Softer smartcards usable cryptographic tokens with secure execution

Franz Ferdinand Brasser, Sven Bugiel, Atanas Filyanov, Ahmad-Reza Sadeghi, Steffen Schulz

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

5 Citations (Scopus)

Abstract

Cryptographic smartcards provide a standardized, interoperable way for multi-factor authentication. They bridge the gap between strong asymmetric authentication and short, user-friendly passwords (PINs) and protect long-term authentication secrets against malware and phishing attacks. However, to prevent malware from capturing entered PINs such cryptographic tokens must provide secure means for user input and output. This often makes their usage inconvenient, as dedicated input key pads and displays are expensive and do not integrate with mobile applications or public Internet terminals. The lack of user acceptance is perhaps best documented by the large variety of non-standard multi-factor authentication methods used in online banking. In this paper, we explore a novel compromise between tokens with dedicated card reader and USB or software-based solutions. We design and implement a cryptographic token using modern secure execution technology, resulting in a flexible, cost-efficient solution that is suitable for mobile use yet secure against common malware and phishing attacks.
Original languageEnglish
Title of host publicationFinancial cryptography and data security
Subtitle of host publication16th international conference, FC 2012, Kralendijk, Bonaire, Februray 27-March 2 2012 : revised selected papers
EditorsAngelos D. Keromytis
Place of PublicationHeidelberg, Germany
PublisherSpringer, Springer Nature
Pages329-343
Number of pages15
ISBN (Print)9783642329456
DOIs
Publication statusPublished - 2012
EventInternational Conference on Financial Cryptography and Data Security (16th : 2012) - Kralendijk, Bonaire
Duration: 27 Feb 20122 Mar 2012

Publication series

NameLecture notes in computer science
PublisherSpringer-Verlag
Volume7397
ISSN (Print)0302-9743

Conference

ConferenceInternational Conference on Financial Cryptography and Data Security (16th : 2012)
CityKralendijk, Bonaire
Period27/02/122/03/12

Keywords

  • secure execution
  • security tokens
  • trusted computing

Fingerprint

Dive into the research topics of 'Softer smartcards usable cryptographic tokens with secure execution'. Together they form a unique fingerprint.

Cite this