Wednesday, August 09, 2006

JitterBugs - Covert Keyboard Communication Channels

WarTyping, keyboard acoustic emanations, and here comes a full-scale covert espionage tool recently discussed in an in-depth research at the 15th USENIX Security Symposium. Researchers at the CS department of University of Pennsylvania developed a working prototype of a JitterBug Covert Channel :

"This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet."

The trade-off remains on whether physically restoring the device would remain undetected, compared to directly streaming the output outside the network. I'll go for the covert network timing whereas insecurities and flexibility are always a matter of viewpoint.

UPDATE: The future defined - Projection Keyboards

Related resources:
Espionage Ghosts Busters
Covert Channel
Gray-World Team
IP Covert Timing Channels: An Initial Exploration
Information Theory of Covert Timing Channels
Detection of Covert Channel Encoding in Network Packet Delays

No comments:

Post a Comment