TRUST: TRust Unguarded Service Terminals

Abstract

Nowadays, plenty of digital services are provided to citizens by means of terminals located in public unguarded places. In order to access the desired service, users, authenticate themselves by providing their credentials through such terminals. This approach opens up to the problem of fraudulent devices that could be installed in place of regular terminals to capture users’ confidential information. Indeed, despite the development of increasingly secure systems aiming at guaranteeing an acceptable security level, users are frequently unable to distinguish between terminals on which security measures are enforced (trusted terminals) and malicious terminals that pretend to be trusted. We deal with this problem by presenting a human-compatible authentication protocol, leveraging Graphical Passwords, helps user to authenticate a terminal before using it. We also present a prototype implementation of this protocol, called TRUST (TRust Unguarded Service Terminals). The usability of our solution has been analyzed by means of a preliminary experimentation.