ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
SessionMagnifier: a simple approach to secure and convenient kiosk browsing
Full text PdfPdf (484 KB)
Source
ACM International Conference Proceeding Series archive
Proceedings of the 11th international conference on Ubiquitous computing table of contents
Orlando, Florida, USA
SESSION: Security & access table of contents
Pages 125-134  
Year of Publication: 2009
ISBN:978-1-60558-431-7
Authors
Chuan Yue  The College of William and Mary, Williamsburg, VA, USA
Haining Wang  The College of William and Mary, Williamsburg, VA, USA
Sponsors
ACM: Association for Computing Machinery
SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 18,   Downloads (12 Months): 18,   Citation Count: 0
Additional Information:

abstract   references   index terms  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1620545.1620566
What is a DOI?

ABSTRACT

Many people use public computers to browse the Web and perform important online activities. However, public computers are usually far less trustworthy than peoples' own computers because they are more vulnerable to various security attacks. In this paper, we propose SessionMagnifier, a simple approach to secure and convenient kiosk browsing. The key idea of SessionMagnifier is to enable an extended browser on a mobile device and a regular browser on a public computer to collaboratively support a Web session. This approach simply requires a SessionMagnifier browser extension to be installed on a trusted mobile device. A user can securely perform sensitive interactions on the mobile device and conveniently perform other browsing interactions on the public computer. We implemented SessionMagnifier for Mozilla's Fennec browser and evaluated it on a Nokia N810 Internet Tablet. Our evaluation and analysis demonstrate that SessionMagnifier is simple, secure, and usable.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
D. Balfanz and E.W. Felten. Hand-held computers can be better smart cards. In Proc. of the USENIX Security Symposium, 1999.
 
2
S. Chiasson, P. van Oorschot, and R. Biddle. A usability study and critique of two password managers. In Proc. of the USENIX Security Symposium, 2006.
 
3
D.E. Clarke, B. Gassend, T. Kotwal, M. Burnside, M. van Dijk, S. Devadas, and R. L. Rivest. The untrusted computer problem and camera-based authentication. In Proc. of the Pervasive Computing, 2002.
 
4
D. Florencio and C. Herley. Klassp: Entering passwords on a spyware infected machine using a shared-secret proxy. In Proc. of the ACSAC, 2006.
 
5
S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Trustworthy and personalized computing on public kiosks. In Proc. of the MobiSys, 2008.
 
6
R.C. Jammalamadaka, T.W. van der Horst, S. Mehrotra, K.E. Seamons, and N. Venkasubramanian. Delegate: A proxy based architecture for secure website access from an untrusted machine. In Proc. of the ACSAC, 2006.
 
7
M. Mannan and P.C. van Oorschot. Using a personal device to strengthen password authentication from an untrusted computer. In Proc. of the Financial Cryptography, 2007.
 
8
N.B. Margolin, M. Wright, and B.N. Levine. Guardian: A framework for privacy control in untrusted environments. Technical Report, University of Massachusetts, Amherst, 2004.
 
9
J.M. McCune, A. Perrig, and M.K. Reiter. Bump in the ether: a framework for securing sensitive user input. In Proc. of the USENIX Annual Technical Conference, 2006.
 
10
A. Oprea, D. Balfanz, G. Durfee, and D.K. Smetters. Securing a remote terminal application with a mobile trusted device. In Proc. of the ACSAC, 2004.
 
11
B. Parno, C. Kuo, and A. Perrig. Phoolproof phishing prevention. In Proc. of the Financial Cryptography, 2006.
 
12
T. Richardson, Q. Stafford-Fraser, K.R. Wood, and A. Hopper. Virtual network computing. IEEE Internet Computing, 2(1):33--38, 1998.
 
13
S.J. Ross, J.L. Hill, M.Y. Chen, A.D. Joseph, D.E. Culler, and E.A. Brewer. A composable framework for secure multi-modal access to internet services from post-pc devices. Mob. Netw. Appl., 7(5):389--406, 2002.
 
14
R. Sharp, A. Madhavapeddy, R. Want, and T. Pering. Enhancing web browsing security on public terminals using mobile composition. In Proceeding of the MobiSys, 2008.
 
15
R. Sharp, J. Scott, and A.R. Beresford. Secure mobile computing via public terminals. In Proc. of the Pervasive Computing, 2006.
 
16
R. Want, T. Pering, G. Danneels, M. Kumar, M. Sundar, and J. Light. The personal server: Changing the way we think about ubiquitous computing. In Proc. of the Ubicomp, 2002.
 
17
M. Wu, S. Garfinkel, and R. Miller. Secure web authentication with mobile phones. In Proc. of the DIMACS Workshop on Usable Privacy and Security Software, 2004.
 
18
https://developer.mozilla.org/en/Extensions.
 
19
http://msdn.microsoft.com/en-us/library/aa753587(VS.85).aspx.
 
20
http://en.wikipedia.org/wiki/Ajax\_(programming).
 
21
http://en.wikipedia.org/wiki/Likert\_scale.
 
22
5 safety tips for using a public computer. http://www.microsoft.com/protect/yourself/mobile/publicpc.mspx.
 
23
Fennec. https://wiki.mozilla.org/Fennec.

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.4 INFORMATION SYSTEMS APPLICATIONS
      H.4.3 Communications Applications
          Subjects: Information browsers

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: User-centered design

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses); Unauthorized access (e.g., hacking, phreaking); Authentication


General Terms:
Design, Experimentation, Human Factors, Security


Keywords:
ajax., kiosk, mobile device, security, usability, web browsing


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player