Paper 2017/1245

IntegriKey: End-to-End Integrity Protection of User Input

Aritra Dhar, Der-Yeuan Yu, Kari Kostiainen, and Srdjan Capkun

Abstract

Various safety-critical devices, such as industrial control systems, medical devices, and home automation systems, are configured through web interfaces from remote hosts that are standard PCs. The communication link from the host to the safety-critical device is typically easy to protect, but if the host gets compromised, the adversary can manipulate any user-provided configuration settings with severe consequences including safety violations. In this paper, we propose IntegriKey, a novel system for user input integrity protection in compromised host. The user installs a simple plug-and-play device between the input peripheral and the host. This device observes user input events and sends a trace of them to the server that compares the trace to the application payload received from the untrusted host. To prevent subtle attacks where the adversary exchanges values from interchangeable input fields, we propose a labeling scheme where the user annotates input values. We built a prototype of IntegriKey, using an embedded USB bridge, and our experiments show that such integrity protection adds only minor delay. We also developed a UI analysis tool that helps developers to protect their services and evaluated it on commercial safety-critical systems.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Contact author(s)
aritra dhar @ inf ethz ch
History
2018-02-12: revised
2017-12-30: received
See all versions
Short URL
https://ia.cr/2017/1245
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1245,
      author = {Aritra Dhar and Der-Yeuan Yu and Kari Kostiainen and Srdjan Capkun},
      title = {IntegriKey: End-to-End Integrity Protection of User Input},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1245},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1245}},
      url = {https://eprint.iacr.org/2017/1245}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.