Trusted path

A trusted path or trusted channel is a mechanism that provides confidence that the user is communicating with what the user intended to communicate with, ensuring that attackers can't intercept or modify whatever information is being communicated.

The term was initially introduced by Orange Book.[1] As its security architecture concept, it can be implemented with any technical safeguards suitable for particular environment and risk profile.

Examples

Electronic signature

In Common Criteria[2] and European Union electronic signature standards trusted path and trusted channel describe techniques that prevent interception or tampering with sensitive data as it passes through various system components:

  • trusted path — protects data from the user and a security component (e.g. PIN sent to a smart card to unblock it for digital signature),
  • trusted channel — protects data between security component and other information resources (e.g. data read from a file and sent to the smart card for signature).

User login

One of popular techniques for password stealing in Microsoft Windows was login spoofing, which was based on programs that simulated operating system's login prompt. When users try to log in, the fake login program can then capture user passwords for later use. As a safeguard Windows NT introduced Ctrl-Alt-Del sequence as secure attention key to escape any third party programs and invoke system login prompt.[3]

Similar problem arises in case of websites requiring authentication, where the user is expected to enter his or her credentials without actually knowing if the website is not spoofed. HTTPS mitigates this attack by first authenticating the server to the user (using trust anchor and certification path validation algorithm), and only then displaying the login form.

gollark: Do you really want to go there? *Really*?
gollark: Skynet has:- very simple publish/subscribe mechanism- actual protocol documentation- good performance- working client codeSPUDNET has:- vastly complicated node.js monolith which fails to scale- client code rewritten repeatedly because it's more complex and needs different environment things- documentation scattered across random Discord channels, some of which doesn't mention important features, plus similarly scattered code samples- 17249182649124 kilofeatures such as private channels, comm mode, the reporting system, HTTP-only mode- better acronym- potatOS
gollark: It's outdated, SPUDNET is better anyway.
gollark: No, I made skynet, for purposes.
gollark: https://github.com/osmarks/skynet

References

  1. 3.2.2.1.1 Trusted Path: The TCB shall support a trusted communication path between itself and user for initial login and authentication. Communications via this path shall be initiated exclusively by a user., Orange Book
  2. ISO/IEC 15408-1, Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model, 2005
  3. Yee, Ka-Ping. "User Interaction Design for Secure Systems". CiteSeerX 10.1.1.65.5837. Cite journal requires |journal= (help)
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.