The present invention relates to the field of security of data communication between an external device and a host computer, and, more particularly, to securing the communication between a host and an external device in such a manner that the host can authenticate the external device and the data transportation over the connection is encrypted.
Commercial corporations, enterprises, organizations, such as government, health, military, financial, etc., continually face the risk that a hostile entity may listen to communications between an external device and its host computer. An exemplary host may be a personal computer, a workstation, a desktop computer, mainframe computer, blade server (e.g. CITRIX), dumb terminal, etc. or any other type of computing device that can be connected over a private network. For example, an external device such as a keyboard can give rise to such a risk. The risk is apparent for communication that occurs between the keyboard and the host to which it is connected (i.e., via a Universal Serial Bus (USB) connector). A hostile entity that operates to listen to the communication between the keyboard and the host may gain valuable information, such as passwords, user names, bank account numbers, etc. This information may be used later to damage the organization. Information regarding the details of operation and specifications of USB technology can be found in web site www.usb.org, the content of which is incorporated herein by reference.
Listening to the data transportation over a connection between an external device and its host may be done by temporarily disconnecting the external device from its socket and placing a hardware intrusions (also known as bugs) onto the socket and reconnecting the external device to a socket at the other side of the hardware bugs, using the hardware bugs as an extender of the socket. An exemplary hardware bug can be a device known as ‘keylogger’. A keylogger is a small hardware device that can be plugged between the cable of a USB keyboard and the USB connector. A keylogger can be purchased from a ‘spy shop’. Placing and removing the keylogger is simple and fast and can be done by cleaning staff, for example. After being removed from its victim computer, the recorded information can be retrieved from the keylogger and processed by the hostile entity. Another hardware bug that can be used in this scenario is a transmitter instead of keylogger. Such a device can detect and transmit the data transported over the connection, to a receiver that collects and stores the information. Such a transmitter can intercept a connection between a printer and its host, or an external disc and its host, etc.
There are several methods that have been introduced in an effort to overcome this security problem. One method posed to address this problem is the use a software program that generates a virtual keyboard for display on a screen on which the user is requested to enter his password by using a pointing device, such as a mouse, instead of the keyboard. This method is limited by the fact that it can be utilized during certain periods of time and cannot be used for the entire activity of a user.
Another method posed to address this problem is disclosed in international publication number WO 2005/003932 the content of which is incorporate herein by reference. This method offers a low-cost portable cipher and authenticator device that can be plugged in between a keyboard and a USB connector. During common operation the device is transparent. The device is activated only during periods in which a password or other classified information is entered. The cipher encrypts the data associated with the keystrokes and transfers the encrypted data to the host. The host can store the data and transfer it to a server that requested the classified information. In the disclosed method, the host cannot decrypt the information; only the server can decrypt it.
Another technique that has been posed to address this problem includes gluing the connector of the external device to its socket in the host computer. This method eliminates placing a hardware bug between the socket and the cable, however this technique, in essence operates to convert the two units, the host and the external device, into single device. It should be appreciated that this may create difficulties when one of the devices needs to be replaced or transported. Yet another existing option is using a secured keyboard, such as a keyboard that includes an encryption mechanism. In such embodiments, the recorded/transmitted data is encrypted and cannot be used by the hostile entity.
Furthermore, current secured keyboards do not typically include authentication mechanisms. Therefore a hostile entity that wishes to collect information from certain secured keyboards may prepare, in advance, modified secured keyboards. The modified secured keyboards may be from the same type of the installed secured keyboards, which have been modified to include a keylogger in front of the encryption mechanism. Then, the modified secured keyboards may be installed instead of the legal secured keyboard. Because a common secured keyboard does not have authentication capabilities, the switching of the keyboard will be transparent to the user as well as to the organization. In addition, an organization would like to have control on external devices such as, but not limited to, keyboards that are connected to user's computers that are connected to its private network.
Therefore, there is a need in the art for a method to secure the communication between an external device and its host. Exemplary external devices can be, but are not limited to, keyboards, printers, scanners, etc. An exemplary method may use a device that can be connected between an unsecured external device and its socket in a host computer and that operates to convert the unsecured device into a secure device or alternatively the device can be added as an inherent module of the external device.
Furthermore, there is a need in the art for a method and system for inspecting the continuity of the connection between an external device and the host. Such a technology is needed to identify whether the connection has been broken for a period of time and in response to identifying a penetration, take preventive actions to eliminate damages.