Hardware Approach to Solving Password Exposure Problem through Keyboard Sniff

This paper introduces a hardware solution to password exposure problem caused by direct accesses to the keyboard hardware interfaces through which a possible attacker is able to grab user-s password even where existing countermeasures are deployed. Several researches have proposed reasonable software based solutions to the problem for years. However, recently introduced hardware vulnerability problems have neutralized the software approaches and yet proposed any effective software solution to the vulnerability. Hardware approach in this paper is expected as the only solution to the vulnerability

Authors:

• Kyungroul Lee
• Kwangjin Bae
• Kangbin Yim

Keywords:

• Keyboard sniff
• password exposure
• hardware vulnerability
• privacy problem
• insider security.

References:

[1] Taeyoung Jung, Kangbin Yim, "Countermeasures to the Vulnerability of
the Keyboard Hardware," Journal of the Korea Information Security and
Cryptology, Vol. 18, No. 4, pp.187-194, Aug., 2008.
[2] Kwangjin Bae, Kangbin Yim, "Analysis of an Intrinsic Vulnerability on
Keyboard Security," Journal of the Korea Information Security and
Cryptology, Vol. 18, No. 3, pp.89-95, Jun., 2008.
[3] Kangbin Yim, "A fix to the HCI specification to evade ID and password
exposure by USB sniff," Proceedings of APIC-IST 2008, pp.191-194,
2008.12.18-19.
[4] Taeyoung Jung, Kangbin Yim, "A new image-based login method against
keyboard sniff," Review of the Korea Information Security and
Cryptology, Jun., 2008.
[5] Kangbin Yim, "Keyboard Security," Workshop on Ubiquitous
Information Security, May, 2008.
[6] Linda D. Paulson, Key "Snooping Technology Causes Controversy,"
IEEE Computer, pp.27, Mar. 2002.