Team for Research in
Ubiquitous Secure Technology

Bump in the ether: A framework for securing sensitive user input
J. M. McCune, A. Perrig and M. K. Reiter

Citation
J. M. McCune, A. Perrig and M. K. Reiter. "Bump in the ether: A framework for securing sensitive user input". Proceedings of the 2006 USENIX Annual Technical Conference, 185-198, June, 2006.

Abstract
We present Bump in the Ether (BitE), an approach for preventing user-space malware from accessing sensitive user input and providing the user with additional confidence that her input is being delivered to the expected application. Rather than preventing malware from running or detecting already-running malware, we facilitate user input that bypasses common avenues of attack. User input traverses a trusted tunnel from the input device to the application. This trusted tunnel is implemented using a trusted mobile device working in tandem with a host platform capable of attesting to its current software state. Based on a received attestation, the mobile device verifies the integrity of the host platform and application, provides a trusted display through which the user selects the application to which her inputs should be directed, and encrypts those inputs so that only the expected application can decrypt them. We describe the design and implementation of BitE, with emphasis on both usability and security issues.

Electronic downloads

Citation formats  
  • HTML
    J. M. McCune, A. Perrig and M. K. Reiter. <a
    href="http://www.truststc.org/pubs/103.html"
    >Bump in the ether: A framework for securing sensitive
    user input</a>, Proceedings of the 2006 USENIX Annual
    Technical Conference, 185-198, June, 2006.
  • Plain text
    J. M. McCune, A. Perrig and M. K. Reiter. "Bump in the
    ether: A framework for securing sensitive user input".
    Proceedings of the 2006 USENIX Annual Technical Conference,
    185-198, June, 2006.
  • BibTeX
    @inproceedings{McCunePerrigReiter06_BumpInEtherFrameworkForSecuringSensitiveUserInput,
        author = {J. M. McCune, A. Perrig and M. K. Reiter},
        title = {Bump in the ether: A framework for securing
                  sensitive user input},
        booktitle = {Proceedings of the 2006 USENIX Annual Technical
                  Conference},
        pages = {185-198},
        month = {June},
        year = {2006},
        abstract = {We present Bump in the Ether (BitE), an approach
                  for preventing user-space malware from accessing
                  sensitive user input and providing the user with
                  additional confidence that her input is being
                  delivered to the expected application. Rather than
                  preventing malware from running or detecting
                  already-running malware, we facilitate user input
                  that bypasses common avenues of attack. User input
                  traverses a trusted tunnel from the input device
                  to the application. This trusted tunnel is
                  implemented using a trusted mobile device working
                  in tandem with a host platform capable of
                  attesting to its current software state. Based on
                  a received attestation, the mobile device verifies
                  the integrity of the host platform and
                  application, provides a trusted display through
                  which the user selects the application to which
                  her inputs should be directed, and encrypts those
                  inputs so that only the expected application can
                  decrypt them. We describe the design and
                  implementation of BitE, with emphasis on both
                  usability and security issues.},
        URL = {http://www.truststc.org/pubs/103.html}
    }
    

Posted by Michael Reiter on 6 Jun 2006.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.