Towards a framework for handling disputes in payment systems
N. Asokan, Els Van Herreweghen, et al.
USENIX EC 1998
Automatic teller machines, Internet kiosks etc. are examples of public untrusted terminals which are used to access computer systems. One of the security concerns in such systems is the so called fake terminal attack: the attacker sets up a fake terminal and fools unsuspecting users into revealing sensitive information, such as PINs or private e-mail, in their attempt to use these terminals. In this paper, we examine this problem in different scenarios and propose appropriate solutions. Our basic approach is to find ways for a user to authenticate a public terminal before using it to process sensitive information.
N. Asokan, Els Van Herreweghen, et al.
USENIX EC 1998
Hervé Debar, Marc Dacier, et al.
Annales des Telecommunications/Annals of Telecommunications
J.L. Abad Peiro, N. Asokan, et al.
IBM Systems Journal
Michael Steiner, Peter Buhler, et al.
ACM TISSEC