Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.3.177

Analysis on a New Intrinsic Vulnerability to Keyboard Security  

Lee, Kyung-Roul (Dept. of Information Security Engineering, Soonchunhyang University)
Yim, Kang-Bin (Dept. of Information Security Engineering, Soonchunhyang University)
Abstract
This paper introduces a possibility for attackers to acquire the keyboard scan codes through using the RESEND command provided by the keyboard hardware itself, based on the PS/2 interface that is a dominant interface for input devices. Accordingly, a keyboard sniffing program using the introduced vulnerability is implemented to prove the severeness of the vulnerability, which shows that user passwords can be easily exposed. As one of the intrinsic vulnerabilities found on the existing platforms, for which there were little considerations on the security problems when they were designed, it is required to consider a hardware approach to countermeasure the introduced vulnerability.
Keywords
keyboard sniff; password authentication; hardware vulnerability; RESEND command;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 태커스(주), "가상 데이터 전송을 이용한 키보드 해킹 방지 장치 및 방법," 대한민국특허청, 등록번호:10-0735727, 2007년 6월.
2 Kyungroul Lee, Kwangjin Bae, and Kangbin Yim, "Hardware approach to solving password exposure problem through keyboard sniff," Proceedings of the ACADEMIC SCIENCE RESEARCH (WASET), pp. 23-25, Oct. 2009.
3 임강빈, "키보드 보안," 2008년도 한국정보보호학회 유비쿼터스 정보보호워크샵, pp.13-25, 2008년 5월.
4 배광진, 임강빈, "키보드 보안의 근본적인 취약점 분석," 한국정보보호학회 논문지, 18(3), pp. 89-95, 2008년 6월.
5 Kangbin Yim, "A fix to the HCI specification to evade ID and password exposure by USB sniff," Proceedings of the APIC-IST 2008, pp. 191-194, Dec. 2008.
6 Frank V.Gilluwe, "The undocumented PC," Addison Wesley, pp. 261, 1994.
7 Linda D. Paulsoin, "Key snooping technology causes controversy," IEEE Computer, pp. 27, Mar. 2002.
8 최성욱, 김기태, "안전하고 신뢰성 있는 전자상거래를 위한 키보드 입력 보안시스템의 설계 및 구현," 한국정보처리학회 논문지, 13-C(1), pp. 55-62, 2006년 2월.
9 Tom Shanley, "ISA system architecture," Mindshare Press, pp. 407-414, 1993.
10 Michael Tischer, "PC intern: system programming," Abacus, pp. 292, 1995.
11 Sanchez, IBM PC/AT technical reference, IBM Corporation, 1985.
12 Kangbin Yim, "A new noise mingling approach to protect the authentication password," IEEE CICIS 2010 Conference, pp. 839-842, Feb. 2010.
13 Daniel G. Treat, "Keyboard encryption outlining ways to pad yourself with protection," IEEE Prtential, pp. 40-42, Aug. 2002.
14 "PS/2 model 50 and 60 technical reference," IBM Corporation, Chap.4, pp. 7-18, Apr. 1987.
15 배광진, 이경률, 임강빈, "디버그 트랩 기반 접근 감시 기술의 취약성 분석," 2009년도 한국정보보호학회 하계학술대회, 19(1), pp. 64-68, 2009년 6월.
16 "Enhanced super I/O controller with keyboard/mouse wake-up," Standard Microsystems Corporation, pp. 119-130, Mar. 2000.
17 정태영, 임강빈, "키보드컨트롤러의 하드웨어 취약점에 대한 대응 방안," 한국정보보호학회 논문지, 18(4), pp. 187-194, 2008년 8월.