• Title/Summary/Keyword: secure keyboard software

Search Result 5, Processing Time 0.018 seconds

Vulnerability Assessment on the Secured USB Keyboard (보안 USB 키보드의 데이터 탈취 가능성 진단)

  • Lee, Kyung-Roul;Yim, Kang-Bin
    • Journal of Internet Computing and Services
    • /
    • v.12 no.5
    • /
    • pp.39-46
    • /
    • 2011
  • The user authentication on the security applications is one of the most important process. Because character based password is commonly used for user authentication, it is most important to protect the keyboard. Due to the reason, several software solutions for keyboard security have been applied to critical sites. This paper introduces vulnerabilities to the commonly used USB keyboard, implements a sample code using the vulnerabilities and evaluates the possibility for the keyboard data to be stolen in the guarded environment. Through the comparison of the result, a countermeasure to the vulnerabilities is proposed.

Countermeasures to the Vulnerability of the Keyboard Hardware (키보드컨트롤러의 하드웨어 취약점에 대한 대응 방안)

  • Jeong, Tae-Young;Yim, Kang-Bin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.4
    • /
    • pp.187-194
    • /
    • 2008
  • This paper proposes an effective countermeasure to an intrinsic hardware vulnerability of the keyboard controller that causes sniffing problem on the password authentication system based on the keyboard input string. Through the vulnerability, some possible attacker is able to snoop whole the password string input from the keyboard even when any of the existing keyboard protection software is running. However, it will be impossible for attackers to gather the exact password strings if the proposed policy is applied to the authentication system though they can sniff the keyboard hardware protocol. It is expected that people can use secure Internet commerce after implementing and applying the proposed policy to the real environment.

A Rolling Image based Virtual Keyboard Resilient to Spyware on Smartphones (스마트폰 환경에서 스파이웨어에 저항하는 동적 이미지 기반 가상 키보드 기법)

  • Na, Sarang;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.6
    • /
    • pp.1219-1223
    • /
    • 2013
  • Due to the fundamental features of smartphones, such as openness and mobility, a great deal of malicious software including spyware can be installed more easily. Since spyware can steal user's sensitive information and invade privacy, it is necessary to provide proper security mechanisms like secure virtual keyboards. In this paper, we propose a novel password input system to resist spyware and show how effectively it can reduce the threats.

Analysis of an Intrinsic Vulnerability on Keyboard Security (키보드 보안의 근본적인 취약점 분석)

  • Yim, Kang-Bin;Bae, Kwang-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.3
    • /
    • pp.89-95
    • /
    • 2008
  • This paper analyzes the intrinsic vulnerability problems of the authentication system for Internet commerce based on the ID and password strings gathered from the computer keyboard. Through the found vulnerability, it is easy to sniff user passwords as well as any other keyboard inputs even when each of the existing keyboard protection softwares is running. We propose several countermeasures against the possible attacks to the vulnerability at both points of the hardware and the software concerns. The more secure environment for Internet commerce is highly required by implementing the proposed countermeasures.

Secure Human Authentication with Graphical Passwords

  • Zayabaatar Dagvatur;Aziz Mohaisen;Kyunghee Lee;DaeHun Nyang
    • Journal of Internet Technology
    • /
    • v.20 no.4
    • /
    • pp.1247-1260
    • /
    • 2019
  • Both alphanumeric and graphical password schemes are vulnerable to the shoulder-surfing attack. Even when authentication schemes are secure against a single shoulder-surfing attack round, they can be easily broken by intersection attacks, using multiple shoulder-surfing attacker records. To this end, in this paper we propose a graphical password-based authentication scheme to provide security against the intersection attack launched by an attacker who may record the user's screen, mouse clicks and keyboard input with the help of video recording devices and key logging software. We analyze our scheme's security under various threat models and show its high security guarantees. Various analysis, usability studies and comparison with the previous work highlight our scheme's practicality and merits.