ITU

Smart-Guard: Defending User Input from Malware

Research output: Conference Article in Proceeding or Book/Report chapterArticle in proceedingsResearchpeer-review

View graph of relations

Trusted input techniques can profoundly enhance
a variety of scenarios like online banking, electronic voting,
Virtual Private Networks, and even commands to a server
or Industrial Control System. To protect the system from
malware of the sender’s computer, input needs to be reliably
authenticated. Previous research in this field is based on fixed
assumptions about trustworthy components and is, thus, too
rigid for this use case.
We present Smart-Guard, a method to protect user input
into a system even if the attacker controls – to us unknown –
parts of the underlying system. Our approach ensures integrity
of user input even when up to two of three devices are
compromised; confidentiality holds for one malicious device.
In this way, Smart-Guard has flexible trust assumptions, and
does not require any particular part of the system to be trusted.
To prove our claims, we formally verified our protocol using
the state-of-the-art protocol verifier ProVerif. Additionally, we
define a new class of techniques, malware tolerance, which operate
securely even when the system is infected with malware.
Original languageEnglish
Title of host publication2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld)
Number of pages8
PublisherIEEE
Publication date8 Aug 2016
Pages502-509
ISBN (Print)978-1-5090-2770-5
DOIs
Publication statusPublished - 8 Aug 2016
EventThe 13th IEEE International Conference on Advanced and Trusted Computing: ATC 2016 - University Paul Sabatier of Toulouse, Toulouse, France
Duration: 18 Jul 201621 Jul 2016
Conference number: 13
https://atc2016.sciencesconf.org/

Conference

ConferenceThe 13th IEEE International Conference on Advanced and Trusted Computing
Nummer13
LocationUniversity Paul Sabatier of Toulouse
LandFrance
ByToulouse
Periode18/07/201621/07/2016
Internetadresse

ID: 81691347