Vulnerability Analysis and Security Assessment of Secure Keyboard Software to Prevent PS/2 Interface Keyboard Sniffing

Lee, Kyungroul; Yim, Kangbin

doi:10.3390/s23073501

Cited by 4 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the early days of computer development, the CPU performed all input and output processes on its own. However, for performance efficiency, the CPU was improved to prepare a separate interrupt table and handler and process it based on the prepared routine when an interrupt occurs [ 13 ]. Here, to efficiently handle interrupts, the tables and handlers prepared in advance were named interrupt table (IDT, Interrupt Descriptor Table), interrupt routine (ISR, Interrupt Service Routine), and interrupt handler, respectively.…”

Section: Prior Knowledge and Related Workmentioning

confidence: 99%

“…In the early days of computer development, the CPU performed all input and output processes on its own. However, for performance efficiency, the CPU was improved to prepare a separate interrupt table and handler and process it based on the prepared routine when an interrupt occurs [13]. Here, to efficiently handle interrupts, the The keyboard is an external input device that transfers the scan code corresponding to the key matrix inputted by the user to the CPU through the system bus, and the keyboard data is processed as an interrupt [12].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Keyboard Data Protection Technique Using GAN in Password-Based User Authentication: Based on C/D Bit Vulnerability

Lee,

Jeong,

Lee

2024

Sensors

Self Cite

View full text Add to dashboard Cite

In computer systems, user authentication technology is required to identify users who use computers. In modern times, various user authentication technologies, including strong security features based on ownership, such as certificates and security cards, have been introduced. Nevertheless, password-based authentication technology is currently mainly used due to its convenience of use and ease of implementation. However, according to Verizon’s “2022 Data Breach Investigations Report,” among all security incidents, security incidents caused by password exposures accounted for 82%. Hence, the security of password authentication technology is important. Consequently, this article analyzes prior research on keyboard data attacks and defense techniques to draw the fundamental reasons for keyboard data attacks and derive countermeasures. The first prior research is about stealing keyboard data, an attack that uses machine learning to steal keyboard data to overcome the limitations of a C/D bit attack. The second prior research is an attack technique that steals keyboard data more efficiently by expanding the features of machine learning used in the first prior research. In this article, based on previous research findings, we proposed a keyboard data protection technique using GAN, a Generative Adversarial Network, and verified its feasibility. To summarize the results of performance evaluation with previous research, the machine learning-based keyboard data attack based on the prior research exhibited a 96.7% attack success rate, while the study’s proposed method significantly decreased the attack success rate by approximately 13%. Notably, in all experiments, the average decrease in the keyboard data classification performance ranged from a minimum of −29% to a maximum of 52%. When evaluating performance based on maximum performance, all performance indicators were found to decrease by more than 50%.

show abstract

Section: Prior Knowledge and Related Workmentioning

confidence: 99%

“…In the early days of computer development, the CPU performed all input and output processes on its own. However, for performance efficiency, the CPU was improved to prepare a separate interrupt table and handler and process it based on the prepared routine when an interrupt occurs [13]. Here, to efficiently handle interrupts, the The keyboard is an external input device that transfers the scan code corresponding to the key matrix inputted by the user to the CPU through the system bus, and the keyboard data is processed as an interrupt [12].…”

Section: Introductionmentioning

confidence: 99%

Keyboard Data Protection Technique Using GAN in Password-Based User Authentication: Based on C/D Bit Vulnerability

Lee,

Jeong,

Lee

2024

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…Other researchers proposed a USB-based attacks taxonomy with a more granular approach by creating different bases that cover adversary intentions, object of impact, attack mechanism, level of secrecy, level of complexity, assets, and so forth [12]. A recent study discusses attacks on keyboard-firmware attacks in the banking sector, where vulnerable software inside keyboard controllers is used to sniff sensitive data [13]. As follows, this highlighted the need for secure USB protocols and firmware-verification mechanisms.…”

mentioning

confidence: 99%

A Deep-Learning-Based Approach to Keystroke-Injection Payload Generation

Gurčinas,

Dautartas,

Janulevičius

et al. 2023

Electronics

View full text Add to dashboard Cite

Investigation and detection of cybercrimes has been in the spotlight of cybersecurity research for as long as the topic has existed. Modern methods are required to keep up with the pace of the technology and toolset used to facilitate these crimes. Keystroke-injection attacks have been an issue due to the limitations of hardware and software up until recently. This paper presents comprehensive research on keystroke-injection payload generation that proposes the use of deep learning to bypass the security of keystroke-based authentication systems focusing on both fixed-text and free-text scenarios. In addition, it specifies the potential risks associated with keystroke-injection attacks. To ensure the legitimacy of the investigation, a model is proposed and implemented within this context. The results of the implemented implant model inside the keyboard indicate that deep learning can significantly improve the accuracy of keystroke dynamics recognition as well as help to generate effective payload from a locally collected dataset. The results demonstrate favorable accuracy rates, with reported performance of 93–96% for fixed-text scenarios and 75–92% for free-text. Accuracy across different text scenarios was achieved using a small dataset collected with the proposed implant model. This dataset enabled the generation of synthetic keystrokes directly within a low-computation-power device. This approach offers efficient and almost real-time keystroke replication. The results obtained show that the proposed model is sufficient not only to bypass the fixed-text keystroke dynamics system, but also to remotely control the victim’s device at the appropriate time. However, such a method poses high security risks when deploying adaptive keystroke injection with impersonated payload in real-world scenarios.

show abstract

LightTouch: Harnessing Laser-Based Signal Injection to Manipulate Optical Human-Computer Interfaces

Tanaka,

Rampazzi,

Sugawara

2024

IEEE Access

View full text Add to dashboard Cite

Vulnerability Analysis and Security Assessment of Secure Keyboard Software to Prevent PS/2 Interface Keyboard Sniffing

Cited by 4 publications

References 15 publications

Keyboard Data Protection Technique Using GAN in Password-Based User Authentication: Based on C/D Bit Vulnerability

Keyboard Data Protection Technique Using GAN in Password-Based User Authentication: Based on C/D Bit Vulnerability

A Deep-Learning-Based Approach to Keystroke-Injection Payload Generation

LightTouch: Harnessing Laser-Based Signal Injection to Manipulate Optical Human-Computer Interfaces

Contact Info

Product

Resources

About