Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
6-2012
Abstract
Password based authentication remains as the mainstream user authentication method for most web servers, despite its known vulnerability to keylogger attacks. Most existing countermeasures are costly because they require a strong isolation of the browser and the operating system. In this paper, we propose KGuard, a password input protection system. Its security is based on the hardware-based virtualization without safeguarding the browser or OS. A security-conscious user can conveniently and securely activate or deactivate the password protection by using key combinations. We have implemented KGuard and experimented our prototype on Windows with Firefox. The results show that no significant performance loss is induced by our protection mechanism when a user authenticates to commercial web servers.
Keywords
Password protection, Password-based authentication, Performance loss, Protection mechanisms, Protection systems, User authentication
Publication
Trust and Trustworthy Computing: 5th International Conference, TRUST 2012, Vienna, Austria, June 13-15: Proceedings
Volume
7344
First Page
201
Last Page
218
ISBN
9783642309212
Identifier
10.1007/978-3-642-30921-2_12
Publisher
Springer
City or Country
Berlin
Citation
CHENG, Yueqiang and DING, Xuhua.
Virtualization based password protection against malware in untrusted operating systems. (2012). Trust and Trustworthy Computing: 5th International Conference, TRUST 2012, Vienna, Austria, June 13-15: Proceedings. 7344, 201-218.
Available at: https://ink.library.smu.edu.sg/sis_research/1670
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1007/978-3-642-30921-2_12