SMMDecoy: Detecting GPU Keyloggers using Security by Deception Techniques

Ijlal Loutfi

Abstract

Human computer interaction is a fundamental part of the modern computing experience. Everyday, millions of users rely on keyboards as their primary input interface, and use them to enter security sensitive information such authentication credentials. These can be passwords, but also multi-authentication factors received from other devices, such as One Time Passwords and SMS’s. Therefore, the security of the keyboard interface is critical. Unfortunately, both PS/2 and USB keyboards have open buffers which are vulnerable to sniffing by keyloggers. This paper focuses on the detection of the stealthiest variance of keyloggers, which is deployed within IO devices firmware, such as GPUs. We propose to use principles of security by deception: We inject decoy credentials into the open keyboard buffers, and give GPU keyloggers the opportunity to sniff them. These decoy credentials are then sent to a remote server that can raise an alarm anytime an attacker uses them. We assume a strong adversary that can infect both the GPU and the kernel. Therefore, we propose to deploy the solution within System Management Mode, and leverage Intel Software Guard Extensions for network communication. Both SMM and SGX are hardware protected against the OS and DMA, and provide thus strong security guarantees to our solution, which we name SMMDecoy.

Download


Paper Citation


in Harvard Style

Loutfi I. (2019). SMMDecoy: Detecting GPU Keyloggers using Security by Deception Techniques.In Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-359-9, pages 580-587. DOI: 10.5220/0007578505800587


in Bibtex Style

@conference{icissp19,
author={Ijlal Loutfi},
title={SMMDecoy: Detecting GPU Keyloggers using Security by Deception Techniques},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2019},
pages={580-587},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007578505800587},
isbn={978-989-758-359-9},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - SMMDecoy: Detecting GPU Keyloggers using Security by Deception Techniques
SN - 978-989-758-359-9
AU - Loutfi I.
PY - 2019
SP - 580
EP - 587
DO - 10.5220/0007578505800587