Hardware Trojans against virtual keyboards on e-banking platforms – A proof of concept

Pedro Peris-Lopez; Honorio Martín

doi:10.1016/j.aeue.2017.04.003

Hardware Trojans against virtual keyboards on e-banking platforms – A proof of concept

Pedro Peris-Lopez^*, Honorio Martín

^*Corresponding author for this work

Department of Computer Science

Research output: Contribution to journal › Article › Scientific › peer-review

5 Citations (Scopus)

Abstract

In the last years there has been a considerable growth on the number of users in on-line banking (Szopinski, 2016). Banks must implement strong security solutions and users have to feel safe about the security offered. To securize the users’ access, virtual keyboards are commonly used. Unlikely, virtual keyboards are vulnerable to shoulder surfing and malicious software-based attacks such as malware and Trojans (Nadkarni et al., 2011; Sapra et al., 2013). In this article we propose a Hardware Trojan (HT), which targets a VGA display and is able to reveal the private information clicked by the user on a virtual keyboard. This HT is very harmful since it defeats the countermeasures (e.g., keyboard mutation or obfuscation) generally used to combat malicious pieces of software (Nayak et al., 2014; Parekh et al., 2011; Rajarajan et al., 2014).

Original language	English
Pages (from-to)	146-151
Number of pages	6
Journal	AEU INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION
Volume	76
DOIs	https://doi.org/10.1016/j.aeue.2017.04.003
Publication status	Published - 1 Jun 2017
MoE publication type	A1 Journal article-refereed

Keywords

Hardware Trojans
On-line banking
VGA display
Virtual keyboards

Access to Document

10.1016/j.aeue.2017.04.003

OpenUrl availability

Full text

Cite this

@article{8b447cd4a11841ac8376f2523a985d70,

title = "Hardware Trojans against virtual keyboards on e-banking platforms – A proof of concept",

abstract = "In the last years there has been a considerable growth on the number of users in on-line banking (Szopinski, 2016). Banks must implement strong security solutions and users have to feel safe about the security offered. To securize the users{\textquoteright} access, virtual keyboards are commonly used. Unlikely, virtual keyboards are vulnerable to shoulder surfing and malicious software-based attacks such as malware and Trojans (Nadkarni et al., 2011; Sapra et al., 2013). In this article we propose a Hardware Trojan (HT), which targets a VGA display and is able to reveal the private information clicked by the user on a virtual keyboard. This HT is very harmful since it defeats the countermeasures (e.g., keyboard mutation or obfuscation) generally used to combat malicious pieces of software (Nayak et al., 2014; Parekh et al., 2011; Rajarajan et al., 2014).",

keywords = "Hardware Trojans, On-line banking, VGA display, Virtual keyboards",

author = "Pedro Peris-Lopez and Honorio Mart{\'i}n",

year = "2017",

month = jun,

day = "1",

doi = "10.1016/j.aeue.2017.04.003",

language = "English",

volume = "76",

pages = "146--151",

journal = "AEU INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION",

issn = "1434-8411",

publisher = "Urban und Fischer Verlag Jena",

}

TY - JOUR

T1 - Hardware Trojans against virtual keyboards on e-banking platforms – A proof of concept

AU - Peris-Lopez, Pedro

AU - Martín, Honorio

PY - 2017/6/1

Y1 - 2017/6/1

N2 - In the last years there has been a considerable growth on the number of users in on-line banking (Szopinski, 2016). Banks must implement strong security solutions and users have to feel safe about the security offered. To securize the users’ access, virtual keyboards are commonly used. Unlikely, virtual keyboards are vulnerable to shoulder surfing and malicious software-based attacks such as malware and Trojans (Nadkarni et al., 2011; Sapra et al., 2013). In this article we propose a Hardware Trojan (HT), which targets a VGA display and is able to reveal the private information clicked by the user on a virtual keyboard. This HT is very harmful since it defeats the countermeasures (e.g., keyboard mutation or obfuscation) generally used to combat malicious pieces of software (Nayak et al., 2014; Parekh et al., 2011; Rajarajan et al., 2014).

AB - In the last years there has been a considerable growth on the number of users in on-line banking (Szopinski, 2016). Banks must implement strong security solutions and users have to feel safe about the security offered. To securize the users’ access, virtual keyboards are commonly used. Unlikely, virtual keyboards are vulnerable to shoulder surfing and malicious software-based attacks such as malware and Trojans (Nadkarni et al., 2011; Sapra et al., 2013). In this article we propose a Hardware Trojan (HT), which targets a VGA display and is able to reveal the private information clicked by the user on a virtual keyboard. This HT is very harmful since it defeats the countermeasures (e.g., keyboard mutation or obfuscation) generally used to combat malicious pieces of software (Nayak et al., 2014; Parekh et al., 2011; Rajarajan et al., 2014).

KW - Hardware Trojans

KW - On-line banking

KW - VGA display

KW - Virtual keyboards

UR - http://www.scopus.com/inward/record.url?scp=85018268431&partnerID=8YFLogxK

U2 - 10.1016/j.aeue.2017.04.003

DO - 10.1016/j.aeue.2017.04.003

M3 - Article

AN - SCOPUS:85018268431

VL - 76

SP - 146

EP - 151

JO - AEU INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION

JF - AEU INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION

SN - 1434-8411

ER -

Hardware Trojans against virtual keyboards on e-banking platforms – A proof of concept

Abstract

Keywords

Access to Document

OpenUrl availability

Other files and links

Fingerprint

Cite this