In this paper, we propose IntegriKey, a novel system for user input integrity protection in compromised host. The user installs a simple plug-and-play device between the input peripheral and the host. This device observes user input events and sends a trace of them to the server that compares the trace to the application payload received from the untrusted host. To prevent subtle attacks where the adversary exchanges values from interchangeable input fields, we propose a labeling scheme where the user annotates input values. We built a prototype of IntegriKey, using an embedded USB bridge, and our experiments show that such integrity protection adds only minor delay. We also developed a UI analysis tool that helps developers to protect their services and evaluated it on commercial safety-critical systems.
Category / Keywords: applications / Date: received 20 Dec 2017, last revised 12 Feb 2018 Contact author: aritra dhar at inf ethz ch Available format(s): PDF | BibTeX Citation Version: 20180212:132229 (All versions of this report) Short URL: ia.cr/2017/1245 Discussion forum: Show discussion | Start new discussion