Yusuf Uzunay

Yusuf Uzunay, Kemal Bicakci

Authentication proxies, which store users' secret credentials and submit them to servers on their behalf, offer benefits with respect to security of the authentication and usability of credential management. However, as being a service that is not in control of users, one important problem they suffer is the trust problem; how users trust that their secrets are handled securely in the proxy and not revealed to third parties. In this paper, we present a solution called Trust-in-the-Middle, a TPM based proxy system which ensures that user credentials are securely stored and submitted without disclosing them even if the proxy is compromised. We build our architecture on a trust chain bootstrapped by TPM DRTM and prevent access to credentials if any entity in the chain is maliciously modified. We use remote attestation to guarantee that all critical operations on the proxy are performed securely and credentials are cryptographically protected when they are not in DRTM-supported isolation.

Yasin Uzun, Kemal Bicakci, Yusuf Uzunay

Significant portion of contemporary computer users are children, who are vulnerable to threats coming from the Internet. To protect children from such threats, in this study, we investigate how successfully typing data can be used to distinguish children from adults. For this purpose, we collect a dataset comprising keystroke data of 100 users and show that distinguishing child Internet users from adults is possible using Keystroke Dynamics with equal error rates less than 10 percent. However the error rates increase significantly when there are impostors in the system.