KKBB: Kernel Keylogger Bye-Bye

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：66

、訪客IP：3.145.19.202

姓名

洪健惟(Chien-wei Hung) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(KKBB: Kernel Keylogger Bye-Bye)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment	★ PrivacyGuard：A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

儘管偷竊隱私的手法不斷翻新，鍵盤側錄在實際的案例中仍是名列前茅。攻擊者可以藉由側錄程式得到使用者的密碼，並直接偽裝成使用者偷竊資訊，這在公用電腦上尤其可見。然而，目前的防禦措施仍因要求權限過高、速度緩慢、或是只適用於特定服務等問題，而無法廣泛應用於公共電腦。為此，我們提出了兩種能在網頁瀏覽器中，以一般使用者權限防止多種鍵盤側錄程式的方法，並分別將這兩種方法命名為QTE（Quick Time Event，快速反應事件）和Broker。
　　QTE法是利用在螢幕上顯示一些特別的提示，讓使用者知道何時可以輸入正確的密碼、何時可以隨意輸入以混淆鍵盤側錄程式，但又不會影響到原本的功能。儘管QTE法能成功混淆大部份的鍵盤側錄程式，但若攻擊者決定不惜成本地對螢幕錄影並人工分析，使用者的密碼仍有可能被猜測出來，這在要求機密的情境下並不完善；為此，我們另外提出了Broker法，讓使用者只需利用一個具有網路能力的裝置，就能經由Broker伺服器將資訊傳給公用電腦、並保證竊聽者無法獲得真正內容。相較於前人的研究，我們的方法不僅可以通用於各個網站，不需要對方支援；同時因為我們成功地把帳號和密碼分散儲存，因此，即使使用者的裝置或Broker伺服器被攻擊者入侵成功，使用者的隱私一樣不會被洩露出去。

摘要(英)

Keystroke logging is one of the most widespread threats used for password theft in the world. In this paper, rather than detecting existing malwares or creating a trusted tunnel in the kernel, we present both QTE and Broker methods to safely input passwords in web browsers according to different scenarios. To fit real circumstances, we assume users have limited privileges on the untrusted public computers and they don’t want their passwords being eavesdropped; therefore, a user-space solution is proposed firstly as QTE method.
　　The QTE method utilizes a canvas to cue users whether their input will be remembered or ignored by our add-on, which provides a chance for users to obfuscate keyloggers by tapping keyboards haphazardly. Despite QTE method is immune to most kernel, hypervisor, hardware, and second-channel keyloggers, it may be ineffective if screen recording is taken by attackers. To eliminate password leakage, the Broker method uses a second device and a Broker server to safely transfer information for users. In contract with previous works, our design successfully separates username and password so that even the second devices and the Broker servers are compromised, users won’t lose their private data to attackers. Furthermore, both methods we proposed can be applied to all websites without their support or users’ settings beforehand.

關鍵字(中)

★ 鍵盤側錄
★ 按鍵
★ 密碼
★ 安全
★ 監聽

關鍵字(英)

★ keylogger
★ keystroke logging
★ password
★ security
★ sniffer

論文目次

摘要
Abstract
Acknowledgements
Table of Contents
List of Figures
List of Tables
1. Introduction
2. Related Work
　2-1. Signature-Based Solutions
　2-2. Encryption and Decryption
　2-3. Graphical Password and On-Screen Keyboard
　2-4. One-Time Password
　2-5. Proxy Server
3. System Design
　3-1. QTE Method
　　3-1-1. Analysis
　　3-1-2. Preliminary QTE Utilization
　　3-1-3. Enhanced QTE Utilization
　3-2. Broker Method
　　3-2-1. Architecture Overview
　　3-2-2. Risk Analysis
4. Implementation
　4-1. QTE Method
　4-2. Broker Method
　　4-2-1. Broker Client
　　4-2-2. Second Device
　　4-2-3. Broker Server
5. Evaluation
　5-1. Experiments
　5-2. Estimated Attacking Time
6. Conclusions
　6-1. Contributions
　6-2. Future Work
References

參考文獻

﹝1﹞ Symantec, Symantec Internet Security Threat Report: Trends for 2010, 2011.
﹝2﹞ BBC News, UK police foil massive bank theft, BBC News, March 17, 2005.
﹝3﹞ InfoWatch, Global Data Leakage Report 2010, 2011.
﹝4﹞ Perry S. Kivolowitz, A Program To Allow ANYONE To Crack Unix (4.1 and 2), Available from: http://securitydigest.org/unix/archive/006, November 17, 1983.
﹝5﹞ Stefano Ortolani, Cristiano Giuffrida, and Bruno Crispo, Bait your hook: a novel detection technique for keyloggers, Proceedings of the 13th international conference on Recent advances in intrusion detection, Ottawa, Ontario, Canada, 2010.
﹝6﹞ Wuul, Log This!, 2008.
﹝7﹞ Wuul, AntiKeylogger, 2007.
﹝8﹞ SpyReveal, SpyReveal, 2009.
﹝9﹞ Fabian Mihailowitsch, Detecting Hardware Keylogger, 2010.
﹝10﹞ Frank J. Cini, Keystroke Encryption System, Application Number: 20100195825, 2010.
﹝11﹞ Michael Kassner, KeyScrambler: How keystroke encryption works to thwart keylogging threats, Available from: http://www.techrepublic.com/blog/security/keyscrambler-how-keystroke-encryption-works-to-thwart-keylogging-threats/4648, October 25, 2010.
﹝12﹞ A. Young and Yung Moti, Deniable password snatching: on the possibility of evasive electronic espionage, IEEE Symposium on Security and Privacy, pp. 224-235, 1997.
﹝13﹞ Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter, Bump in the ether: a framework for securing sensitive user input, Proceedings of the annual conference on USENIX '06 Annual Technical Conference, Boston, MA, 2006.
﹝14﹞ R. L. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems", Communications of the ACM, 21, 2, pp. 120-126, 1978.
﹝15﹞ M. Hirano, et al., T-PIM: Trusted Password Input Method against Data Stealing Malware, International Conference on Information Technology, pp. 429-434, 2009.
﹝16﹞ K. Chen, Reversing and Exploiting an AppleR Firmware Update, Black Hat, Las Vegas, Nevada, 2009.
﹝17﹞ Li Zhuang, Feng Zhou, and J. D. Tygar, Keyboard acoustic emanations revisited, Proceedings of the 12th ACM conference on Computer and communications security, Alexandria, VA, USA, 2005.
﹝18﹞ Yigael Berger, Avishai Wool, and Arie Yeredor, Dictionary attacks using keyboard acoustic emanations, Proceedings of the 13th ACM conference on Computer and communications security, Alexandria, Virginia, USA, 2006.
﹝19﹞ Andrew Kelly, Cracking Passwords using Keyboard Acoustics and Language Modeling, The University of Edinburgh, Master, 2010.
﹝20﹞ Martin Vuagnoux and Sylvain Pasini, Compromising electromagnetic emanations of wired and wireless keyboards, Proceedings of the 18th conference on USENIX security symposium, Montreal, Canada, 2009.
﹝21﹞ Kehuan Zhang and XiaoFeng Wang, Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems, Proceedings of the 18th conference on USENIX security symposium, Montreal, Canada, 2009.
﹝22﹞ Andrea Barisani and Daniele Bianco, Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage, DEFCON 17, Riviera Hotel and Casino, 2009.
﹝23﹞ M. N. Doja and N. Kumar, Image Authentication Schemes against Key-Logger Spyware, ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, pp. 574-579, 2008.
﹝24﹞ Hu Wei, Wu Xiaoping, and Wei Guoheng, The Security Analysis of Graphical Passwords, International Conference on Communications and Intelligence Information Security, pp. 200-203, 2010.
﹝25﹞ Elizabeth Stobert, et al., Exploring usability effects of increasing security in click-based graphical passwords, Proceedings of the 26th Annual Computer Security Applications Conference, Austin, Texas, 2010.
﹝26﹞ Amos P. Waterland, Secure password entry, Application Number: 10/849,610, 2009.
﹝27﹞ Kaspersky Lab., Kaspersky Internet Security 2009 includes a virtual keyboard that enables users to enter logins and passwords safely, Available from: http://www.kaspersky.com/news?id=207575675, August 22, 2008.
﹝28﹞ Douglas Hoover, Method and apparatus for secure entry of access codes in a computer environment, US Patent No. 6,209,102, Application Number: 09/249,043, 2001.
﹝29﹞ Jake Brill, More Ways to Stay Secure, Available from: http://blog.facebook.com/blog.php?post=436800707130.
﹝30﹞ Nishit Shah, Advanced sign-in security for your Google account, Available from: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html.
﹝31﹞ Min Wu, Simson Garfinkel, and Rob Miller, Secure Web Authentication with Mobile Phones, DIMACS Workshop on Usable Privacy and Security Software, 2004.
﹝32﹞ A. Pashalidis and C. J. Mitchell, Impostor: a single sign-on system for use from untrusted devices, IEEE GLOBECOM, pp. 2191-2195 Vol.4, 2004.
﹝33﹞ Eric Gieseke and John McLaughlin, Title, Available from: http://simson.net/ref/2004/csci_e-170/handouts/final/egieseke-john_mclaughlin_paper.pdf, Harvard University Extension, 2005.
﹝34﹞ A. Pashalidis, Accessing Password-Protected Resources without the Password, WRI World Congress on Computer Science and Information Engineering, pp. 66-70, 2009.
﹝35﹞ Florencio Dinei and Herley Cormac, KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy, Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual, pp. 67-76, 2006.
﹝36﹞ Tim Rogers, Full Reactive Eyes Entertainment, Game Developer, December, 2010.
﹝37﹞ Radicati Group, Email Statistics Report, 2010-2014, 2010.
﹝38﹞ KZero, Virtual Worlds 2011+, 2011.
﹝39﹞ Miniwatts Marketing Group, World Internet Usage abd Population Statistics, Available from: http://www.internetworldstats.com/stats.htm, March 31, 2011.
﹝40﹞ National Institute of Standards and Technology, Advanced Encryption Standard, Federal Information Processing Standards-197, USA, 2001.
﹝41﹞ Inc. Apple Computer, Mozilla Foundation, and Opera Software ASA., HTML Living Standard, http://www.whatwg.org, 2011.
﹝42﹞ Damballa, Top 10 Botnet Threat Report - 2010, 2011.

指導教授

許富皓(Fu-hau Hsu)

審核日期

2011-7-24

推文