Full Disclosure mailing list archives
RE: Most common keystroke loggers?
From: "John Smith" <jsmith1001 () post com>
Date: Tue, 06 Dec 2005 12:35:31 -0500
I'm sure there are problems with this, but here's my idea of preventing improper authentication. At best, I think the attacker would only be able to DoS the device, or attempt replay - which would fail without the correct time-delay. I think some kind of two-part blackbox auth with time delay was what I was trying to get at :) ** = an event <--> = any traffic that crosses USB peripheral border, ie vulnerable data [KP] = USB (for instance) input peripheral, with keycode entry pad [RS] = Remote authentication site **[KP] is intialized upon deployment like a SecurId. It is synced with the auth server based on time, and several static algorithms. **[RS] is on the same time as [KP] **[RS] knows [KP] time-delay algorithm, and control algorithm, assoc. w/KPID. **
Upon being plugged in, heres what would happen:
[KP] -- Remote auth SYN request, w/encrypted KPID sent --> [RS] **[RS] determines what time-delay algorithm [KP] is on by KPID. (KPID encryption is static to all components - possible point of failure.) [KP] <--------------------- ACK sent back ---------------- [RS] [KP] <--- Traffic averages analysis between KP and RS ---> [RS] **[KP] flashes green light to user **[KP] <-- User enters Keycode ------- [USER] **[KP] calculates two hashes, based on separate date/time sequence selected algorithms that are created using the current synced time, and a unique control algorithm determined during intialization. [KP] --------- transmits first hash sequence to ---------> [RS] **[KP] waits x cycles based on a unique time-delay algorithm [RS] knows by KPID. [KP] --- transmits second hash sequence to [RS] ---------> [RS] **[RS] uses earlier traffic analysis to determine an acceptable level of tolerance for receipt time, and determines consistency with time-delay algorithm for KPID. **[RS] authenticates data [KP] <----- Close session, pass/fail errout to KP -------- [RS] **[KP] shuts down USB port, no further traffic until reset (several ways to do that) [Compromised PC] <------------- Session ------------------ [RS] What do you think? -- ___________________________________________________ Play 100s of games for FREE! http://games.mail.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- RE: Most common keystroke loggers? Michael L. Benjamin (Dec 02)
- Re: Most common keystroke loggers? Shannon Johnston (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- Re: Most common keystroke loggers? gboyce (Dec 02)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- RE: Most common keystroke loggers? Renshaw, Rick (C.) (Dec 05)
- RE: Most common keystroke loggers? John Smith (Dec 06)
- RE: Most common keystroke loggers? Lyal Collins (Dec 08)
- Re: Most common keystroke loggers? Steven (Dec 21)
- Message not available
- Re: Most common keystroke loggers? Mark Senior (Dec 22)
- Message not available