Abstract
Nowadays, plenty of digital services are provided to citizens by means of terminals located in public unguarded places. In order to access the desired service, users, authenticate themselves by providing their credentials through such terminals. This approach opens up to the problem of fraudulent devices that could be installed in place of regular terminals to capture users’ confidential information. Indeed, despite the development of increasingly secure systems aiming at guaranteeing an acceptable security level, users are frequently unable to distinguish between terminals on which security measures are enforced (trusted terminals) and malicious terminals that pretend to be trusted.
We deal with this problem by presenting a human-compatible authentication protocol, leveraging Graphical Passwords, helps user to authenticate a terminal before using it. We also present a prototype implementation of this protocol, called TRUST (TRust Unguarded Service Terminals). The usability of our solution has been analyzed by means of a preliminary experimentation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Guo, S., et al.: Design and implementation of the KiosKnet system. Comput. Netw. 55(1), 264–281 (2011)
Yousafzai, S.Y., Pallister, J.G., Foxall, G.R.: A proposed model of e-trust for electronic banking. Technovation 23(11), 847–860 (2003)
Lee, K.C., Kang, I., McKnight, D.H.: Transfer from offline trust to key online perceptions: an empirical study. IEEE Trans. Eng. Manag. 54(4), 729–741 (2007)
Costante, E., Den Hartog, J., Petkovic, M.: On-line trust perception: What really matters. In: 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 52–59. IEEE (2011)
Atoyan, H., Duquet, J.R., Robert, J.M.: Trust in new decision aid systems. In: Proceedings of the 18th Conference on l’Interaction Homme-Machine, pp. 115–122. ACM (2006)
Hoffman, D.L., Novak, T.P., Peralta, M.: Building consumer trust online. Commun. ACM 42(4), 80–85 (1999)
Jiang, J.C., Chen, C.A., Wang, C.C.: Knowledge and trust in e-consumers’ online shopping behavior. In: 2008 International Symposium on Electronic Commerce and Security, pp. 652–656. IEEE (2008)
Hoffman, L.J., Lawson-Jenkins, K., Blum, J.: Trust beyond security: an expanded trust model. Commun. ACM 49(7), 94–101 (2006)
Youll, J.: Fraud vulnerabilities in SiteKey security at bank of America (2006). www.cr-labs.com/publications/SiteKey-20060718.pdf
Karlof, C., Tygar, J.D., Wagner, D.: A user study design for comparing the security of registration protocols. UPSEC 8, 1–14 (2008)
Garriss, S., Berger, S., Sailer, R., van Doorn, L., Zhang, X., et al.: Towards trustworthy kiosk computing. In: Eighth IEEE Workshop on Mobile Computing Systems and Applications, HotMobile 2007, pp. 41–45. IEEE (2007)
Surie, A., Perrig, A., Satyanarayanan, M., Farber, D.J.: Rapid trust establishment for pervasive personal computing. IEEE Pervasive Comput. 6(4), 24–30 (2007)
Weigold, T., Kramp, T., Hermann, R., Höring, F., Buhler, P., Baentsch, M.: The Zurich trusted information channel – an efficient defence against man-in-the-middle and malicious software attacks. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 75–91. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68979-9_6
Masdari, M., Ahmadzadeh, S.: A survey and taxonomy of the authentication schemes in telecare medicine information systems. J. Netw. Comput. Appl. 87, 1–19 (2017)
Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 51–65. IEEE (2007)
Gunson, N., Marshall, D., Morton, H., Jack, M.: User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 30(4), 208–220 (2011)
Weir, C.S., Douglas, G., Carruthers, M., Jack, M.: User perceptions of security, convenience and usability for ebanking authentication tokens. Comput. Secur. 28(1–2), 47–62 (2009)
Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. (CSUR) 44(4), 19 (2012)
Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: 21st Annual Computer Security Applications Conference (ACSAC 2005), p. 10. IEEE (2005)
Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of the 8th USENIX Security Symposium, Washington D.C., USA, pp. 1–15, 23–26 August 1999
Weinshall, D.: Cognitive authentication schemes safe against spyware. In: 2006 IEEE Symposium on Security and Privacy (S&P 2006), p. 6. IEEE (2006)
Catuogno, L., Galdi, C.: On the security of a two-factor authentication scheme. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 245–252. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12368-9_19
Catuogno, L., Galdi, C.: Analysis of a two-factor graphical password scheme. Int. J. Inf. Secur. 13(5), 421–437 (2014)
Martinez-Diaz, M., Fierrez, J., Galbally, J.: Graphical password-based user authentication with free-form doodles. IEEE Trans. Hum. Mach. Syst. 46(4), 607–614 (2016). Cited By 0
Tari, F., Ozok, A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 56–66. ACM (2006)
Asghar, H.J., Steinfeld, R., Li, S., Kaafar, M.A., Pieprzyk, J.: On the linearization of human identification protocols: attacks based on linear algebra, coding theory, and lattices. IEEE Trans. Inf. Forensics Secur. 10(8), 1643–1655 (2015)
Golle, P., Wagner, D.: Cryptanalysis of a cognitive authentication scheme (extended abstract). In: IEEE Symposium on Security and Privacy, pp. 66–70 (2007)
Catuogno, L., Galdi, C.: On user authentication by means of video events recognition. J. Ambient. Intell. Hum. Comput. 5(6), 909–918 (2014)
Jain, L., Vyas, J.: Security analysis of remote attestation. Technical report, CS259 Project Report (2008)
DIS, I.: 9241–210: 2010. ergonomics of human system interaction-part 210: Human-centred design for interactive systems. International Standardization Organization (ISO), Switzerland (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Casola, D., Cattaneo, G., Catuogno, L., Petrillo, U.F., Galdi, C., Roscigno, G. (2019). TRUST: TRust Unguarded Service Terminals. In: Esposito, C., Hong, J., Choo, KK. (eds) Pervasive Systems, Algorithms and Networks. I-SPAN 2019. Communications in Computer and Information Science, vol 1080. Springer, Cham. https://doi.org/10.1007/978-3-030-30143-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-30143-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30142-2
Online ISBN: 978-3-030-30143-9
eBook Packages: Computer ScienceComputer Science (R0)