In-the-wire authentication: Protecting client-side critical data fields in secure network transactions

M.W. Currie
2009 2009 2nd International Conference on Adaptive Science & Technology (ICAST)  
Secure Internet services like online banking require a "trusted terminal" on the client-side. However, even where strong client-side security is employed, the client PC is often used for input and output of sensitive information like PINs/passwords, amounts, account numbers, etc. These transactions are therefore vulnerable to manipulation by malware. A method is presented here allowing web users to share small amounts of secret information including passwords and account numbers with a large
more » ... ber of existing Internet services by creating a cryptographically secure trusted path between the web user and the service. The trusted path is created with the support of a hand-held user terminal device "in-thewire" between the user's PC and the service thus preventing malware on the user's PC from manipulating login and other sensitive data. A key feature is that the trusted terminal device can be retrofitted on the client-side and require no changes to the server-side. This creates a new class of client-centric communications security hardware allowing web users to protect their transactions using strong hardware security without relying on service providers. It offers the industry an alternative to the current service-centric approach which is often hamstrung by a chicken-and-egg problem of critical mass adoption. Index Terms-TLS security, Computer network security, Internet security, Public key cryptography, Man-in-the-middle.
doi:10.1109/icastech.2009.5409720 fatcat:5vico3lsdnfitprmnspb7bzl2m