How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c Creative Commons 2.0 - b Attribution - n NonCommercial - a ShareAlike 1 / 25
The Talk 1. Background 2. Keyloggers forms 3. Main idea of our work 4. Details of our work 5. To go further 6. Finally. Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 2 / 25
Background Keyloggers -- "A keylogger is a little piece of software or hardware, which is able to retrieve every keystrokes on a computer" Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 3 / 25
Keyloggers Forms User mode ones Easy to developp, and really efficient Quite easy to detect and remove Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 4 / 25
Keyloggers Forms Kernel mode ones Quite hard to develop and really, really efficient Not easy to detect and quite hard to remove Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 5 / 25
Keyloggers Forms Hardware ones Require physical access to the computer, but the most efficient technic Software-undetectable, sometimes easy to remove, sometimes not Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 6 / 25
Our work - Main Idea Proposed solution Encrypt keystrokes As close as possible to the hardware Jamming keyloggers Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 7 / 25
Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 8 / 25
Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 9 / 25
Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 10 / 25
Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 11 / 25
Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 12 / 25
Our work - Main Idea Basic Understanding Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 13 / 25
Our work - Details Keyboard driver stack Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 14 / 25
Our work - Details Encryption Problematic Unable to directly encrypt keystrokes with a streamcipher Only known keystrokes are broadcasted by Windows The rest is inhibated Few keystrokes codes authorized Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 15 / 25
Our work - Details Encryption White list system for input decision Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 16 / 25
Our work - Details Encryption Solution : Jamming Currently, a 64bits common key exchanged every 20 keystrokes Stream cipher initiated with the common key Algorithm based on shuffle of a deck of cards : only Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 17 / 25
Our work - Details Encryption Scheme Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 18 / 25
Our work - Details API-Driver Communication Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 19 / 25
Our work - Details Protection of the protection Monitoring of the keyboard driver stack Protection against DLL injection of the API Monitoring of the registry Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 20 / 25
Our work - Results Is it working? Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 21 / 25
Our work - To go further Endless possibilities Keystrokes combinations Polymorphic on-screen keyboard Time based keystrokes Mini-game, music, colors,.. Keep keystrokes in ring 0 (GostCrypt) Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 22 / 25
Our work - Example GostCrypt a full ring 0 password version Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 23 / 25
Finally State of the project Proof of concept Available on Github ( https:// github.com/whitekernel/gostxboard.git ) Educational purpose Free and opensource, forever Call for participation Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 24 / 25
Question time Questions? Maybe answers... paul.amicelli@gostcrypt.org - baptiste.david@gostcrypt.org Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 25 / 25