Trusted communications path

/* Common style for 2011 banners */

/* Suppress lock icon for secure links in the banner */ background-image: none !important; padding: 0 !important; }
 * 1) centralNotice a[href^="https://"], .link-https {

/* Set a grey border, grey background, etc. */ .cn-fundraiser-banner { position: relative; border: 1px solid silver; margin-bottom: 0.5em !important; padding-top: 1em; padding-bottom: 1em; text-align:center; }

/* Put the little X in the top-right (ltr) or top-left (rtl) corner */ position: absolute; z-index: 51; top: 7px; } body.ltr #cn-toggle-box { right: 7px; } body.rtl #cn-toggle-box { left: 7px; } display: block; }
 * 1) cn-toggle-box {
 * 1) cn-toggle-box img {

/* Put the big X in the top-right (ltr) or top-left (rtl) corner */ position: absolute; z-index: 51; top: 5px; } body.ltr #cn-close-box { right: 5px; } body.rtl #cn-close-box { left: 5px; } display: block; }
 * 1) cn-close-box {
 * 1) cn-close-box img {

/* Bold, blue text */ .cn-blue-text { font-weight: bold; color: #6e98c2; text-align: center; font-size: 1.3em; }

/* Bigger bold, blue text */ .cn-bold-blue-text { font-size: 2.25em; font-weight: bold; color: navy; text-align: center; padding: 0.5em !important; line-height: 1em; direction: ltr; // Temporary fix for FRDrill 6. Will be removed later (breaks RTL when we have translations) }

/* For buttons in the lower right (ltr) or left (rtl) corner */ .cn-bottom-right-float { position: absolute; z-index: 50; bottom: 1em; } body.ltr .cn-bottom-right-float { right: 1em; } body.rtl .cn-bottom-right-float { left: 1em; } /* For buttons in the upper left (ltr) or right (rtl) corner */ .cn-top-left-float { position: absolute; z-index: 50; top: 1em; } body.ltr .cn-top-left-float { left: 1em; } body.rtl .cn-top-left-float { right: 1em; }

/* To make the entire banner clickable */ a.cn-full-banner-click { display:block; position:relative; height:100%; width:100%; }#notice-button-2011 { height: 30px; text-align: center; } body.ltr #notice-button-2011 { float: right; } body.rtl #notice-button-2011 { float: left; }

float: right; background-image: url(//upload.wikimedia.org/wikipedia/foundation/a/a7/CNtranslatebutton2.png); background-position: right bottom; width: 4px; height: 30px; }
 * 1) notice-button-2011-start {

float: right; background-image: url(//upload.wikimedia.org/wikipedia/foundation/a/a7/CNtranslatebutton2.png); background-position: left top; width: 4px; height: 30px; } float: right; background-image: url(//upload.wikimedia.org/wikipedia/foundation/a/a7/CNtranslatebutton2.png); background-position: center center; background-repeat: repeat-x; font-family: sans-serif; font-size: 1em; font-weight: bold; color: black; line-height: 30px; height: 30px; padding: 0 4px; white-space: nowrap; text-decoration: none; cursor: pointer; }
 * 1) notice-button-2011-end {
 * 1) notice-button-2011-label {

text-decoration: none; cursor: pointer; }
 * 1) notice-button-2011-label:hover{

position:absolute; height: 30px; text-align: center; bottom: 15px; } body.ltr #notice-button-2011-Editor { left: 40px; } body.rtl #notice-button-2011-Editor { right: 40px; }
 * 1) notice-button-2011-Editor {

float: left; background-image: url(//upload.wikimedia.org/wikipedia/foundation/a/a7/CNtranslatebutton2.png); background-position: left top; width: 4px; height: 30px; }
 * 1) notice-button-2011-start-Editor {

float: left; background-image: url(//upload.wikimedia.org/wikipedia/foundation/a/a7/CNtranslatebutton2.png); background-position: right bottom; width: 4px; height: 30px; } float: left; background-image: url(//upload.wikimedia.org/wikipedia/foundation/a/a7/CNtranslatebutton2.png); background-position: center center; background-repeat: repeat-x; font-family: sans-serif; font-size: .5em; font-weight: bold; color: black; line-height: 30px; height: 30px; padding: 0 4px; white-space: nowrap; }#B12_JimmyBlank { position: absolute; background-image: url(//upload.wikimedia.org/wikipedia/foundation/b/b5/Jimmy_ks_close.png); background-repeat: no-repeat; margin-bottom: 0.5em !important; border: solid 1px silver; height:172px; overflow: hidden; display: none; }
 * 1) notice-button-2011-end-Editor {
 * 1) notice-button-2011-label-Editor {

body.ltr #B12_JimmyBlank { background-position: bottom left; display: none; } body.rtl #B12_JimmyBlank { background-position: bottom right; display: none; }

text-decoration: none; }
 * 1) B12_JimmyBlank a {

text-decoration: none; }
 * 1) B12_JimmyBlank a:hover {

text-decoration: underline; }
 * 1) cn-bold-blue-text:hover {

/* Bigger bold, blue text */ font-size: 2.25em; font-weight: bold; font-family: Helvetica, Arial, sans-serif; color: navy; padding: 1.5em 80px 0.8em 210px; line-height: 1em; text-align:center; }[https://donate.wikimedia.org/wiki/Special:FundraiserLandingPage?uselang=en&country=US&template=Lp-layout-default&appeal-template=Appeal-template-default&appeal=Appeal-default&infobox=Default&form-template=Form-template-default&form-countryspecific=Form-countryspecific-control&utm_medium=sitenotice&utm_source=B12_JimmyBlank_US&utm_campaign=C12_bitest_USPlease read: a personal appeal from Wikipedia founder Jimmy Wales] Read now =Trusted path= From Wikipedia, the free encyclopedia Jump to: navigation, search{| class="metadata plainlinks ambox ambox-content ambox-Unreferenced" A trusted path is simply some mechanism that provides confidence that the user is communicating with what the user intended to communicate with, ensuring that attackers can't intercept or modify whatever information is being communicated.
 * 1) B12_JimmyBlank #cn-bold-blue-text {
 * class="mbox-image"|
 * class="mbox-text"|This article does not cite any references or sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (July 2010)
 * }

As such it is the counterpart to needing trustworthy channels in that it assures users that they really are working with the program or system they intended to use.

The traditional example is a 'fake login' program (e.g.: a program is written to look like the login screen of a system, as in Login spoofing). When users try to log in, the fake login program can then capture user passwords for later use.

According to Yee, Ka-Ping. "User Interaction Design for Secure Systems". http://people.ischool.berkeley.edu/~ping/sid/uidss.pdf. Principle of the Trusted Path. The most important input and output channels are those used to manipulate authorities; if these channels can be spoofed or corrupted, the system has a security vulnerability. Hence the principle of the trusted path: the user must have an unspoofable and incorruptible channel to any entity trusted to manipulate authorities on the user's behalf. The authority-manipulating entity could be a number of different things, depending on the domain. In an operating system, the authority-manipulating entities would be the operating system and user interface components for handling authorities. Microsoft Windows, for example, provides a trusted path to its login window by requiring the user to press Ctrl+Alt+Del. This key sequence causes a non-maskable interrupt that can only be intercepted by the operating system, thus guaranteeing that the login window cannot be spoofed by any application. This issue also needs to be addressed in any language system for running untrusted code, such as Java.

[edit] Examples of Problems of Untrusted Paths

 * As mentioned above, if the login prompt is spoofed, or if the channel is merely eavesdropped, the user's password can be acquired.
 * If you hand your credit card to a dishonest waiter when paying a restaurant bill, there is a risk that your credit card details may be copied, and subsequently used for fraudulent transactions.
 * If your postal mail is delivered to via an insecure mailbox, an identity thief may be able to learn information about you.
 * If you type in a command to a shell, command prompt, or any other system, there may be some other process on the computer that can monitor and/or insert keystrokes.

[edit] History
An early reference to a trusted path is from the Orange Book:
 * 3.2.2.1.1 Trusted Path
 * The TCB shall support a trusted communication path between itself and user for initial login and authentication. Communications via this path shall be initiated exclusively by a user.

[edit] Solutions
There have been different approaches to building trusted paths. Some are implemented purely in software, and we need to believe that the software is correct. The famous Ctrl-Alt-Del sequence is not purely implemented in software, but there is no hardware indication to the user that the secure software is activated.

Some smart card readers also have keypads that mean the PIN need not be entered on the untrustworthy PC keyboard.

Retrieved from "http://en.wikipedia.org/w/index.php?title=Trusted_path&oldid=469655932" Categories: Hidden categories:
 * Computer network security
 * Communication stubs
 * Articles lacking sources from July 2010
 * All articles lacking sources
 * Article Feedback 5