Abstract
This paper introduces the Zurich Trusted Information Channel (ZTIC, for short), a cost-efficient and easy-to-use approach to defend online services from man-in-the-middle and malicious software attacks. A small, cheap to manufacture and zero-installation USB device with a display runs a highly efficient security software stack providing the communications endpoint between server and customer. The insecure user PC is used solely to relay IP packets and display non-critical transaction information. All critical information is parsed out of the mutually-authenticated SSL/TLS connections that the ZTIC establishes to the server and shown on the display for explicit user approval.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Weigold, T., Kramp, T., Baentsch, M.: Remote Client Authentication. IEEE Security & Privacy journal (accepted, 2008) (to be published)
Federal Office of Police, Swiss Reporting and Analysis Centre for Information Assurance MELANI. Semi-annual report 2007/1, http://www.melani.admin.ch/
RSA SecurityID Token, RSA Security (2007), http://www.rsa.com/node.aspx?id=1156
Schneier, B.: Two-Factor Authentication: Too Little, Too Late. Comm. ACM 48(4), 136 (2005)
Schneier, B.: Fighting Fraudulent Transactions (November 27, 2006), http://www.schneier.com/blog/archives/2006/11/fighting_fraudu.html
Federal Office for Information Security. The IT Security Situation in Germany (2007), http://www.bsi.de/english/publications/securitysituation/Lagebericht_2007_englisch.pdf
The FINREAD (FINancial Transactional IC Card READer) project,http://www.finread.com
Hiltgen, A., Kramp, T., Weigold, T.: Secure Internet Banking Authentication. IEEE Security & Privacy 4(2), 21–29 (2006)
AXSionics AG. The Internet Passport, http://www.axsionics.ch
Giesecke & Devrient GmbH. Internet Smart Card Technologie, http://www.gi-de.com/portal/page?_pageid=36,53930&_dad=portal&_schema=PORTAL
Kobil Systems. mIDentity Mobile Banking, http://www.kobil.de/fileadmin/download/products/ONLNEFLYER-MIDENTITY-MOBILEBANKING_1V00_20060420_DE.PDF
Hines, M.: Malware flood driving new AV: InfoWorld (December 14, 2007), http://www.infoworld.com/article/07/12/14/Malware-flood-driving-new-AV_1.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Weigold, T., Kramp, T., Hermann, R., Höring, F., Buhler, P., Baentsch, M. (2008). The Zurich Trusted Information Channel – An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks. In: Lipp, P., Sadeghi, AR., Koch, KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68979-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-68979-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68978-2
Online ISBN: 978-3-540-68979-9
eBook Packages: Computer ScienceComputer Science (R0)