Extending the Trusted Path in Client-Server Interaction.pdf

a r X i v : c s / 0 6 1 1 1 0 2 v 1 [ c s .C R ] 2 1 N o v 2 0 0 6 Extending the Trusted Path in Client-Server Interaction Hanno Langweg and Tommy Kristiansen Norwegian Information Security Laboratory – NISlab Department of Computer Science and Media Technology, Gj?vik University College P.O. Box 191, 2802 Gj?vik, Norway hanno.langweg@hig.no Abstract We present a method to secure the complete path between a server and the local human user at a network node. This is useful for scenarios like internet banking, electronic sig- natures, or online voting. Protection of input authenticity and output integrity and authenticity is accomplished by a combination of traditional and novel technologies, e.g., SSL, ActiveX, and DirectX. Our approach does not require administrative privileges to deploy and is hence suitable for consumer applications. Results are based on the implemen- tation of a proof-of-concept application for the Windows platform. 1 Introduction Interacting with the local human user is the weak point in client-server communications. While machines can em- ploy cryptographical mechanisms to ensure authenticity, in- tegrity, and confidentiality of communication, humans are not capable of this. They rely on their local computer to present data and transmit their input to a server reliably. Today’s operating systems provide protection against unauthorized modification of operating system components and offer mechanisms like discretionary access control and process separation to users and processes. Often, all pro- cesses of the same user operate with the same privileges. Malicious software (malware) can exploit this fact to read input destined for other processes (e.g. a keylogger) or modify the output displayed to the user (e.g. local phishing attack). Some banks in South Korea already – including, e.g., Korea Exchange Bank and Woori Bank – use ActiveX- based tools to prevent the successful use of keyloggers dur- ing internet banking, apparently after larg