儘管偷竊隱私的手法不斷翻新,鍵盤側錄在實際的案例中仍是名列前茅。攻擊者可以藉由側錄程式得到使用者的密碼,並直接偽裝成使用者偷竊資訊,這在公用電腦上尤其可見。然而,目前的防禦措施仍因要求權限過高、速度緩慢、或是只適用於特定服務等問題,而無法廣泛應用於公共電腦。為此,我們提出了兩種能在網頁瀏覽器中,以一般使用者權限防止多種鍵盤側錄程式的方法,並分別將這兩種方法命名為QTE(Quick Time Event,快速反應事件)和Broker。 QTE法是利用在螢幕上顯示一些特別的提示,讓使用者知道何時可以輸入正確的密碼、何時可以隨意輸入以混淆鍵盤側錄程式,但又不會影響到原本的功能。儘管QTE法能成功混淆大部份的鍵盤側錄程式,但若攻擊者決定不惜成本地對螢幕錄影並人工分析,使用者的密碼仍有可能被猜測出來,這在要求機密的情境下並不完善;為此,我們另外提出了Broker法,讓使用者只需利用一個具有網路能力的裝置,就能經由Broker伺服器將資訊傳給公用電腦、並保證竊聽者無法獲得真正內容。相較於前人的研究,我們的方法不僅可以通用於各個網站,不需要對方支援;同時因為我們成功地把帳號和密碼分散儲存,因此,即使使用者的裝置或Broker伺服器被攻擊者入侵成功,使用者的隱私一樣不會被洩露出去。 Keystroke logging is one of the most widespread threats used for password theft in the world. In this paper, rather than detecting existing malwares or creating a trusted tunnel in the kernel, we present both QTE and Broker methods to safely input passwords in web browsers according to different scenarios. To fit real circumstances, we assume users have limited privileges on the untrusted public computers and they don’t want their passwords being eavesdropped; therefore, a user-space solution is proposed firstly as QTE method. The QTE method utilizes a canvas to cue users whether their input will be remembered or ignored by our add-on, which provides a chance for users to obfuscate keyloggers by tapping keyboards haphazardly. Despite QTE method is immune to most kernel, hypervisor, hardware, and second-channel keyloggers, it may be ineffective if screen recording is taken by attackers. To eliminate password leakage, the Broker method uses a second device and a Broker server to safely transfer information for users. In contract with previous works, our design successfully separates username and password so that even the second devices and the Broker servers are compromised, users won’t lose their private data to attackers. Furthermore, both methods we proposed can be applied to all websites without their support or users’ settings beforehand.
