Intelligent Pervasive Computing, International Conference on (2007)
Jeju Island, Korea
Oct. 11, 2007 to Oct. 13, 2007
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IPC.2007.42
This study has been carried out for the purpose to secure keyboard input information at kernel level(system level) information invasion tools(hacking tools) by setting the area between the keyboard hardware and the computer system as a new information security area which could not be secured by server security technology or network security technology developed. For this, we have proceeded with risk-analysis based technical development methodology by which information assets are distinguished in accordance with the input information processing procedure from the keyboard hardware, security vulnerabilities for each step are analyzed, and security alternatives on these from technical aspects are established. Security vulnerabilities for each step in the procedure of keyboard input information processing have been derived from a kernel mode. To secure derived vulnerabilities we have developed a couple of detailed technologies such as debug interrupt exception processing, 'JUMP' code insertion. In order to verify about the result of our study, we established the evaluation criteria in the view of security based on literature review and we designed the experiment environment to measure it and then made an experiment with each items. We've got experiment results better than literature studies in the basic security(confidentiality) experiment and the comparison experiment(regarding authentication and access control) about various information invasion tools. We expect that our research would be able to contribute to follow-up study not only to prevent leaking from keyboard input information but also to secure important information in general application and game program at kernel level.
Hangbae Chang, Wonsub Eum, Sijin Lee, "The Research of Keyboard Security for u Trading", Intelligent Pervasive Computing, International Conference on, vol. 00, no. , pp. 165-169, 2007, doi:10.1109/IPC.2007.42