Paper 2017/1245
IntegriKey: End-to-End Integrity Protection of User Input
Aritra Dhar, Der-Yeuan Yu, Kari Kostiainen, and Srdjan Capkun
Abstract
Various safety-critical devices, such as industrial control systems, medical devices, and home automation systems, are configured through web interfaces from remote hosts that are standard PCs. The communication link from the host to the safety-critical device is typically easy to protect, but if the host gets compromised, the adversary can manipulate any user-provided configuration settings with severe consequences including safety violations. In this paper, we propose IntegriKey, a novel system for user input integrity protection in compromised host. The user installs a simple plug-and-play device between the input peripheral and the host. This device observes user input events and sends a trace of them to the server that compares the trace to the application payload received from the untrusted host. To prevent subtle attacks where the adversary exchanges values from interchangeable input fields, we propose a labeling scheme where the user annotates input values. We built a prototype of IntegriKey, using an embedded USB bridge, and our experiments show that such integrity protection adds only minor delay. We also developed a UI analysis tool that helps developers to protect their services and evaluated it on commercial safety-critical systems.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint.
- Contact author(s)
- aritra dhar @ inf ethz ch
- History
- 2018-02-12: revised
- 2017-12-30: received
- See all versions
- Short URL
- https://ia.cr/2017/1245
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/1245, author = {Aritra Dhar and Der-Yeuan Yu and Kari Kostiainen and Srdjan Capkun}, title = {{IntegriKey}: End-to-End Integrity Protection of User Input}, howpublished = {Cryptology {ePrint} Archive, Paper 2017/1245}, year = {2017}, url = {https://eprint.iacr.org/2017/1245} }