Cryptology ePrint Archive: Report 2017/1245

IntegriKey: End-to-End Integrity Protection of User Input

Aritra Dhar and Der-Yeuan Yu and Kari Kostiainen and Srdjan Capkun

Abstract: Various safety-critical devices, such as industrial control systems, medical devices, and home automation systems, are configured through web interfaces from remote hosts that are standard PCs. The communication link from the host to the safety-critical device is typically easy to protect, but if the host gets compromised, the adversary can manipulate any user-provided configuration settings with severe consequences including safety violations.

In this paper, we propose IntegriKey, a novel system for user input integrity protection in compromised host. The user installs a simple plug-and-play device between the input peripheral and the host. This device observes user input events and sends a trace of them to the server that compares the trace to the application payload received from the untrusted host. To prevent subtle attacks where the adversary exchanges values from interchangeable input fields, we propose a labeling scheme where the user annotates input values. We built a prototype of IntegriKey, using an embedded USB bridge, and our experiments show that such integrity protection adds only minor delay. We also developed a UI analysis tool that helps developers to protect their services and evaluated it on commercial safety-critical systems.

Category / Keywords: applications /

Date: received 20 Dec 2017, last revised 12 Feb 2018

Contact author: aritra dhar at inf ethz ch

Available format(s): PDF | BibTeX Citation

Version: 20180212:132229 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]