Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine

Ravi Chandra Jammalamadaka
University of California, Irvine
USA

Timothy W.van der Horst
Brigham Young University
USA

Sharad Mehrotra
University of California, Irvine
USA

Kent E. Seamons
Brigham Young University
USA

Nalini Venkatasubramanian
University of California, Irvine
USA

Accessing the Internet to perform sensitive transactions from the computers found in cybercaf'es and public libraries is risky. The untrusted nature of these machines creates a target rich environment for identity thieves. A malicious entity can install a simple keystroke logger, a common payload of many viruses, to record and transmit the secret information (e.g., passwords, credit card numbers, PIN numbers) that a user enters into these machines. In addition, sophisticated malware can hijack a user's authenticated session to perform unauthorized transactions masquerading as the user.

This paper presents Delegate, a proxy-based architecture that enables a user to access websites without disclosing any personal information to the untrusted machine. In addition, Delegate enforces rules at the proxy to detect and prevent session hijacking attempts. The architecture requires no special software at Web servers or the untrusted machine, but assumes the user possesses a trusted hardware device like a cell phone. Delegate is designed to strike an appropriate balance between ease of use and security. If concepts from the proposed architecture were supported by Web servers, then some of the same protections Delegate affords to users of untrusted machines could be realized by users on trusted desktop computers when their machines fall prey to spyware or other malware.

Keywords: Web security, session hijacking, malware

Read Paper Read Paper (in PDF)