eSWAT: a spyware-resistant virtual keyboard

William Allen, Richard Ford, Aldwin Saugere Florida Institute of Technology

  download slides (PDF)

One of the largest problems in e-commerce is enabling users to safely submit confidential information to websites. Keystroke loggers and other forms of spyware have made normal text entry insecure, and while encryption techniques can secure network traffic end to end, it is incapable of protecting users when the client nodes is compromised.

Various techniques have been proposed for remediating the threat posed to login information by monitoring of user machines. These include two-factor authentication (such as a one-time use passwords sent to mobile phones) and cryptographic access tokens; however, their acceptance has been limited, as these approaches are neither universal nor convenient.

In this interactive session, we demonstrate an AJAX-based virtual keyboard, eSWAT. eSWAT allows users to log in from an untrusted machine and securely send authentication data to other websites. In our demo, we illustrate how it is possible to generate virtual keyboards "on the fly", and how the data input is difficult to capture using current hardware keyloggers and spyware. Finally, we compare eSWAT with other virtual keyboards, and show how its design is more resilient than other virtual keyboards currently employed in ecommerce, and how it can be modified to withstand targeted attacks.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.