350 rub
Journal Highly available systems №2 for 2011 г.
Article in number:
On providing safe key access in systems with low security
Keywords: key access security against input interception
Authors:
R.R. Gilyazov, S.V. Smyshlyaev
Abstract:
In case of cryptographic software functioning in system with no possibility of an intruder-s presence in kernel the problem of secure input and storing secret keys from external devices can be solved by keeping key information in memory space that user mode modules are not possible to read. On the other hand, password protection is used for keys stored on external devices, thus there is a strong need to provide a secure path for password symbols input in the moment of loading secret keys into protected memory, since standard path of keyboard input can be intercepted by intruder modules in userspace. In the current paper the solution of such a problem is proposed in the following models: a) An intruder uses only userspace keyloggers to intercept password symbols. b) An intruder is in full control of the userspace. c) An intruder is in full control of the userspace and also is able to use hardware keyloggers or video surveillance tools to monitor every keyboard manipulation
Pages: 56-59
References
  1. Langweg H. Building a Trusted Path for Applications Using COTS Components. NATO Research and Technology Symposium IST-041/RSY-013 "Adaptive Defense in Unclassified Networks". 19 April. 2004.
  2. Гребенников Н. Клавиатурные шпионы. Варианты реализации кейлоггеров в ОС Windows, 2007, http://www.securelist.com.
  3. Руссинович М., Соломон Д. Внутреннее устройство Microsoft Windows: Windows Server 2003, Windows XP и Window 2000. М.: Питер. 4 издание. 2008.
  4. Холлунг Г., Батлер Дж. Руткиты: внедрение в ядро Windows. СПб.: Питер. 2007.
  5. Грушо А.А., Шумицкая Е.Л. Модель невлияния и скрытые каналы. Дискрет. матем. 2002. 14:1. С.11-16.