Smart-Guard: defending user input from malware

Michael Denzel, Alessandro Bruni, Mark Ryan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)
421 Downloads (Pure)

Abstract

Trusted input techniques can profoundly enhance a variety of scenarios like online banking, electronic voting, Virtual Private Networks, and even commands to a server or Industrial Control System. To protect the system from malware of the sender’s computer, input needs to be reliably authenticated. Previous research in this field is based on fixed assumptions about trustworthy components and is, thus, too rigid for this use case.

We present Smart-Guard, a method to protect user input into a system even if the attacker controls – to us unknown – parts of the underlying system. Our approach ensures integrity of user input even when up to two of three devices are compromised; confidentiality holds for one malicious device. In this way, Smart-Guard has flexible trust assumptions, and does not require any particular part of the system to be trusted. To prove our claims, we formally verified our protocol using the state-of-the-art protocol verifier ProVerif. Additionally, we define a new class of techniques, malware tolerance, which operate securely even when the system is infected with malware.
Original languageEnglish
Title of host publication2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld)
EditorsDidier El Baz, Julien Bourgeois
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages502-509
Number of pages8
ISBN (Electronic)9781509027712
ISBN (Print)9781509027729 (PoD)
DOIs
Publication statusPublished - 16 Jan 2017
Event13th IEEE International Conference on Advanced and Trusted Computing - Toulouse, France
Duration: 18 Jul 201621 Jul 2016

Conference

Conference13th IEEE International Conference on Advanced and Trusted Computing
Country/TerritoryFrance
CityToulouse
Period18/07/1621/07/16

Keywords

  • Keyboards
  • Protocols
  • Computers
  • Encryption
  • Malware

Fingerprint

Dive into the research topics of 'Smart-Guard: defending user input from malware'. Together they form a unique fingerprint.

Cite this