[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Most common keystroke loggers?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: RE: [Full-disclosure] Most common keystroke loggers?
From: "John Smith" <jsmith1001@xxxxxxxx>
Date: Tue, 06 Dec 2005 12:35:31 -0500

I'm sure there are problems with this, but here's my idea of preventing
improper authentication. At best, I think the attacker would only be able
to DoS the device, or attempt replay - which would fail without the
correct time-delay. I think some kind of two-part blackbox auth with time
delay was what I was trying to get at :)


**   = an event
<--> = any traffic that crosses USB peripheral border, ie vulnerable data
[KP] = USB (for instance) input peripheral, with keycode entry pad
[RS] = Remote authentication site


 **[KP] is intialized upon deployment like a SecurId. It is synced with
the auth server based on time, and several static algorithms.


 **[RS] is on the same time as [KP]

 **[RS] knows [KP] time-delay algorithm, and control algorithm, assoc.
w/KPID.

 **

>Upon being plugged in, heres what would happen:


[KP] -- Remote auth SYN request, w/encrypted KPID sent --> [RS]


 **[RS] determines what time-delay algorithm [KP] is on by KPID. (KPID
encryption is static to all components - possible point of failure.)


[KP] <--------------------- ACK sent back ---------------- [RS]


[KP] <--- Traffic averages analysis between KP and RS ---> [RS]


 **[KP] flashes green light to user

 **[KP] <-- User enters Keycode ------- [USER]

 **[KP] calculates two hashes, based on separate date/time sequence
selected algorithms that are created using the current synced time, and a
unique control algorithm determined during intialization.


[KP] --------- transmits first hash sequence to ---------> [RS]


 **[KP] waits x cycles based on a unique time-delay algorithm [RS] knows
by KPID.


[KP] --- transmits second hash sequence to [RS] ---------> [RS]

 **[RS] uses earlier traffic analysis to determine an acceptable level of
tolerance for receipt time, and determines consistency with time-delay
algorithm for KPID.

 **[RS] authenticates data

[KP] <----- Close session, pass/fail errout to KP -------- [RS]

 **[KP] shuts down USB port, no further traffic until reset (several ways
to do that)

[Compromised PC] <------------- Session ------------------ [RS]

What do you think?

-- 
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- RE: [Full-disclosure] Most common keystroke loggers?
  - From: Lyal Collins

Prev by Date: Re: [lists] Re: [Full-disclosure] IT security professionals in demand in 2006
Next by Date: Re: [Full-disclosure] Packet sniffing help needed
Previous by thread: RE: [Full-disclosure] Most common keystroke loggers?
Next by thread: RE: [Full-disclosure] Most common keystroke loggers?
Index(es):
- Date
- Thread