Trustworthy Wallet-Based Web Authentication

­­Phishing attacks aim at stealing the user's identity, e.g., financial account data or personal identity data, typically protected in form of user passwords. Besides social engineering tricks, technical subterfuge (malware) is more and more in use to directly retrieve the passwords from the user's computer system. To counter those attacks, we propose a modular platform that uses a trusted wallet to store user's credentials and authenticate the remote bank or e-commerce site as a proxy on behalf of the user. Hence, it does not require specific skills from users, e.g., to distinguish between real and faked web sites by identifying security indicators. To establish a secure execution environment, the wallet executes on top of a virtualization platform based on trusted computing functionality. In that way, the wallet is isolated and protected from other environments which may be compromised by malware.

Architecture of TruWallet:

TruWallet Architecture


Contact persons: Marcel Winandy and Hans Löhr