STARK Tamperproof Authentication to Resist Keylogging

Müller T, Spath H, Mäckl R, Freiling F (2013)

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2013

Journal

Lecture Notes in Computer Science Springer Verlag

Publisher: Springer-Verlag

Edited Volumes: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Pages Range: 295-312

Conference Proceedings Title: Proceedings of FC2013

Event location: Okinawa, Japan JP

DOI: 10.1007/978-3-642-39884-1_25

Abstract

The weakest link in software-based full disk encryption is the authentication procedure. Since the master boot record must be present unencrypted in order to launch the decryption of remaining system parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging; consequently password-based authentication schemes become attackable. The current technological response, as enforced by BitLocker, verifies the integrity of the boot process by use of the trusted platform module. But, as we show, this countermeasure is insufficient in practice. We present Stark , the first tamperproof authentication scheme that mutually authenticates the computer and the user in order to resist keylogging during boot. To achieve this, Stark combines two ideas in a novel way: (1) Stark implements trust bootstrapping from a secure token (a USB flash drive) to the whole PC. (2) In Stark, users can securely verify the authenticity of the PC before entering their password by using one-time boot prompts, that are updated upon successful boot. © 2013 Springer-Verlag.

Authors with CRIS profile

Tilo Müller Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Felix Freiling Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

How to cite

APA:

Müller, T., Spath, H., Mäckl, R., & Freiling, F. (2013). STARK Tamperproof Authentication to Resist Keylogging. In Proceedings of FC2013 (pp. 295-312). Okinawa, Japan, JP: Springer-Verlag.

MLA:

Müller, Tilo, et al. "STARK Tamperproof Authentication to Resist Keylogging." Proceedings of the Financial Cryptography and Data Security 2013, Okinawa, Japan Springer-Verlag, 2013. 295-312.

BibTeX: Download