ABSTRACT
Rural Internet kiosks typically provide weak security guarantees and therefore cannot support secure web access or transaction-oriented applications such as banking and bill payment. We present a practical, unobtrusive and easy-to-use security architecture for rural Internet kiosks that uses a combination of physical and cryptographic mechanisms to protect user data and kiosk infrastructure. Our contributions include (a) a detailed threat analysis of rural Internet kiosks, b) a security architecture for rural Internet kiosks that does not require any specialized hardware features in kiosks, and (c) an application-independent and backward-compatible security API for securely sending and receiving data between kiosks and the Internet that can operate over disconnection-tolerant links.
- N. Asokan, K. Kostianinen, P. Ginzboorg, J. Ott, and C. Luo. Towards Securing Disruption-Tolerant Networking. Technical Report NRC-TR-2007-007, Nokia Research Center, March 2007.Google Scholar
- D. Clarke, B. Gassend, T. Kotwal, M. Burnside, M. van Dijk, S. Devadas, and R. Rivest. The Untrusted Computer Problem and Camera-Based Authentication. In Proc. of Int'l Conference on Pervasive Computing (Pervasive 2002), pages 114--124, August 2002. Google ScholarDigital Library
- S. Farrell, S. Symington, H. Weiss, and P. Lovell. Delay-Tolerant Networking Security Overview - draft-irtf-dtnrg-sec-overview-03. Internet Draft, July 2007.Google Scholar
- S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and Z. Zhang. Towards Trustworthy Kiosk Computing. In Proc. of 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile'07), pages 41--45, February 2007. Google ScholarDigital Library
- S. Guo, M. H. Falaki, E. A. Oliver, S. Ur Rahman, A. Seth, M. A. Zaharia, U. Ismail, and S. Keshav. Design and Implementation of the KioskNet System. In Proc. of IEEE/ACM International Conference on Information and Communication Technologies and Development (ICTD2007), December 2007.Google ScholarCross Ref
- P. Gutmann. Plug-and-Play PKI: A PKI your Mother can Use. In Proc. of 12th USENIX Security Symposium, pages 45--58, August 2003. Google ScholarDigital Library
- A. Kate, G. Zaverucha, and U. Hengartner. Anonymity and Security in Delay Tolerant Networks. In Proc. of 3rd Int'l Conference on Security and Privacy in Communication Networks (SecureComm 2007), September 2007.Google ScholarCross Ref
- A. Oprea, D. Balfanz, G. Durfee, and D. K. Smetters. Securing a Remote Terminal Application with a Mobile Trusted Device. In Proc. of 20th Annual Computer Security Applications Conference (ACSAC 2004), pages 438--447, December 2004. Google ScholarDigital Library
- A. Seth and S. Keshav. Practical Security for Disconnected Nodes. In Proc. of 1st Workshop on Secure Network Protocols (NPSec 2005), pages 31--36, 2005. Google ScholarDigital Library
- A. Seth, D. Kroeker, M. Zaharia, S. Guo, and S. Keshav. Low-cost Communication for Rural Internet Kiosks Using Mechanical Backhaul. In Proc. of 12th Int'l Conference on Mobile Computing and Networking (MOBICOM 2006), pages 334--345, September 2006. Google ScholarDigital Library
- R. Sharp, J. Scott, and A. R. Beresford. Secure Mobile Computing via Public Terminals. In Proc. of 4th Int'l Conference on Pervasive Computing (Pervasive 2006), pages 238--253, May 2006. Google ScholarDigital Library
- A. Surie, A. Perrig, M. Satyanarayanan, and D. J. Farber. Rapid Trust Establishment for Pervasive Personal Computing. IEEE Pervasive Computing, 6(4):24--30, October-December 2007. Google ScholarDigital Library
- Telecentre.org. http://www.telecentre.org. Accessed May 2008.Google Scholar
- Tetherless Computing Group. http://blizzard.cs.uwaterloo.ca/tetherless. Accessed May 2008.Google Scholar
- Trusted Computing Group. https://www.trustedcomputinggroup.org. Accessed May 2008.Google Scholar
- S. Ur Rahman, U. Hengartner, U. Ismail, and S. Keshav. Securing KioskNet: A Systems Approach. Technical Report CS-2007-43, David R. Cheriton School of Computer Science, University of Waterloo, November 2007.Google Scholar
Index Terms
- Practical security for rural internet kiosks
Recommendations
Low-cost communication for rural internet kiosks using mechanical backhaul
MobiCom '06: Proceedings of the 12th annual international conference on Mobile computing and networkingRural kiosks in developing countries provide a variety of services such as birth, marriage, and death certificates, electricity bill collection, land records, email services, and consulting on medical and agricultural problems. Fundamental to a kiosk's ...
Internet of Things security
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
Comments