skip to main content
10.1145/2714576.2714614acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

TrustLogin: Securing Password-Login on Commodity Operating Systems

Published: 14 April 2015 Publication History

Abstract

With the increasing prevalence of Web 2.0 and cloud computing, password-based logins play an increasingly important role on user-end systems. We use passwords to authenticate ourselves to countless applications and services. However, login credentials can be easily stolen by attackers. In this paper, we present a framework, TrustLogin, to secure password-based logins on commodity operating systems. TrustLogin leverages System Management Mode to protect the login credentials from malware even when OS is compromised. TrustLogin does not modify any system software in either client or server and is transparent to users, applications, and servers. We conduct two study cases of the framework on legacy and secure applications, and the experimental results demonstrate that TrustLogin is able to protect login credentials from real-world keyloggers on Windows and Linux platforms. TrustLogin is robust against spoofing attacks. Moreover, the experimental results also show TrustLogin introduces a low overhead with the tested applications.

References

[1]
C-Scale Frequency Reference Guide for Musicians. http://www.ronelmm.com/tones/cscale.html.
[2]
Common Vulnerabilities and Exposures list. http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/cvssscoremin-7/cvssscoremax-7.99/Linux-Linux-Kernel.html. Access time: 07/06/2014.
[3]
Credit Card Data Breach at Barnes & Noble Stores. http://www.nytimes.com/2012/10/24/business/hackers-get-credit-data-at-barnes-noble.html_r=3&.
[4]
Free Keylogger Pro. http://freekeyloggerpro.com/.
[5]
Intel 64 and IA-32 Architectures Optimization Reference Manual. http://www.intel.com/content/www/us/en/architecture-and-technology/64-ia-32-architectures-optimization-manual.html.
[6]
Keyboard Scan Code Set 1. http://www.computer-engineering.org/ps2keyboard/scancodes1.html.
[7]
Keylogger Malware Found on UC Irvine Health Center Computers. http://www.scmagazine.com/keylogger-malware-found-on-three-uc-irvine-health-center-computers/article/347204/.
[8]
Keylogger Products. http://www.keylogger.org.
[9]
Logkeys Linux keylogger. https://code.google.com/p/logkeys/.
[10]
NSA's ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware. http://Leaksource.wordpress.com.
[11]
OpenSSH. http://www.openssh.com. Access time: 09/01/2014.
[12]
Advanced Micro Devices, Inc. BIOS and Kernel Developer's Guide for AMD Athlon 64 and AMD Opteron Processors. http://support.amd.com/TechDocs/26094.PDF.
[13]
A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: Enabling Stealthy In-Context Measurement of Hypervisor Integrity. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10), 2010.
[14]
A. M. Azab, P. Ning, and X. Zhang. SICE: A Hardware-level Strongly Isolated Computing Environment for x86 Multi-core Platforms. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS'11), 2011.
[15]
K. Borders and A. Prakash. Securing network input via a trusted input proxy. In Proceedings of the 2nd USENIX workshop on Hot topics in security, 2007.
[16]
Y. Bulygin, J. Loucaides, A. Furtak, O. Bazhaniuk, and A. Matrosov. Summary of Attacks Against BIOS and Secure Boot. In Defcon-22, 2014.
[17]
J. Butterworth, C. Kallenberg, and X. Kovah. BIOS Chronomancy: Fixing the Core Root of Trust for Measurement. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS'13), 2013.
[18]
N. Collignon. In-memory Extraction of SSL Private Keys. http://c0decstuff.blogspot.com/2011/01/in-memory-extraction-of-ssl-private.html, 2011.
[19]
Coreboot. Open-Source BIOS. http://www.coreboot.org/.
[20]
S. Embleton, S. Sparks, and C. Zou. SMM rootkits: A New Breed of OS Independent Malware. In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm'08), 2008.
[21]
Y. Fu and Z. Lin. Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P'12), 2012.
[22]
T. Holz, M. Engelberth, and F. Freiling. Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones. In Proceedings of The 14th European Symposium on Research in Computer Security (ESORICS'09), 2009.
[23]
Intel. Enhanced Host Controller Interface Specification for Universal Serial Bus. http://www.intel.com/content/dam/www/public/us/en/documents/technical-specifications/ehci-specification-for-usb.pdf.
[24]
Intel. eXtensible Host Controller Interface for Universal Serial Bus (xHCI). http://www.intel.com/content/dam/www/public/us/en/documents/technical-specifications/extensible-host-controler-interface-usb-xhci.pdf.
[25]
Intel. PCI/PCI-X GbE Family of Controllers: Software Developer Manual. http://www.intel.com/content/www/us/en/ethernet-controllers/pci-pci-x-family-gbe-controllers-software-dev-manual.html.
[26]
Intel. Universal Host Controller Interface (UHCI) Design Guide. ftp.netbsd.org/pub/NetBSD/misc/blymn/uhci11d.pdf.
[27]
B. Jain, M. B. Baig, D. Zhang, D. E. Porter, and R. Sion. SoK: Introspections on Trust and the Semantic Gap. In Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P'14), 2014.
[28]
X. Jiang, X. Wang, and D. Xu. Stealthy Malware Detection Through VMM-based Out-of-the-box Semantic View Reconstruction. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07), 2007.
[29]
E. Ladakis, L. Koromilas, G. Vasiliadis, M. Polychronakis, and S. Ioannidis. You Can Type, but You Can't Hide: A Stealthy GPU-based Keylogger. In Proceedings of the European Workshop on System Security (EuroSec'13) 2013.
[30]
T. Leek, M. Zhivich, J. Giffin, and W. Lee. Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection. In Proceedings of the 32nd IEEE Symposium on Security and Privacy (S&P'11), 2011.
[31]
M. Mannan and P. van Oorschot. Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers. Journal of Computer Security, 2011.
[32]
L. Martignoni, P. Poosankam, M. Zaharia, J. Han, S. McCamant, D. Song, V. Paxson, A. Perrig, S. Shenker, and I. Stoica. Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference (USENIX ATC'12), 2012.
[33]
J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. Flicker: An Execution Infrastructure for TCB Minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, 2008.
[34]
J. M. McCune, A. Perrig, and M. K. Reiter. Safe passage for passwords and other sensitive data. In NDSS, 2009.
[35]
Ohloh. Black Duck Software, Inc. http://www.ohloh.net. Access time: 7/16/2014.
[36]
A. Reina, A. Fattori, F. Pagani, L. Cavallaro, and D. Bruschi. When Hardware Meets Software: A Bulletproof Solution to Forensic Memory Acquisition. In Proceedings of the Annual Computer Security Applications Conference (ACSAC'12), 2012.
[37]
S. Sagiroglu and G. Canbek. Keyloggers. Technology and Society Magazine, IEEE, 2009.
[38]
J. Schiffman and D. Kaplan. The SMM Rootkit Revisited: Fun with USB. In Proceedings of 9th International Conference on Availability, Reliability and Security (ARES'14), 2014.
[39]
H.-M. Sun, Y.-H. Chen, and Y.-H. Lin. oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks. Information Forensics and Security, IEEE Transactions on, 2012.
[40]
K. Sun, J. Wang, F. Zhang, and A. Stavrou. SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes. In Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS'12), 2012.
[41]
A. Vasudevan, B. Parno, N. Qu, V. Gligor, and A. Perrig. Lockdown: A Safe and Practical Environment for Security Applications (Carnegie Mellon University-CyLab-09-011). Technical report, 2009.
[42]
VIA. VT8237R Southbridge. http://www.via.com.tw/.
[43]
F. Wecherowski. A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers. Phrack Magazine, 2009.
[44]
H. William, S. A. Teukolsky, W. T. Vetterling, and B. P. Flannery. Numerical Recipes: The Art of Scientific Computing. Cambridge University Press, New York, 2007.
[45]
R. Wojtczuk and C. Kallenberg. Attacking UEFI Boot Script. http://events.ccc.de/congress/2014/Fahrplan/system/attachments/2566/original/venamis_whitepaper.pdf, 2014.
[46]
R. Wojtczuk and J. Rutkowska. Attacking SMM Memory via Intel CPU Cache Poisoning, 2009.
[47]
F. Zhang, K. Leach, K. Sun, and A. Stavrou. SPECTRE: A Dependable Introspection Framework via System Management Mode. In Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'13), 2013.
[48]
F. Zhang, H. Wang, K. Leach, and A. Stavrou. A Framework to Secure Peripherals at Runtime. In Proceedings of The 19th European Symposium on Research in Computer Security (ESORICS'14), 2014.
[49]
F. Zhang, J. Wang, K. Sun, and A. Stavrou. HyperCheck: A Hardware-assisted Integrity Monitor. In IEEE Transactions on Dependable and Secure Computing (TDSC'14), 2014.

Cited By

View all
  • (2024)HyperWallet: cryptocurrency wallet as a secure hypervisor-based applicationEURASIP Journal on Information Security10.1186/s13635-024-00159-22024:1Online publication date: 8-Aug-2024
  • (2023)HyperIO: A Hypervisor-Based Framework for Secure IOApplied Sciences10.3390/app1309523213:9(5232)Online publication date: 22-Apr-2023
  • (2021)x86 System Management Mode (SMM) Evaluation for Mixed Critical SystemsApplications in Electronics Pervading Industry, Environment and Society10.1007/978-3-030-66729-0_19(164-170)Online publication date: 26-Jan-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security
April 2015
698 pages
ISBN:9781450332453
DOI:10.1145/2714576
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. keyloggers
  2. login password
  3. system management mode

Qualifiers

  • Research-article

Funding Sources

Conference

ASIA CCS '15
Sponsor:
ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security
April 14 - March 17, 2015
Singapore, Republic of Singapore

Acceptance Rates

ASIA CCS '15 Paper Acceptance Rate 48 of 269 submissions, 18%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)11
  • Downloads (Last 6 weeks)1
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)HyperWallet: cryptocurrency wallet as a secure hypervisor-based applicationEURASIP Journal on Information Security10.1186/s13635-024-00159-22024:1Online publication date: 8-Aug-2024
  • (2023)HyperIO: A Hypervisor-Based Framework for Secure IOApplied Sciences10.3390/app1309523213:9(5232)Online publication date: 22-Apr-2023
  • (2021)x86 System Management Mode (SMM) Evaluation for Mixed Critical SystemsApplications in Electronics Pervading Industry, Environment and Society10.1007/978-3-030-66729-0_19(164-170)Online publication date: 26-Jan-2021
  • (2018)Bring the Missing Jigsaw BackProceedings of the 11th European Workshop on Systems Security10.1145/3193111.3193119(1-6)Online publication date: 23-Apr-2018
  • (2017)Position PaperProceedings of the Hardware and Architectural Support for Security and Privacy10.1145/3092627.3092633(1-8)Online publication date: 25-Jun-2017
  • (2017)Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource UsageResearch in Attacks, Intrusions, and Defenses10.1007/978-3-319-66332-6_18(403-424)Online publication date: 12-Oct-2017
  • (2016)SoKProceedings of the Hardware and Architectural Support for Security and Privacy 201610.1145/2948618.2948621(1-8)Online publication date: 18-Jun-2016
  • (2016)The Request for Better MeasurementProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897916(475-486)Online publication date: 30-May-2016
  • (2016)fuzzyPSM: A New Password Strength Meter Using Fuzzy Probabilistic Context-Free Grammars2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN.2016.60(595-606)Online publication date: Jun-2016

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media