How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure...

26
How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c Creative Commons 2.0 - b Attribution - n NonCommercial - a ShareAlike 1 / 25

Transcript of How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure...

Page 1: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

How to secure the keyboardchain

DEF CON 23

Paul Amicelli - Baptiste David - CVO Esiea-Ouest

c Creative Commons 2.0 - b Attribution - n NonCommercial - a ShareAlike 1 / 25

Page 2: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

The Talk

1. Background

2. Keyloggers forms

3. Main idea of our work

4. Details of our work

5. To go further

6. Finally.

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 2 / 25

Page 3: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Keyloggers

--

"A keylogger is a little piece of software orhardware, which is able to retrieve every

keystrokes on a computer"

Background

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 3 / 25

Page 4: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

User mode ones

Easy to developp, and really efficient

Quite easy to detect and remove

Keyloggers Forms

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 4 / 25

Page 5: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Kernel mode ones

Quite hard to develop and really, reallyefficient

Not easy to detect and quite hard to remove

Keyloggers Forms

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 5 / 25

Page 6: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Hardware ones

Require physical access to the computer,

but the most efficient technic

Software-undetectable, sometimes easy to remove, sometimes not

Keyloggers Forms

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 6 / 25

Page 7: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Proposed solution

Encrypt keystrokes

As close as possible to the hardware

Jamming keyloggers

Our work - Main Idea

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 7 / 25

Page 8: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Basic Understanding

Our work - Main Idea

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 8 / 25

Page 9: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Basic Understanding

Our work - Main Idea

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 9 / 25

Page 10: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Basic Understanding

Our work - Main Idea

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 10 / 25

Page 11: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Basic Understanding

Our work - Main Idea

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 11 / 25

Page 12: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Basic Understanding

Our work - Main Idea

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 12 / 25

Page 13: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Basic Understanding

Our work - Main Idea

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 13 / 25

Page 14: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Keyboard driver stack

Our work - Details

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 14 / 25

Page 15: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Encryption

Problematic

Unable to directly encrypt keystrokes with a streamcipher

Only known keystrokes are broadcasted by Windows

The rest is inhibated

Few keystrokes codes authorized

Our work - Details

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 15 / 25

Page 16: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Encryption

White list system for input decision

Our work - Details

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 16 / 25

Page 17: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Encryption

Solution : Jamming

Currently, a 64bits common key exchangedevery 20 keystrokes

Stream cipher initiated with the commonkey

Algorithm based on shuffle of a deck ofcards : only

Our work - Details

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 17 / 25

Page 18: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Encryption Scheme

Our work - Details

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 18 / 25

Page 19: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

API-Driver Communication

Our work - Details

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 19 / 25

Page 20: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Protection of the protection

Monitoring of the keyboard driver stack

Protection against DLL injection of the API

Monitoring of the registry

Our work - Details

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 20 / 25

Page 21: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Is it working ?

Our work - Results

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 21 / 25

Page 22: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Endless possibilities

Keystrokes combinations

Polymorphic on-screen keyboard

Time based keystrokes

Mini-game, music, colors,..

Keep keystrokes in ring 0 (GostCrypt)

Our work - To go further

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 22 / 25

Page 23: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

GostCrypta full ring 0 password version

Our work - Example

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 23 / 25

Page 24: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

State of the project

Proof of concept

Available on Github

( https:// github.com/whitekernel/gostxboard.git )

Educational purpose

Free and opensource, forever

Call for participation

Finally

®

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 24 / 25

Page 25: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

Questions ?

Maybe answers . . .

Question time

[email protected] - [email protected]

Paul Amicelli - Baptiste David - CVO Esiea-Ouest - cbna 25 / 25

Page 26: How to secure the keyboard chain - DEF CON CON 23/DEF CON 23 presentations/DEF… · How to secure the keyboard chain DEF CON 23 Paul Amicelli - Baptiste David - CVO Esiea-Ouest c

DEF CON 26 Hacking Conference - DEF CON Media Server CON 26/DEF CON 26 presentations/DEF… · started in late 2017 to prepare for the 2018 CCDC season. We ended up using the BETA

DEF CON 26 Hacking Conference - DEF CON Media Server CON 26/DEF CON 26 presentations/DEF… · started in late 2017 to prepare for the 2018 CCDC season. We ended up using the BETA

Betrayed by the keyboard - DEF CON Media Server CON 26/DEF CON 26...Betrayed by the keyboard How what you type can give you away Matt Wixey Research Lead, PwC UK Cyber Security Building

Betrayed by the keyboard - DEF CON Media Server CON 26/DEF CON 26...Betrayed by the keyboard How what you type can give you away Matt Wixey Research Lead, PwC UK Cyber Security Building

DEF CON 24 Hacking Conference CON 24/DEF CON 24 presentations/DEF CON 24...RDS-1 or "Stalin's Jet Engine" Inside knowledge of the Manhattan Project combined with looting Germany's

DEF CON 24 Hacking Conference CON 24/DEF CON 24 presentations/DEF CON 24...RDS-1 or "Stalin's Jet Engine" Inside knowledge of the Manhattan Project combined with looting Germany's

Teaching Old Shellcode New Tricks - DEF CON CON 25/DEF CON 25 presentations/DE… · Teaching Old Shellcode New Tricks DEF CON 2017 @midnite_runr

Teaching Old Shellcode New Tricks - DEF CON CON 25/DEF CON 25 presentations/DE… · Teaching Old Shellcode New Tricks DEF CON 2017 @midnite_runr

WEAPONIZING THE BBC MICRO:BIT - DEF CON CON 25/DEF CON 25 presentations/DEFCON...WEAPONIZING THE BBC MICRO:BIT ... Python code size is limited, ... DEF CON Conference, DEF CON, DEFCON,

WEAPONIZING THE BBC MICRO:BIT - DEF CON CON 25/DEF CON 25 presentations/DEFCON...WEAPONIZING THE BBC MICRO:BIT ... Python code size is limited, ... DEF CON Conference, DEF CON, DEFCON,

Download - Def Con

Download - Def Con

Crypto for Hackers - DEF CON CON 23/DEF CON 23 presentations/DEF CON 23... · Crypto for Hackers Eijah v1.00 August 7th, 2015 “Shall we play a game? ...

Crypto for Hackers - DEF CON CON 23/DEF CON 23 presentations/DEF CON 23... · Crypto for Hackers Eijah v1.00 August 7th, 2015 “Shall we play a game? ...

DEF CON 26 Hacking Conference - infocon.org CON/DEF CON 26/DEF CON... · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

DEF CON 26 Hacking Conference - infocon.org CON/DEF CON 26/DEF CON... · Bryce Kunz - Stage 2 Security, Red Teaming & Splunk Security Services. CNO.io Kevin Lustic & Bryce Kunz (@TweekFawkes)

Diálogos con medrano def

Diálogos con medrano def

Kiosk Security - DEF CON

Kiosk Security - DEF CON

Starting the Avalanche - DEF CON CON 25/DEF CON 25 presentations/DEF… · Starting the Avalanche: Application DoS ... DEFCON, Speeches, Hacking, Hackers, Hacker Conference, Computer

Starting the Avalanche - DEF CON CON 25/DEF CON 25 presentations/DEF… · Starting the Avalanche: Application DoS ... DEFCON, Speeches, Hacking, Hackers, Hacker Conference, Computer

Secure Tokin’ & Doobiekeys - DEF CON CON 25/DEF CON 25... · 2020. 5. 16. · Insecure Boot Spliff Trusted Platform Module Doobiekey Altered State. Title: Untitled Author: DEF CON

Secure Tokin’ & Doobiekeys - DEF CON CON 25/DEF CON 25... · 2020. 5. 16. · Insecure Boot Spliff Trusted Platform Module Doobiekey Altered State. Title: Untitled Author: DEF CON

Cracking Cryptocurrency Brainwallets - DEF CON CON 23/DEF CON 23 presentations/DEF… · Cracking Cryptocurrency Brainwallets Ryan Castellucci ... pass a file with pubkeyhashs, ...

Cracking Cryptocurrency Brainwallets - DEF CON CON 23/DEF CON 23 presentations/DEF… · Cracking Cryptocurrency Brainwallets Ryan Castellucci ... pass a file with pubkeyhashs, ...

Eric Sesterhenn 2018 CON 26/DEF CON 26 presentations/DEFCON-26... · DEF CON 26 Hacking Conference Author DEF CON Speaker Subject DEF CON 26 Presentation

Eric Sesterhenn 2018 CON 26/DEF CON 26 presentations/DEFCON-26... · DEF CON 26 Hacking Conference Author DEF CON Speaker Subject DEF CON 26 Presentation

802.11 Massive Monitoring - Paper Conf/Defcon/2015/DEFCON … · managed by a Python framework ... DEF CON 23 Presentation ... Subject: DEF CON 23 Presentation Keywords: DEF CON Conference,

802.11 Massive Monitoring - Paper Conf/Defcon/2015/DEFCON … · managed by a Python framework ... DEF CON 23 Presentation ... Subject: DEF CON 23 Presentation Keywords: DEF CON Conference,

Detecting Blue Team Recon With Ads - media.defcon.org CON 26/DEF CON 26 presentations/DEF… · Title: DEF CON 26 Hacking Conference Author: DEF CON Speaker Subject: DEF CON 26 Presentation

Detecting Blue Team Recon With Ads - media.defcon.org CON 26/DEF CON 26 presentations/DEF… · Title: DEF CON 26 Hacking Conference Author: DEF CON Speaker Subject: DEF CON 26 Presentation

DEF CON 23 Presentation

DEF CON 23 Presentation

DEF CON 23 Presentation CON 23/DEF CON 23 presentations/DEF CON 23... · GPS SPOOFING Low-cost GPS simulator HUANG Lin, YANG Qing Unicorn Team – Radio and Hardware Security Research

DEF CON 23 Presentation CON 23/DEF CON 23 presentations/DEF CON 23... · GPS SPOOFING Low-cost GPS simulator HUANG Lin, YANG Qing Unicorn Team – Radio and Hardware Security Research

DEF CON 23 Presentation CON 23/DEF CON 23 presentations/DEF… · Don’t"believe"anything"I"Say • Also,"hold"those"around"you"accountable

DEF CON 23 Presentation CON 23/DEF CON 23 presentations/DEF… · Don’t"believe"anything"I"Say • Also,"hold"those"around"you"accountable

Bypass firewalls, application white ... - media.defcon.org CON 22/DEF CON 22 presentations... · DEF CON 22, 2014. Hungary. root@ ... ... DEFCON, DEF CON, Hacker, Security Conference,

Bypass firewalls, application white ... - media.defcon.org CON 22/DEF CON 22 presentations... · DEF CON 22, 2014. Hungary. root@ ... ... DEFCON, DEF CON, Hacker, Security Conference,