Stark: Tamperproof Authentication to Resist Keylogging
Date: April 2013
Publication: Proceedings of the 17th International Conference on Financial Cryptography and Data Security 2013 / Lecture Notes in Computer Science, Volume 7859
Page(s): 295 - 312
Source 1: http://fc13.ifca.ai/proc/9-1.pdf
Source 2: http://dx.doi.org/10.1007/978-3-642-39884-1_25 - Subscription or payment required
Abstract or Summary:
The weakest link in software-based full disk encryption is the authentication procedure. Since the master boot record must be present unencrypted in order to launch the decryption of remaining system parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging; consequently password-based authentication schemes become attackable. The current technological response, as enforced by BitLocker, verifies the integrity of the boot process by use of the trusted platform module. But, as we show, this countermeasure is insufficient in practice. We present Stark , the first tamperproof authentication scheme that mutually authenticates the computer and the user in order to resist keylogging during boot. To achieve this, Stark combines two ideas in a novel way: (1) Stark implements trust bootstrapping from a secure token (a USB flash drive) to the whole PC. (2) In Stark, users can securely verify the authenticity of the PC before entering their password by using one-time boot prompts, that are updated upon successful boot.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.