Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.4.187

Countermeasures to the Vulnerability of the Keyboard Hardware  

Jeong, Tae-Young (Soonchunhyang University)
Yim, Kang-Bin (Soonchunhyang University)
Abstract
This paper proposes an effective countermeasure to an intrinsic hardware vulnerability of the keyboard controller that causes sniffing problem on the password authentication system based on the keyboard input string. Through the vulnerability, some possible attacker is able to snoop whole the password string input from the keyboard even when any of the existing keyboard protection software is running. However, it will be impossible for attackers to gather the exact password strings if the proposed policy is applied to the authentication system though they can sniff the keyboard hardware protocol. It is expected that people can use secure Internet commerce after implementing and applying the proposed policy to the real environment.
Keywords
scan codes; H/W vulnerability; sniffing; password expose; keyboard controller; internal memory;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 임강빈, '키보드 보안', 유비쿼터스 정보보호 워크샵 2008, 2008년 5월
2 태커스(주), '가상 데이터 전송을 이용한 키보드 해킹 방지 장치 및 방법', 대한민국특허청, 등록번호:10-0735727, 2007년 6월
3 '키보드 해킹기법 및 대응기술 분석', 금융 ISAC, pp.8-10, 2005년 11월
4 David A. Solomon, 'Windows Internals', Microsoft Press, pp.340-344, Nov. 2006
5 'Enhanced Super I/O Controller with Keyboard/Mouse Wake-up', Standard Microsystems Corporation, pp.119-130, Mar. 2000
6 배광진, 임강빈, '키보드 보안의 근본적인 취약점분석', 한국정보보호학회 논문집 제18권 제3호, pp.89-95, 2008년 6월   과학기술학회마을
7 'PS/2 Model 50 and 60 Technical Reference', IBM Corporation, Chap.4, pp.7-l8, Apr. 1987