Team for Research in
Ubiquitous Secure Technology

Bump in the Ether: A Framework for Securing Sensitive User Input
Jonathan M. McCune, Adrian Perrig, Michael K. Reiter

Citation
Jonathan M. McCune, Adrian Perrig, Michael K. Reiter. "Bump in the Ether: A Framework for Securing Sensitive User Input". Talk or presentation, 27, April, 2006; Poster given at Trust NSF Site Visit.

Abstract
User-space malware such as software keyloggers, spyware, and Trojans represent a significant threat to today?s desktop computing environment. Users have little assurance that such malware cannot observe their input to a particular application. In this paper, we present Bump in the Ether (BitE), an approach for preventing malware from accessing sensitive user input and providing the user with additional confidence that her input is being processed as desired. Rather than preventing malware from running or detecting already-running malware, we facilitate user input that bypasses common avenues of attack. User input traverses a trusted tunnel from the input device to the application. This trusted tunnel is implemented using a trusted mobile device working in tandem with a host platform capable of attesting to its current software state. Based on a received attestation, the mobile device verifies the integrity of the host platform and application, provides a trusted display through which the user selects the application to which her inputs should be directed, and encrypts those inputs so that only the application can decrypt them. We describe the design and implementation of BitE, with emphasis on both usability and security issues.

Electronic downloads

Citation formats  
  • HTML 
    Jonathan M. McCune, Adrian Perrig, Michael K. Reiter. <a
href="http://www.truststc.org/pubs/85.html"
><i>Bump in the Ether: A Framework for Securing
Sensitive User Input</i></a>, Talk or
presentation,  27, April, 2006; Poster given at Trust NSF
Site Visit.
  • Plain text 
    Jonathan M. McCune, Adrian Perrig, Michael K. Reiter.
"Bump in the Ether: A Framework for Securing Sensitive
User Input". Talk or presentation,  27, April, 2006;
Poster given at Trust NSF Site Visit.
  • BibTeX 
    @presentation{McCunePerrigReiter06_BumpInEtherFrameworkForSecuringSensitiveUserInput,
    author = {Jonathan M. McCune, Adrian Perrig, Michael K.
              Reiter},
    title = {Bump in the Ether: A Framework for Securing
              Sensitive User Input},
    day = {27},
    month = {April},
    year = {2006},
    note = {Poster given at Trust NSF Site Visit.},
    abstract = {User-space malware such as software keyloggers,
              spyware, and Trojans represent a significant
              threat to today?s desktop computing environment.
              Users have little assurance that such malware
              cannot observe their input to a particular
              application. In this paper, we present Bump in the
              Ether (BitE), an approach for preventing malware
              from accessing sensitive user input and providing
              the user with additional confidence that her input
              is being processed as desired. Rather than
              preventing malware from running or detecting
              already-running malware, we facilitate user input
              that bypasses common avenues of attack. User input
              traverses a trusted tunnel from the input device
              to the application. This trusted tunnel is
              implemented using a trusted mobile device working
              in tandem with a host platform capable of
              attesting to its current software state. Based on
              a received attestation, the mobile device verifies
              the integrity of the host platform and
              application, provides a trusted display through
              which the user selects the application to which
              her inputs should be directed, and encrypts those
              inputs so that only the application can decrypt
              them. We describe the design and implementation of
              BitE, with emphasis on both usability and security
              issues.},
    URL = {http://www.truststc.org/pubs/85.html}
}

Posted by Christopher Brooks on 4 May 2006.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.