A Metric for the Evaluation and Comparison of Keylogger Performance
Date: August 2014 Publication: 7th Workshop on Cyber Security Experimentation and Test, CSET '14 Publisher: USENIX Source 1: https://www.usenix.org/system/files/conference/cset14/cset14-paper-fiebig.pdf Abstract or Summary:
In the field of IT security the development of Proof of Concept (PoC) implementations is a commonly accepted method to determine the exploitability of an identified weakness. Most security issues provide a rather straightforwad method of asserting the PoCs efficiency. That is, it either works or it does not. Hence, data gathering and exfiltration techniques usually remain in a position where the viability has to be empirically verified. One of these cases are mobile device keyloggers, which only recently have been starting to exploit side-channels to infer heuristic information on a user’s input. With this introduction of side channels exploiting heuristic information the performance of a keylogger may no longer be described with “it works and gathered what was typed”. Instead, the viability of the keylogger has to be assessed based on various typing speeds, user input styles and many metrics more as documented in this paper. The authors of this document provide a survey of the required metrics and features. Furthermore, they have developed a framework to assess the performance of a keylogger. This paper provides the documentation on how such a study can be conducted, while the required source code is shared online. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |