How to secure the Keyboard Chain

Presented at DEF CON 23 (2015), Aug. 7, 2015, 4:30 p.m. (30 minutes)

Keyloggers are hardware or software tools that record keystrokes. They are an overlooked threat to the computer security and user's privacy. As they are able to retrieve all sensitive information typed on a keyboard in an almost invisibly way , they need to be seriously considered both for companies and individuals. Almost all the security measures against keyloggers are post-active and static.

*So what if the solution were to be proactive, and use the same technology as keyloggers do, in order to fool them ? This is all about this presentation, a way of fooling all known and unknown keyloggers (physicals, kernel-mode and user-mode) through a kernel mode driver developed under Windows. The technical details will be presented during the presentation, as well as the results and propositions.

Basically, the idea is to use a kernel mode driver which encrypts each keyboard key hit, at a very low level in the system (near the driver port). The encryption is made according to a common key, exchanged with a client application which needs to ensure that the entered text is secured and not recorded. After the driver has encrypted a key, it spreads it to the entire system. Thus, only the client application, holding the encryption key, can decrypt the keyboard key. In this way, the whole system is fooled.


Presenters:

  • Baptiste David - Engineer from IT Engineer School - ESIEA in Laval, France
    Baptiste David is a computer science engineer who has been working for the CVO laboratory for many years. His research areas are based on operational and offensive computer security for protection of critical systems. He is specialized n reverse engineering, kernel development and malware analysis. He has especially worked on GostCrypt and many antivirus project for many years. He made numerous conferences all over the world about security and offensive techniques.
  • Paul Amicelli - Student from IT Engineering School - ESIEA in Laval, France
    Paul Amicelli is a French engineering student at ESIEA, an IT Engineering School in Laval, France. Fascinated by the world of computer security, he is currently involved as a student researcher in the Operational Cryptology and Virology research lab of its school, where some projects like the encryption solution Gostcrypt, in which he is taking part of, are developed. Prior to that, he has done a two-year preparatory class for the Grandes Ecoles in mathematics and physics (CPGE).

Links:

Similar Presentations: