SMARTPROXY: Secure Smartphone-Assisted Login on Compromised Machines
Source: Ruhr-University Bochum
In modern attacks, the attacker's goal often entails illegal gathering of user credentials such as passwords or browser cookies from a compromised web browser. An attacker first compromises the computer via some kind of attack, and then uses the control over the system to steal interesting data that she can utilize for other kinds of attacks (e. g., impersonation attacks). Protecting user credentials from such attacks is a challenging task, especially if the authors assume to not have trustworthy computer systems. While users may be inclined to trust their personal computers and Smartphone's, they might not invest the same confidence in the external machines of others, although they sometimes have no choice but to rely on them, e.g., in their co-workers' offices.