Michael Steiner, Peter Buhler, et al.
ACM TISSEC
Paper
Authenticating public terminals
Abstract
Automatic teller machines, Internet kiosks etc. are examples of public untrusted terminals which are used to access computer systems. One of the security concerns in such systems is the so called fake terminal attack: the attacker sets up a fake terminal and fools unsuspecting users into revealing sensitive information, such as PINs or private e-mail, in their attempt to use these terminals. In this paper, we examine this problem in different scenarios and propose appropriate solutions. Our basic approach is to find ways for a user to authenticate a public terminal before using it to process sensitive information.
Related
Conference paper
Towards a framework for handling disputes in payment systems
N. Asokan, Els Van Herreweghen, et al.
USENIX EC 1998
J.L. Abad Peiro, N. Asokan, et al.
IBM Systems Journal
G. Karjoth, N. Asokan, et al.
Personal and Ubiquitous Computing