Abstract
An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping.
We have analysed several existing transaction schemes and concluded that they tend not to meet all requirements during the entire transaction. We propose a new, generic protocol that provides (a) optional terminal identification, (b) key establishment, and (c) customisable integrity assurance.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This research is supported in part by the research programme Sentinels as project ‘Mobile IDM’ (10522). Sentinels is being financed by Technology Foundation STW, the Netherlands Organisation for Scientific Research (NWO), and the Dutch Ministry of Economic Affairs. The work described in this paper has been supported in part by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II.
Download to read the full chapter text
Chapter PDF
References
Bangerter, E., Djackov, M., Sadeghi, A.-R.: A Demonstrative Ad Hoc Attestation System. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 17–30. Springer, Heidelberg (2008)
Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory T-22, 644–654 (1976)
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical nfc peer-to-peer relay attack using mobile phones. IACR Eprint archive (April 2010)
Garriss, S., Cáceres, R., Berger, S., Sailer, R., van Doorn, L., Zhang, X.: Trustworthy and personalized computing on public kiosks. In: Proceeding of the 6th International Conference on Mobile Systems, Applications, and Services, MobiSys 2008, pp. 199–210. ACM, New York (2008)
Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID Distance Bounding Protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)
McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-is-believing: using camera phones for human-verifiable authentication. International Journal of Security and Networks 4(1-2), 43–56 (2009)
Oprea, A., Balfanz, D., Durfee, G., Smetters, D.K.: Securing a remote terminal application with a mobile trusted device. In: ACSAC, pp. 438–447 (2004)
Parno, B.: Bootstrapping trust in a “trusted” platform. In: Proceedings of the 3rd Conference on Hot Topics in Security, pp. 9:1–9:6. USENIX Association, Berkeley (2008)
Pearson, S. (ed.): Trusted computing platforms: TCPA technology in context. HP Professional Series. Prentice Hall PTR (2003)
Smart, N.P.: Cryptography, An Introduction, 3rd edn. (2011), http://tinyurl.com/yeafjcx
Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Second Workshop on Advances in Trusted Computing (WATC 2006 Fall), Tokyo, Japan, pp. 25–36 (November 2006)
Toegl, R., Hutter, M.: An approach to introducing locality in remote attestation using near field communications. J. Supercomput. 55, 207–227 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Alpár, G., Hoepman, JH. (2012). Avoiding Man-in-the-Middle Attacks When Verifying Public Terminals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2011. IFIP Advances in Information and Communication Technology, vol 375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31668-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-31668-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31667-8
Online ISBN: 978-3-642-31668-5
eBook Packages: Computer ScienceComputer Science (R0)