Stark - Tamperproof Authentication to Resist Keylogging
نویسندگان
چکیده
The weakest link in software-based full disk encryption is the authentication procedure today. Since the master boot record must be present unencrypted in order to launch the decryption of remaining system parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging; consequently password-based authentication schemes become attackable. The current technological response, as enforced by BitLocker, ascertains the integrity of the boot process by use of the trusted platform module. But, as we show, this countermeasure is insufficient in
منابع مشابه
A Mutual Authentication Method for Internet of Things
Today, we are witnessing the expansion of various Internet of Things (IoT) applications and services such as surveillance and health. These services are delivered to users via smart devices anywhere and anytime. Forecasts show that the IoT, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020. Data security is one of the main concerns in the IoT. ...
متن کاملA secure email login system using virtual password
In today’s world password compromise by some adversaries is common for different purpose. In ICC 2008 Lei et al. proposed a new user authentication system based on the virtual password system. In virtual password system they have used linear randomized function to be secure against identity theft attacks, phishing attacks, keylogging attack and shoulder surfing system. In ICC 2010 Li’s given a ...
متن کاملUsing a Personal Device to Strengthen Password Authentication from an Untrusted Computer
Keylogging and phishing attacks can extract user identity and sensitive account information for unauthorized access to users’ financial accounts. Most existing or proposed solutions are vulnerable to session hijacking attacks. We propose a simple approach to counter these attacks, which cryptographically separates a user’s long-term secret input from (typically untrusted) client PCs; a client P...
متن کاملUsing a Personal Device to Strengthen Password Authentication from an Untrusted Computer (Revised March 2007)?
Keylogging and phishing attacks can extract user identity and sensitive account information for unauthorized access to users’ financial accounts. Most existing or proposed solutions are vulnerable to session hijacking attacks. We propose a simple approach to counter these attacks, which cryptographically separates a user’s long-term secret input from (typically untrusted) client PCs; a client P...
متن کاملA bilateral remote user authentication scheme that preserves user anonymity
Smart card-based authentication is one of the most widely used and practical solutions to remote user authentication. Compared to other authentication schemes, our proposed scheme aims to provide more functionalities and to resist well-known attacks. These crucial merits include (1) a user can freely choose and change his passwords; (2) our scheme provides mutual authentication between a server...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013