A Trusted UI for the Mobile Web

Abstract : Modern mobile devices come with first class web browsers that rival their desktop counterparts in power and popularity. However, recent publications point out that mobile browsers are particularly susceptible to attacks on web authentication, such as phishing or clickjacking. We analyze those attacks and find that existing countermeasures from desktop computers can not be easily transfered to the mobile world. The attacks’ root cause is a missing trusted UI for security critical requests. Based on this result, we provide our approach, the MobileAuthenticator, that establishes a trusted path to the web application and reliably prohibits the described attacks. With this approach, the user only needs one tool to protect any number of mobile web application accounts. Based on the implementation as an app for iOS and Android respectively, we evaluate the approach and show that the underlying interaction scheme easily integrates into legacy web applications.
Type de document :
Communication dans un congrès
Nora Cuppens-Boulahia; Frédéric Cuppens; Sushil Jajodia; Anas Abou El Kalam; Thierry Sans. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. Springer, IFIP Advances in Information and Communication Technology, AICT-428, pp.127-141, 2014, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-642-55415-5_11〉
Liste complète des métadonnées

Littérature citée [14 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01370360
Contributeur : Hal Ifip <>
Soumis le : jeudi 22 septembre 2016 - 14:23:48
Dernière modification le : jeudi 22 septembre 2016 - 15:14:44

Fichier

978-3-642-55415-5_11_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Bastian Braun, Johannes Koestler, Joachim Posegga, Martin Johns. A Trusted UI for the Mobile Web. Nora Cuppens-Boulahia; Frédéric Cuppens; Sushil Jajodia; Anas Abou El Kalam; Thierry Sans. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. Springer, IFIP Advances in Information and Communication Technology, AICT-428, pp.127-141, 2014, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-642-55415-5_11〉. 〈hal-01370360〉

Partager

Métriques

Consultations de la notice

65

Téléchargements de fichiers

40