You are looking at a specific version 20171230:175641 of this paper. See the latest version.

Paper 2017/1245

IntegriKey: End-to-End Integrity Protection of User Input

Aritra Dhar and Der-Yeuan Yu and Srdjan Capkun

Abstract

Networked critical systems, such as Programmable Logic Controllers in a factory plant, are often remotely configurable by administrators through web-based interfaces. However, administrative host machines have been compromised in recent incidents, allowing attackers to covertly alter user commands or configurations to disrupt the proper function of remote controllers. While most existing approaches focus on securing field devices from malicious programs, the integrity of configuration commands remains to be explored. In this paper, we consider the presence of an untrusted host machine and aim to ensure the integrity of user input to a web server directly from a peripheral, such as a keyboard. We propose IntegriKey, an end-to-end integrity protection system that leverages a user-side trusted device (the IntegriKey device) and a small server-side software component to ensure the integrity of the user's input. Based on our solution, we also identify a new form of attack, the (user interface) UI input integrity manipulation attack, where a compromised host alters the UI to mislead the user into entering incorrect data. We provide a comprehensive analysis of these attacks and the corresponding solutions. IntegriKey allows the server to accept only authentic user input even when the attacker compromises both the host machines and the network. IntegriKey requires no additional software on the user's host and does not significantly affect the way the user interacts with the system. We implement IntegriKey in the context of remotely configuring Programmable Logic Controllers and our evaluation shows that it incurs minimal overhead in securing user input integrity.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Contact author(s)
aritra dhar @ inf ethz ch
History
2018-02-12: revised
2017-12-30: received
See all versions
Short URL
https://ia.cr/2017/1245
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.