Smart-Guard: defending user input from malware

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Authors

Colleges, School and Institutes

External organisations

  • University of Copenhagen

Abstract

Trusted input techniques can profoundly enhance a variety of scenarios like online banking, electronic voting, Virtual Private Networks, and even commands to a server or Industrial Control System. To protect the system from malware of the sender’s computer, input needs to be reliably authenticated. Previous research in this field is based on fixed assumptions about trustworthy components and is, thus, too rigid for this use case.

We present Smart-Guard, a method to protect user input into a system even if the attacker controls – to us unknown – parts of the underlying system. Our approach ensures integrity of user input even when up to two of three devices are compromised; confidentiality holds for one malicious device. In this way, Smart-Guard has flexible trust assumptions, and does not require any particular part of the system to be trusted. To prove our claims, we formally verified our protocol using the state-of-the-art protocol verifier ProVerif. Additionally, we define a new class of techniques, malware tolerance, which operate securely even when the system is infected with malware.

Details

Original languageEnglish
Title of host publication2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld)
EditorsDidier El Baz, Julien Bourgeois
Publication statusPublished - 16 Jan 2017
Event13th IEEE International Conference on Advanced and Trusted Computing - Toulouse, France
Duration: 18 Jul 201621 Jul 2016

Conference

Conference13th IEEE International Conference on Advanced and Trusted Computing
CountryFrance
CityToulouse
Period18/07/1621/07/16

Keywords

  • Keyboards, Protocols, Computers, Encryption, Malware