1. Technical Field
The present invention relates in general to improved password security and in particular to improved security of passwords during entry. Still more particularly, the present invention relates to defeating unauthorized keystroke logging during password entry.
2. Description of the Related Art
Within a computer system or network of computer systems, maintaining the security of information and access to that information is important. A common method for maintaining security in computer systems is through associating a particular password with a particular user and requiring the user to submit the password to receive access to information within a computer system or network of computer systems.
When setting up passwords, each computer system or network of computer systems typically assigns rules for the length of the password and the types of characters that must be included in the password. For example, it is typical to require a password to contain at least six characters and to include a mix of alphabetic characters and numeric characters.
While passwords provide a level of security to protect access to networks, applications, and data, use of passwords as a security device is easily compromised by an attacker employing keystroke logging techniques. In general, a keystroke logging technique records the keystrokes an authorized user uses to enter a password, such that an unauthorized user may then enter the password of the authorized user to access secured networks, applications, or data. As examples, keystroke logging can be performed through hardware, software, active monitoring, and passive monitoring.
As a first example, an unauthorized password logger can plant a hardware keystroke logging device inside a keyboard, attached to a keyboard cable, or interposed between the keyboard cable output socket and the computer keyboard input socket. The keystroke logging device records and timestamps all keystrokes typed at the keyboard. The unauthorized password logger can later recover the device and search the log for patterns which indicate an authentication. In a typical pattern, the string of characters typed after an authentication challenge is a password. For example, if the computer to which the keyboard is attached runs a UNIX based operating system, ‘root|su|ssh|gpg’ are patterns which result in an authentication challenge to which the user responds with a password. In another example, if the computer is part of an Internet cafe or other terminal available to multiple users, there is a pattern where the characters typed after entries of the form of “@hotmail.com” or “@yahoo.com” are typically the characters of a password. In yet another example, in computers which implement firmware-level authentication, there is a pattern where the first characters recorded after a long interval without activity are often the characters of the power-on password.
One solution to protect against unauthorized placement of hardware keystroke logging devices is physically securing computer systems so that only authorized users have physical access to the computer systems. Realistically, however, enforcing physical security can be difficult, particularly in Internet cafes and other locations where it is advantageous to allow public access to computer systems.
As a second example, an unauthorized password logger can implant keystroke logging software in the operating system or other programs of a computer system or network of computer systems. The keystroke logging software records and timestamps all or a selection of keystrokes in a log. In particular, the keystroke logging software can detect which program is receiving keystrokes and only record keystrokes received by particular programs. Like the hardware keystroke logging device, the unauthorized password logger can access the software keystroke log and detect patterns which tend to indicate entry of a password.
One solution to protect against unauthorized implanting of a keystroke logging software is through security software installed in the operating system of a computer system that prevents remote intrusions which would serve as a conduit for unauthorized keystroke logging software. A limitation to security software, however, is that the software keystroke logging controller may be implanted in a manner so as to not be detected by the current security software. For example, an authorized user of a computer system may open an email attachment that surreptitiously installs the keystroke logging software to avoid the operating system security.
As a third example, an unauthorized password logger can actively monitor keystrokes by watching over a shoulder or recording with a video camera the password keystrokes entered by a user. Keystrokes may also be actively monitored using a microphone to record the unique aural signatures of each key.
As with the prevention of hardware keystroke logging device placement, active monitoring of keystroke entry can typically only be prevented through restricting physical access to computer systems and sweeping rooms for unauthorized microphone or video equipment. This security solution is limited, however, because many computers accessible to the public cannot be subject to this type of security.
As a fourth example, an unauthorized keystroke logger can passively monitor keystrokes by snooping on electronic signals emitted by a computer system. Video display units leak electromagnetic radiation which can be used by an unauthorized logger to partially or fully reconstruct the image displayed on a computer system screen. In addition, other parts of a computer system emit signals which may be used to infer the operation of the component and access passwords. While passive monitoring can be avoided through the use of electromagnetic shielding that traps outbound electromagnetic radiation, this solution is limited because the shielding is very expensive.
In addition to the four examples of ways unauthorized users can access passwords, a combination of hardware keystroke logging devices, keystroke logging software, active monitoring, and passive monitoring may be implemented to avoid current security systems. For example, a software keystroke logging program can configure the keyboard cable to act as a transmitting antenna and send out the log in morse code, which is detected by a local inexpensive radio receiver passively monitoring the computer system from afar.
As cryptographic protection technology for entered passwords increases, keystroke logging becomes the ideal way for attackers to access passwords. As previously described, however, current methods of protecting against keystroke logging are limited. Thus, there is a need for a method, system, and program for preventing unauthorized keystroke logging that masks any patterns in password keystroke entry and avoids active and passive monitoring.