interhash = {64e35844def46bee3110212dfd98457c},
intrahash = {87c6aed863bed45cf1802271787ee478},
keywords = {International-Conference-Workshop-Papers-Book-Chapters myown},
location = {Beijing, China},
month = {December},
pdf = {https://se2.informatik.uni-wuerzburg.de/publications/download/paper/1527.pdf},
timestamp = {2022-12-20T00:40:35.000+0100},
title = {TruWalletM: Secure Web Authentication on Mobile Platforms},
venue = {INTRUST},
year = 2010
}