Trusted path

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A trusted path or trusted channel is a mechanism that provides confidence that the user is communicating with what the user intended to communicate with, ensuring that attackers can't intercept or modify whatever information is being communicated.

The term was initially introduced by Orange Book.[1] As its security architecture concept, it can be implemented with any technical safeguards suitable for particular environment and risk profile.


Electronic signature[edit]

In Common Criteria[2] and European Union electronic signature standards trusted path and trusted channel describe techniques that prevent interception or tampering with sensitive data as it passes through various system components:

  • trusted path — protects data from the user and a security component (e.g. PIN sent to a smart card to unblock it for digital signature),
  • trusted channel — protects data between security component and other information resources (e.g. data read from a file and sent to the smart card for signature).

User login[edit]

One of popular techniques for password stealing in Microsoft Windows was login spoofing, which was based on programs that simulated operating system's login prompt. When users try to log in, the fake login program can then capture user passwords for later use. As a safeguard Windows NT introduced Ctrl-Alt-Del sequence as secure attention key to escape any third party programs and invoke system login prompt.[3]

Similar problem arises in case of websites requiring authentication, where the user is expected to enter his or her credentials without actually knowing if the website is not spoofed. HTTPS mitigates this attack by first authenticating the server to the user (using trust anchor and certification path validation algorithm), and only then displaying the login form.


  1. ^ Trusted Path: The TCB shall support a trusted communication path between itself and user for initial login and authentication. Communications via this path shall be initiated exclusively by a user., Orange Book
  2. ^ ISO/IEC 15408-1, Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model, 2005
  3. ^ Yee, Ka-Ping. "User Interaction Design for Secure Systems".