Keyblock: a software architecture to prevent keystroke injection attacks

C. David B. Borges; J. Rafael B. de Araujo; Robson L. de Couto; A. Márcio A. Almeida

doi:10.5753/sbseg.2017.19526

C. David B. Borges UFC
J. Rafael B. de Araujo UFC
Robson L. de Couto UFC
A. Márcio A. Almeida UFC

DOI: https://doi.org/10.5753/sbseg.2017.19526

Resumo

This work investigates a solution to mitigate the threat of keystroke injection attacks. Current defense mechanisms often require relatively expensive hardware and time consuming configuration. We describe and test the effectiveness of a software layer between USB input hardware and processes. Our software, Keyblock, intercepts events from newly connected devices and uses keystroke dynamics analysis to detect whether an attack is in course. By detecting and immediately disabling devices with anomalous typing patterns, Keyblock provides a software-only automatic solution to prevent keystroke injection.

Referências

Atmel (2015). Atmega32u4 datasheet. [Available] http://www.atmel.com/Images/Atmel-7766-8-bit-AVR-ATmega16U4-32U4 Datasheet.pdf [Access 30-07-2017].

Barbhuiya, F. A., Saikia, T., and Nandi, S. (2012). An anomaly based approach for hid attack detection using keystroke dynamics. In Proceedings of the 4th International Conference on Cyberspace Safety and Security, CSS’12, pages 139–152, Berlin, Heidelberg. Springer-Verlag.

Beznosov, K. (2015). Computer security: Principles of designing secure systems. [Available] http://courses.ece.ubc.ca/cpen442/sessions/08-design-principles.pdf [Access 30-07-2017].

Calot, E. P. (2015). Keystroke dynamics keypress latency dataset. Database.

El-Abed, M., Dafer, M., and Khayat, R. E. (2014). Rhu keystroke: A mobile-based benchmark for keystroke dynamics systems. In 2014 International Carnahan Conference on Security Technology (ICCST), pages 1–4.

GData (2014). Usb keyboard guard: How to be sicher from usb attacks. [Available] https://www.gdatasoftware.com/en-usb-keyboard-guard [Access 30-07-2017].

Griscioli, F., Pizzonia, M., and Sacchetti, M. (2016). Usbcheckin: Preventing badusb attacks by forcing human-device interaction. In 2016 14th Annual Conference on Privacy, Security and Trust (PST), pages 493–496.

Kang, M. and Saiedian, H. (2015). Usbwall: A novel security mechanism to protect against maliciously reprogrammed usb devices. Information Security Journal: A Global Perspective.

Keyblock (2017). Keyblock. [Available] https://github.com/cosmonautd/Keyblock [Access 17-10-2017].

Killourhy, K. S. and Maxion, R. A. (2009). Comparing anomaly-detection algorithms for keystroke dynamics. In 2009 IEEE/IFIP International Conference on Dependable Systems Networks, pages 125–134.

Loe, E. L., Hsiao, H. C., Kim, T. H. J., Lee, S. C., and Cheng, S. M. (2016). Sandusb: An installation-free sandbox for usb peripherals. In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pages 621–626.

McGraw, G. (2013). Thirteen principles to ensure enterprise system security. [Available] [link]. [Access 30-07-2017].

SRLabs (2014). Badusb: On accessories that turn evil. [Availbale] https://srlabs.de/wpcontent/uploads/2014/11/SRLabs-BadUSB-Pacsec-v2.pdf [Access 30-07-2017].

Tian, D. J., Bates, A., and Butler, K. (2015). Defending against malicious usb firmware with goodusb. In Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC 2015, pages 261–270, New York, NY, USA. ACM.

Trojahn, M. and Ortmeier, F. (2013). Toward mobile authentication with keystroke dynamics on mobile phones and tablets. In 2013 27th International Conference on Advanced Information Networking and Applications Workshops, pages 697–702.