Sciweavers

ACSAC
2006
IEEE

KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy

14 years 5 months ago
KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy
In this paper we examine the problem of entering sensitive data, such as passwords, from an untrusted machine. By untrusted we mean that it is suspected to be infected with spyware which snoops on the user’s activity. Using such a machine is obviously undesirable, and yet roaming users often have no choice. They are in no position to judge the security status of internet cafe, airport lounge or business center machines. Either malice or negligence on the part of an administrator means that any such machine can easily be running a keylogger. The roaming user has no reliable way of determining whether it is safe, and has no alternative to typing the password. We consider whether it is possible to enter data to confound spyware assumed to be running on the machine in question. The difficulty of mounting a collusion attack on a single user’s password makes the problem more tractable than it might appear. We explore several approaches. In the first, we show how the user can embed a pa...
Dinei A. F. Florêncio, Cormac Herley
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where ACSAC
Authors Dinei A. F. Florêncio, Cormac Herley
Comments (0)