Michael Baentsch

The Zurich Trusted Information Channel --- An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks

This paper introduces the Zurich Trusted Information Channel (ZTIC, for short), a cost-efficient and easy-to-use approach to defend online services from man-in-the-middle and malicious software attacks. A small, cheap to manufacture and zero-installation USB device with a display runs a highly efficient security software stack providing the communications endpoint between server and customer. The insecure user PC is used solely to relay IP packets and display non-critical transaction information. All critical information is parsed out of the mutually-authenticated SSL/TLS connections that the ZTIC establishes to the server and shown on the display for explicit user approval.

JavaCard-from hype to reality

In this final of three related articles about smart card technology, the authors discuss the JavaCard, a much-hyped technology that is finally taking off as a multiapplication smart card. The main reason for the hype is JavaCards potential. Not only would it let all Java programmers develop smart card code, but such code could be downloaded to cards that have already been issued to customers.

Remote Client Authentication

The effectiveness of remote client-authentication schemes varies significantly in relation to todays security challenges, which include phishing, man-in-the-middle attacks, and malicious software. A survey of remote authentication methods shows how each measures up and includes recommendations for solution developers and consumers.

The secure enterprise desktop: changing today's computing infrastructure

An end-user computing environment is characterized by an image which is the ensemble comprising operating system, applications and data) and by the hardware where the image is running. One can essentially distinguish two fundamental approaches: either the image is installed on a given end-user owned computer or the image is run on a server and is remotely accessed by the user through a remote desktop. Both approaches, however, have a disadvantage. In the former case, no network connectivity is required as the image is stored on the local computer, this data is lost when the computer such as a notebook is lost or stolen. Moreover, in an enterprise environment, it is very difficult to control that image and apply patches, check for viruses etc. While the latter approach waives these shortcommings, a continuous network connection is required to work with that virtual machine which may not be always available. With the Secure Enterprise Desktop, we bridge this gap and allow users to use their computer image locally or remotely and ensure that their computer image is continuously synchronized.