Towards Trustworthy and Secure Kiosk Computing for Mobile Users

Abstract

A mobile device that a user carries around usually contains data private to the user but has restricted human-device interaction capabilities. There is, however, no lack of stationary computers, or kiosks, with rich computing and user interaction resources in a userpsilas typical surrounding environment. Security is a concern when integrating a mobile device with an environment kiosk. In particular, the mobile user needs to be assured that the environment kiosk that he is using does not contain malicious code that may exploit his sensitive data on device, and that such sensitive data will not be left on the kiosk for attackers to exploit. In this paper, we present an OS-agnostic approach for trustworthy and secure kiosk computing. Our approach supports secure user session initiation, strong session isolation and quick session startup, and mitigates a number of security threats such as man-in-the-middle attack, session stealing attack, and keyboard tampering attack.