The Zurich Trusted Information Channel – An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks

  • Thomas Weigold
  • Thorsten Kramp
  • Reto Hermann
  • Frank Höring
  • Peter Buhler
  • Michael Baentsch
Conference paper

DOI: 10.1007/978-3-540-68979-9_6

Volume 4968 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Weigold T., Kramp T., Hermann R., Höring F., Buhler P., Baentsch M. (2008) The Zurich Trusted Information Channel – An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks. In: Lipp P., Sadeghi AR., Koch KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg

Abstract

This paper introduces the Zurich Trusted Information Channel (ZTIC, for short), a cost-efficient and easy-to-use approach to defend online services from man-in-the-middle and malicious software attacks. A small, cheap to manufacture and zero-installation USB device with a display runs a highly efficient security software stack providing the communications endpoint between server and customer. The insecure user PC is used solely to relay IP packets and display non-critical transaction information. All critical information is parsed out of the mutually-authenticated SSL/TLS connections that the ZTIC establishes to the server and shown on the display for explicit user approval.

Keywords

Authentication Malicious Software Man-in-the-middle Secure Token Secure Internet Banking 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Thomas Weigold
    • 1
  • Thorsten Kramp
    • 1
  • Reto Hermann
    • 1
  • Frank Höring
    • 1
  • Peter Buhler
    • 1
  • Michael Baentsch
    • 1
  1. 1.IBM Zurich Research Laboratory