15th USENIX Security Symposium Abstract
Pp. 59–75 of the Proceedings
Keyboards and Covert Channels
Gaurav Shah, Andres Molina, and Matt Blaze, University of Pennsylvania
Abstract
This paper introduces JitterBugs, a class of inline interception
mechanisms that covertly transmit data by perturbing
the timing of input events likely to affect externally
observable network traffic. JitterBugs positioned at
input devices deep within the trusted environment (e.g.,
hidden in cables or connectors) can leak sensitive data
without compromising the host or its software. In particular,
we show a practical Keyboard JitterBug that solves
the data exfiltration problem for keystroke loggers by
leaking captured passwords through small variations in
the precise times at which keyboard events are delivered
to the host. Whenever an interactive communication application
(such as SSH, Telnet, instant messaging, etc)
is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or
link is encrypted. Our experiments suggest that simple
Keyboard JitterBugs can be a practical technique for capturing
and exfiltrating typed secrets under conventional
OSes and interactive network applications, even when
the receiver is many hops away on the Internet.
- View the full text of this paper in HTML and PDF.
The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
|
