How to secure the keyboard chain

Similar documents
Online Mission Office Database Software

Introduction to Polytheism

DALI power line communication

Family Search Family Tree 101

Welcome to Breeze Fairview Baptist s Church Management Software

Organizational Identity Who Are We?

Data Sharing and Synchronization using Dropbox

Application for curing ailments through mudra science

P2P Content Distribution BitTorrent and Spotify

Soaring Ahead Together Really? Installation Program

Gateway Developer Guide

Grids: Why, How, and What Next

HOW TO WRITE AN NDES POLICY MODULE

From Machines To The First Person

CHILDREN S CHURCH FEBRUARY 2018 LESSON PLAN

Agnostic KWIK learning and efficient approximate reinforcement learning

Gaia Fading. Jana Zufic Ars.Polis A. Butorac 9, HR Porec, Croatia

Ankit Fadia Torn Apart. July 11, TAUFEEQ ELAHI w w w. t a u f e e q. c o m

Quorum Website Terms of Use

Videoconferencing Solution. Presented by Eric Upchurch, Sr. IT Manager, IT Solutions May 12, 2015

AAC: Past, Present, & Future

2018 Unit Charter Renewal Guide

Basic Algorithms Overview

Why use perfect money and what are its benefits?

The Development of Knowledge and Claims of Truth in the Autobiography In Code. When preparing her project to enter the Esat Young Scientist

Du parchemin aux big data: naviguer sans carte dans les données? Journées du SITG 2016

TECHNICAL WORKING PARTY ON AUTOMATION AND COMPUTER PROGRAMS. Twenty-Fifth Session Sibiu, Romania, September 3 to 6, 2007

Boethius, The Consolation of Philosophy, book 5

GUARD YOURSELVES FROM IDOLS First John 5:13-15, 18-21

The Da RSA Code. John Saaumson

5.6.1 Formal validity in categorical deductive arguments

Downloaded from: justpaste.it/crazypants. nada, zero. me DEAD.

Features ADDICT - V3. DALI AC mains immunity with warning, higher DALI line ~20VDC, more efficient with longer battery life, a

Where to get help. There are many ways you can get help as you gather family history information

ABB STOTZ-KONTAKT GmbH ABB i-bus KNX DGN/S DALI Gateway for emergency lighting

(i) Morality is a system; and (ii) It is a system comprised of moral rules and principles.

1 Wonderful, Merciful Savior

VBS 2014 Agency D3 Missions Rotation

HBLU Explanation of the Enneagram Operating System. Judith A. Swack, Copyright 2003

Gesture recognition with Kinect. Joakim Larsson

Reports to: Rocky Mountain Mobilization Manager DEPARTMENT / FUNCTIONAL GROUP: Mobilization / Resources Group

Pairing Student Canvas Accounts with ALEKS Through MH Campus

Time Zones : Your Key To Control (Spanish Language Edition) By Kabbalist Rav Berg READ ONLINE

What is belief, such that first person authority can exist?

Whatever happened to cman?

CBeebies. Part l: Key characteristics of the service

MH Campus: Institution Pairing

DVC Mathematics HBA. ENTER your 10 digit course code. This should be on your syllabus. 12/18/11. spring

COS 226 Algorithms and Data Structures Fall Midterm

SPIRARE 3 Installation Guide

ERKAMETER E INNOVATION MEETS DESIGN

How to Destroy a Community

APAS assistant flexible production assistant

From the Director's Desk JANUARY 2015 On The Importance of the "Abrahamic Covenant"

Book Of Mormon Teacher Resource Manual Pdf

COMMITTEE HANDBOOK WESTERN BRANCH BAPTIST CHURCH 4710 HIGH STREET WEST PORTSMOUTH, VA 23703

An Efficient Indexing Approach to Find Quranic Symbols in Large Texts

An Easy Retail Management System

Aleks Week Access Code

Sorting: Merge Sort. College of Computing & Information Technology King Abdulaziz University. CPCS-204 Data Structures I

Gerald s Column. by Gerald Fitton. This month I want to discuss Paul s aim for the future of Archive.

completely uniform and flawless nothing about it is spontaneous! Nothing is voluntary. Everything bends to the central will: the project

A New Parameter for Maintaining Consistency in an Agent's Knowledge Base Using Truth Maintenance System

General Authorities; General Auxiliary Presidencies; Area Seventies; Stake, Mission, and District Presidents; Bishops and Branch Presidents

INFORMATION FOR DVC MATH STUDENTS in Math 75, 110, 120, 121, 124 and 135 Distance Education Hours by Arrangement (HBA) - Summer 2010

Six Sigma Prof. Dr. T. P. Bagchi Department of Management Indian Institute of Technology, Kharagpur. Lecture No. # 18 Acceptance Sampling

An Analysis of Artificial Intelligence in Machines & Chinese Room Problem

Jihadism and cryptography

Payment Card Industry (PCI) Qualified Integrators and Resellers

CBeebies. Part l: Key characteristics of the service

2.1 Review. 2.2 Inference and justifications

Paul De Palma. I feel slightly nervous and very humbled to follow such an eloquent speaker.

Chattha Sangayana CD. Dhananjay Chavan, Vipassana Research Institute, India

Berkeley Avenue Baptist Church Church Calendar Scheduling and Facility Use Policies

Thank you for your interest in employment with Cleveland Avenue Baptist Church The application may be mailed to P.O. Box Kansas City, MO 64106

1/17/2018 ECE 313. Probability with Engineering Applications Section B Y. Lu. ECE 313 is quite a bit different from your other engineering courses.

correlated to the Massachussetts Learning Standards for Geometry C14

Joseph And The Amazing Technicolor Dreamcoat Vocal Score

Artificial Intelligence. Clause Form and The Resolution Rule. Prof. Deepak Khemani. Department of Computer Science and Engineering

ALEKS. Pairing Student LMS Accounts with ALEKS

Carolina Bachenheimer-Schaefer, Thorsten Reibel, Jürgen Schilder & Ilija Zivadinovic Global Application and Solution Team

LOMBARD POLICE DEPARTMENT RESPONSE LETTER TO REQUESTOR

SUNDAY WORSHIP KEEPING UP! INVOCATION The prayer that formally opens the worship experience asking for God s blessing SONGS OF PRAISE

Testimony on Redistricting

Using Tableau Software to Make Data Available On-Line December 14, 2017

Teaching Baptism To Children Activities

April News

Social Context. Social Context

Kant Lecture 4 Review Synthetic a priori knowledge

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK UNITED STATES OF AMERICAS : Plaintiff, : July 4, 2009 Defendant. :

A Practical Guide To TPM 2.0: Using The Trusted Platform Module In The New Age Of Security By Will Arthur READ ONLINE

Stewardship of Service volunteer your time and talents

terrible! The subscripts were in a different style from the large letters, for example, and the spacing was very bad. You

APRIL 2017 KNX DALI-Gateways DG/S x BU EPBP GPG Building Automation. Thorsten Reibel, Training & Qualification

Response to the Proposal to Encode Phoenician in Unicode. Dean A. Snyder 8 June 2004

Lenten Adventure Week 2

A Graphical Representation of the Reconstructionist World-View (with a Mixture of Science Thrown in for Good Measure) by Ronald W. Satz, Ph.D.


Gateways DALIK v Programming manual

Verification of Occurrence of Arabic Word in Quran

Transcription:

How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c Creative Commons 2.0 - b Attribution - n NonCommercial - a ShareAlike 1 / 25

The Talk 1. Background 2. Keyloggers forms 3. Main idea of our work 4. Details of our work 5. To go further 6. Finally. Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 2 / 25

Background Keyloggers -- "A keylogger is a little piece of software or hardware, which is able to retrieve every keystrokes on a computer" Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 3 / 25

Keyloggers Forms User mode ones Easy to developp, and really efficient Quite easy to detect and remove Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 4 / 25

Keyloggers Forms Kernel mode ones Quite hard to develop and really, really efficient Not easy to detect and quite hard to remove Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 5 / 25

Keyloggers Forms Hardware ones Require physical access to the computer, but the most efficient technic Software-undetectable, sometimes easy to remove, sometimes not Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 6 / 25

Our work - Main Idea Proposed solution Encrypt keystrokes As close as possible to the hardware Jamming keyloggers Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 7 / 25

Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 8 / 25

Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 9 / 25

Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 10 / 25

Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 11 / 25

Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 12 / 25

Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 13 / 25

Our work - Details Keyboard driver stack Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 14 / 25

Our work - Details Encryption Problematic Unable to directly encrypt keystrokes with a streamcipher Only known keystrokes are broadcasted by Windows The rest is inhibated Few keystrokes codes authorized Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 15 / 25

Our work - Details Encryption White list system for input decision Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 16 / 25

Our work - Details Encryption Solution : Jamming Currently, a 64bits common key exchanged every 20 keystrokes Stream cipher initiated with the common key Algorithm based on shuffle of a deck of cards : only Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 17 / 25

Our work - Details Encryption Scheme Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 18 / 25

Our work - Details API-Driver Communication Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 19 / 25

Our work - Details Protection of the protection Monitoring of the keyboard driver stack Protection against DLL injection of the API Monitoring of the registry Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 20 / 25

Our work - Results Is it working? Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 21 / 25

Our work - To go further Endless possibilities Keystrokes combinations Polymorphic on-screen keyboard Time based keystrokes Mini-game, music, colors,.. Keep keystrokes in ring 0 (GostCrypt) Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 22 / 25

Our work - Example GostCrypt a full ring 0 password version Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 23 / 25

Finally State of the project Proof of concept Available on Github ( https:// github.com/whitekernel/gostxboard.git ) Educational purpose Free and opensource, forever Call for participation Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 24 / 25

Question time Questions? Maybe answers... paul.amicelli@gostcrypt.org - baptiste.david@gostcrypt.org Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 25 / 25

2024 © religiondocbox.com Privacy Policy | Terms of Service | Feedback