Encrypted keyboard?

Whenever I take the bus I mull about random stuff, and this time I thinking about the ubiquitous dangers of keylogging.
So I wondered: what if… the operating system had an encrypted interface with the keyboard itself?

Of course, this made me launch Google to see if someone else had the idea, and of course someone else already did!

But again, his solution is just a layer extra, it leaves us again with the problem of kernel rootkits, but oh well…
It would be interesting if there can be hardware encryption from keyboards and motherboards with cryptoprocessors.

Wouldn’t that be awesome?

2 Likes

Mulling a bit more about this, I realized that it would be pointless to have a motherboard with a cryptoprocessor as the OS would still be getting the plain text.

So I wonder, what if each app would exchange public keys with a crypto-keyboard.
The OS Kernel would only see the encrypted traffic between them, so not even a 0 ring compromise would affect the user.
To be sure that there is no cryptographic MITM, the keyboard itself could display a fingerprint that must match the one displayed by the app.

hum…

2 Likes

One reason I never proceeded with one in the late 70’s. Thought about it before the PC, actually for the Mainframes and remote terminals connected by PTP modems. Leased lines as Telecom called them.

It has to be decoded at some point.

If I wanted to get your key logs in safeclient, and the OS sees encrypted key strokes, then I would have the malware infect the client as it loads and grab it once its decrypted. That way no one knows, fingerprint or not.

If somehow the client detected the malware then the malware could simply sandbox the client when you run it and then inspect the correct memory locations to get the decrypted keys.

It makes one wonder if encryption would be worth it. No, if that is how you are doing it.

The only way I could see it working is if the keyboard encrypted it and only the nodes decrypted it, not the s/w on your machine. BUT then you still have the issue that if your PC has malware then it can compromise you in so many ways. It is best to always play SAFE sex opps sorry safe PCing and also check your system for malware regularly

A better system, but still not ideal/useful, is to have a challenge/response device you carry that can provide a crypto response back to the nodes to a challenge by the nodes for your ID and you supply only the password. That way any keylogger does not know the ID, cannot create the correct response to a challenge once your device is removed, and only knows a password. Still it is FAR better to keep your system clean.

1 Like

I realized that it would be pointless to have a motherboard with a cryptoprocessor

This already exists, if I’m interpreting what you mean accurately. It’s called TPM, or Trusted Platform Module. These are motherboard chips that exclusively handle encryption, on many MOBOs starting several years ago.

then the malware could simply sandbox the client when you run it and…

Oh yeah, so simple, my dog could write this malware app. :stuck_out_tongue:

1 Like

\Isn’t TPM dangerous as it can completely override your computer? If YOU are in control yeah it’s awesome but if a third party is in control then THEY are in control of your computer from the hardware up. Which is why I would not trust “Trusted computing.”

1 Like

Use it or not, fair enough, I was just sayin’ mobo encryption chips already exist… :wink:

Of course keeping a System clean is ideal, but it would be far better if there were a method that were secure even if it were fully compromised.

The SafeNet’s only attack vector seems to be keyloggers, so why dont we try to cover that last mile as well?

@neo were you thinking something like this?
http://IdentivaSecurity.com

1 Like

Really a simple version, like a USB device that receives a challenge from the nodes via the client and it encrypts a response that both validates itself and provides the users Identification back to the nodes. Then the user supplies their pass word/phrase.

But yes the basic idea of crypto handshaking using a device you have separate to any computer being used.

The little $9 CHIP computers have way more grunt than required to do this.

3 Likes