Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2008
IEEE
2008
IEEE
New Side Channels Targeted at Passwords
Side channels are typically viewed as attacks that leak cryptographic keys during cryptographic algorithm processing, by observation of system side effects. In this paper, we present new side channels that leak password information during X Windows keyboard processing of password input. Keylogging is one approach for stealing passwords, but current keylogging techniques require special hardware or privileged processes. However, we have found that the unprivileged operation of modifying the user key mappings for X Windows clients enables a side channel sufficient for unprivileged processes to steal that user’s passwords, even enabling the attacker to gain root access via sudo. We successfully tested one version on Linux 2.6; we were able to obtain a high degree of control over the scheduler, and thus we can obtain accurate timing information. A second version (logon detection) works without depending on accurate clocks or cache effects. Thus, in addition to demonstrating new side ch...
Real-time TrafficAccurate Clocks | ACSAC 2008 | Cryptographic Algorithm Processing | Current Keylogging Techniques | Security Privacy |
Related Content
| Added | 28 May 2010 |
| Updated | 28 May 2010 |
| Type | Conference |
| Year | 2008 |
| Where | ACSAC |
| Authors | Albert Tannous, Jonathan T. Trostle, Mohamed Hassan, Stephen E. McLaughlin, Trent Jaeger |
Comments (0)
Researcher Info
|
