research-article

SessionMagnifier: a simple approach to secure and convenient kiosk browsing

Authors:

Haining WangAuthors Info & Claims

UbiComp '09: Proceedings of the 11th international conference on Ubiquitous computing

Pages 125 - 134

https://doi.org/10.1145/1620545.1620566

Published: 30 September 2009 Publication History

Abstract

Many people use public computers to browse the Web and perform important online activities. However, public computers are usually far less trustworthy than peoples' own computers because they are more vulnerable to various security attacks. In this paper, we propose SessionMagnifier, a simple approach to secure and convenient kiosk browsing. The key idea of SessionMagnifier is to enable an extended browser on a mobile device and a regular browser on a public computer to collaboratively support a Web session. This approach simply requires a SessionMagnifier browser extension to be installed on a trusted mobile device. A user can securely perform sensitive interactions on the mobile device and conveniently perform other browsing interactions on the public computer. We implemented SessionMagnifier for Mozilla's Fennec browser and evaluated it on a Nokia N810 Internet Tablet. Our evaluation and analysis demonstrate that SessionMagnifier is simple, secure, and usable.

References

[1]

D. Balfanz and E.W. Felten. Hand-held computers can be better smart cards. In Proc. of the USENIX Security Symposium, 1999.

Digital Library

[2]

S. Chiasson, P. van Oorschot, and R. Biddle. A usability study and critique of two password managers. In Proc. of the USENIX Security Symposium, 2006.

Digital Library

[3]

D.E. Clarke, B. Gassend, T. Kotwal, M. Burnside, M. van Dijk, S. Devadas, and R. L. Rivest. The untrusted computer problem and camera-based authentication. In Proc. of the Pervasive Computing, 2002.

Digital Library

[4]

D. Florencio and C. Herley. Klassp: Entering passwords on a spyware infected machine using a shared-secret proxy. In Proc. of the ACSAC, 2006.

Digital Library

[5]

S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Trustworthy and personalized computing on public kiosks. In Proc. of the MobiSys, 2008.

Digital Library

[6]

R.C. Jammalamadaka, T.W. van der Horst, S. Mehrotra, K.E. Seamons, and N. Venkasubramanian. Delegate: A proxy based architecture for secure website access from an untrusted machine. In Proc. of the ACSAC, 2006.

Digital Library

[7]

M. Mannan and P.C. van Oorschot. Using a personal device to strengthen password authentication from an untrusted computer. In Proc. of the Financial Cryptography, 2007.

Digital Library

[8]

N.B. Margolin, M. Wright, and B.N. Levine. Guardian: A framework for privacy control in untrusted environments. Technical Report, University of Massachusetts, Amherst, 2004.

[9]

J.M. McCune, A. Perrig, and M.K. Reiter. Bump in the ether: a framework for securing sensitive user input. In Proc. of the USENIX Annual Technical Conference, 2006.

Digital Library

[10]

A. Oprea, D. Balfanz, G. Durfee, and D.K. Smetters. Securing a remote terminal application with a mobile trusted device. In Proc. of the ACSAC, 2004.

Digital Library

[11]

B. Parno, C. Kuo, and A. Perrig. Phoolproof phishing prevention. In Proc. of the Financial Cryptography, 2006.

Digital Library

[12]

T. Richardson, Q. Stafford-Fraser, K.R. Wood, and A. Hopper. Virtual network computing. IEEE Internet Computing, 2(1):33--38, 1998.

Digital Library

[13]

S.J. Ross, J.L. Hill, M.Y. Chen, A.D. Joseph, D.E. Culler, and E.A. Brewer. A composable framework for secure multi-modal access to internet services from post-pc devices. Mob. Netw. Appl., 7(5):389--406, 2002.

Digital Library

[14]

R. Sharp, A. Madhavapeddy, R. Want, and T. Pering. Enhancing web browsing security on public terminals using mobile composition. In Proceeding of the MobiSys, 2008.

Digital Library

[15]

R. Sharp, J. Scott, and A.R. Beresford. Secure mobile computing via public terminals. In Proc. of the Pervasive Computing, 2006.

Digital Library

[16]

R. Want, T. Pering, G. Danneels, M. Kumar, M. Sundar, and J. Light. The personal server: Changing the way we think about ubiquitous computing. In Proc. of the Ubicomp, 2002.

Digital Library

[17]

M. Wu, S. Garfinkel, and R. Miller. Secure web authentication with mobile phones. In Proc. of the DIMACS Workshop on Usable Privacy and Security Software, 2004.

[18]

https://developer.mozilla.org/en/Extensions.

[19]

http://msdn.microsoft.com/en-us/library/aa753587(VS.85).aspx.

[20]

http://en.wikipedia.org/wiki/Ajax\_(programming).

[21]

http://en.wikipedia.org/wiki/Likert\_scale.

[22]

5 safety tips for using a public computer. http://www.microsoft.com/protect/yourself/mobile/publicpc.mspx.

[23]

Fennec. https://wiki.mozilla.org/Fennec.

Cited By

Zheng SZhou ZTang HYang X(2019)SwitchMan: An Easy-to-Use Approach to Secure User Input and Output2019 IEEE Security and Privacy Workshops (SPW)10.1109/SPW.2019.00029(105-113)Online publication date: May-2019
https://doi.org/10.1109/SPW.2019.00029
Sukanya SSaravanan M(2017)Image based password authentication system for banks2017 International Conference on Information Communication and Embedded Systems (ICICES)10.1109/ICICES.2017.8070764(1-8)Online publication date: Feb-2017
https://doi.org/10.1109/ICICES.2017.8070764
Prajitha M V Rekha P Amrutha George A (2015)A secured authentication protocol which resist password reuse attack2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS)10.1109/ICIIECS.2015.7193082(1-5)Online publication date: Mar-2015
https://doi.org/10.1109/ICIIECS.2015.7193082
Show More Cited By

Index Terms

SessionMagnifier: a simple approach to secure and convenient kiosk browsing

Recommendations

RSVP Browser: Web Browsing on Small Screen Devices

In this paper, we illustrate the use of space-time trade-offs for information presentation on small screens. We propose the use of Rapid Serial Visual Presentation (RSVP) to provide a rich set of navigational information for Web browsing. The principle ...
Designing and Implementing the OP and OP2 Web Browsers

Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern ...
Not quite the average: An empirical study of Web use

In the past decade, the World Wide Web has been subject to dramatic changes. Web sites have evolved from static information resources to dynamic and interactive applications that are used for a broad scope of activities on a daily basis. To examine the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

UbiComp '09: Proceedings of the 11th international conference on Ubiquitous computing

September 2009

292 pages

ISBN:9781605584317

DOI:10.1145/1620545

General Chair:
Sumi Helal
University of Florida, USA
,
Program Chairs:
Hans Gellersen
Lancaster University, UK
,
Sunny Consolvo
Intel Labs, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 September 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

Ubicomp '09

Sponsor:

Ubicomp '09: The 11th International Conference on Ubiquitous Computing

September 30 - October 3, 2009

Florida, Orlando, USA

Acceptance Rates

UbiComp '09 Paper Acceptance Rate 31 of 251 submissions, 12%;

Overall Acceptance Rate 764 of 2,912 submissions, 26%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
343
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zheng SZhou ZTang HYang X(2019)SwitchMan: An Easy-to-Use Approach to Secure User Input and Output2019 IEEE Security and Privacy Workshops (SPW)10.1109/SPW.2019.00029(105-113)Online publication date: May-2019
https://doi.org/10.1109/SPW.2019.00029
Sukanya SSaravanan M(2017)Image based password authentication system for banks2017 International Conference on Information Communication and Embedded Systems (ICICES)10.1109/ICICES.2017.8070764(1-8)Online publication date: Feb-2017
https://doi.org/10.1109/ICICES.2017.8070764
Prajitha M V Rekha P Amrutha George A (2015)A secured authentication protocol which resist password reuse attack2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS)10.1109/ICIIECS.2015.7193082(1-5)Online publication date: Mar-2015
https://doi.org/10.1109/ICIIECS.2015.7193082
Yue CRowland C(2012)Preventing the revealing of online passwords to inappropriate websites with logininspectorProceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques10.5555/2432523.2432529(67-82)Online publication date: 9-Dec-2012
https://dl.acm.org/doi/10.5555/2432523.2432529
Arthur ROlsen D(2012)Privacy-aware shared UI toolkit for nomadic environmentsSoftware—Practice & Experience10.1002/spe.108542:5(601-628)Online publication date: 1-May-2012
https://dl.acm.org/doi/10.1002/spe.1085
Arthur ROlsen D(2011)XICE windowing toolkitACM Transactions on Computer-Human Interaction10.1145/1993060.199306418:3(1-46)Online publication date: 8-Aug-2011
https://dl.acm.org/doi/10.1145/1993060.1993064

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten