MobileSitter
 
deutsch  englisch
 



Fraunhofer SIT

The Result

The MobileSitter helps a user to manage his secret codes on his own mobile phone. It does not matter if the codes are passwords, PINs or TANs. They will be encrypted in a very specific way and the encrypted result is stored in the MobileSitter. If an unauthorized person gets a hold of the user’s mobile phone and would like to access the secret information, the MobileSitter will bring him to sheer despair. For every master password entered the MobileSitter will return the encryption result belonging to that respective master password. The attacker has the problem that he cannot discern or decide in any way whether the encrypted result offered to him is the correct one or not. When for example a hacker is searching for the PIN of an ec-card, the hacker will not be able to distinguish the code produced by the MobileSitter from a real PIN. The only thing left for him then is to go with the stolen card to a money machine where he has three attempts. The hacker will not have any advantage, even if the user has chosen a weak password. As far as the hacker is concerned, all other candidates for master passwords are equally probable.

Password protection is very similar. The MobileSitter offers the possibility to assign password rules to each password. If a hacker tries to retrieve the assigned password by entering various master passwords, the MobileSitter responds every single time with a combination of characters that corresponds to the password rules assigned to the password. This leaves the hacker no other choice than to enter the password calculated by the MobileSitter for each respective application. The hacker finds himself in a situation where he might just as well try to retrieve the application’s password through trial and error. This means that the hacker does not gain any practical advantage by trying to hack the MobileSitter.

The number of passwords, from which an attacker will have to try to retrieve the correct code, is practically unlimited. To the hacker it seems as if the MobileSitter is returning results for all the master passwords, which could be used as passwords for applications, PINs, or TANs. But the hacker still cannot determine if he has the correct secret code or not. The rightful user, however, realizes immediately that the encryption results represent his correct passwords because of a verification symbol displayed by the MobileSitter when the master password is entered correctly.


nach oben
 
Contact | Imprint, Disclaimer & Linking Policy