Contest: CSIDC 2003
Award: 2nd
Team: Tiberius Parcalabu, Andrei Hagiescu
Mentor: Nicolae Tapus, Vlad Panait
(raport)
In the news:
Adevarul
Abstract:
This paper describes a low cost, added value solution which transforms the computer into a safer system, able to prevent unauthorized access to confidential information. EyesOnly is a hardware device designed for personal computers to protect the keyboard input and the text information displayed on the screen. It is physically installed on the cables linking the computer with the keyboard and the monitor. This is a new approach to security, which makes impossible unauthorized access to user’s private information from software pests inside the computer. Pests are generally uninvited programs that take up residence by stealth, like parasites or viruses on an information system, avoiding different protection methods, by exploiting security leaks in operating systems or user’s actions. They can gain access to whatever happens into computer’s memory, including input of credit card information, email, instant messaging and other sensitive information. For example, even if we are connected to a web server through SSL (Secure Sockets Layer), which encrypts all the communication with the browser, when we type in our credit card information, each pressed key is first handled by the keyboard driver from the operating system. This is a software layer and may be compromised by undesired software, which can intercept all the keys or simply read them from the internal memory buffer and then transmit this data to unauthorized third parties on the web.
To avoid this problem, EyesOnly has an innovative design that makes sure confidential data involved never travels unencrypted through the computer, which becomes a simple dispatcher for secured information. On one hand information sent from the keyboard is encrypted before entering the computer and on the other hand text information meant to be displayed on the screen is decrypted after exit from the computer and then superimposed over the image on the monitor. When the user enters data from the keyboard, the device provides visual feedback on the screen, so that he is able see what is typing, without actually sending keys to the computer. Security of the encrypted information is ensured by the AES (Advanced Encryption Standard) algorithm used in combination with 128-bit keys, kept on a smartcard. The exchange of all encrypted information between the computer and the device is done through a separate USB connection. The entire process is transparent to the user, who can concentrate on his work, instead of worrying about security, even if the computer cannot be fully trusted.
The services that can be secured using EyesOnly include any operations that need to input from the keyboard or to display on the monitor text-based, confidential information, like credit card information (e-shopping), banking account details (e-banking) or private discussions (instant messaging, email). It was designed with simplicity in mind, being very easy to install and use by average computer user, without need of special skills. The device can be attached to any IBM compatible computer with a free USB port, so you can use this system from your friends’ computers or even at work. It has a single switch, with three states for keyboard input protection mode: On (all keyboard input is encrypted), Off (no encryption at all) and Auto (the software application decides when encryption is activated). The rest of the settings are accessible through a simple menu activated from the application that is using the device.
By using EyesOnly, any parasite applications are made inoffensive, because they never have access to clear data. Even if someone takes physical control over the computer, he cannot access any confidential information, without the keys from user’s personal smartcard. It is easier to keep safe the smartcard than trying to keep continuously up to date the operating system or software antivirus applications.
Posts
