T-PIM: Trusted Password Input Method against Data Stealing Malware

Author

Hirano, Manabu ; Umeda, Tomohiro ; Okuda, Takeshi ; Kawai, Eiji ; Yamaguchi, Suguru

Author_Institution

Dept. of Inf. & Comput. Eng., Toyota Nat. Coll. of Technol., Toyota

fYear

2009

fDate

27-29 April 2009

Firstpage

429

Lastpage

434

Abstract

Internet-based financial services like online shopping and online banking have become popular in the past several years. However, most end-user´s environments constructed on existing operating systems always face a threat of malware like keylogger and screenlogger. Especially, conventional anti-virus technology cannot prevent a new type of hypervisor-based stealth viruses yet. This paper proposes a novel password protection mechanism called T-PIM (Trusted Password Input Method). Proposed T-PIM mechanism provides a secure password input method to users. Our proposal employs a hypervisor to isolate a trusted domain. This paper shows a design, a prototype implementation, and results of a performance measurement. We discuss security and usability of proposed T-PIM mechanism, preventable and unpreventable attacks, and comparison with conventional measures against data stealing malware.

Keywords

invasive software; software metrics; Internet-based financial services; T-PIM; antivirus technology; data stealing malware; keylogger; online banking; online shopping; password protection; performance measurement; screenlogger; trusted password input method; Banking; Isolation technology; Measurement; Operating systems; Proposals; Protection; Prototypes; Virtual machine monitors; Viruses (medical); Web and internet services; Data Stealing Malware; Hypervisor; Spyware; Virus;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: New Generations, 2009. ITNG '09. Sixth International Conference on

Conference_Location

Las Vegas, NV

Print_ISBN

978-1-4244-3770-2

Electronic_ISBN

978-0-7695-3596-8

Type

conf

DOI

10.1109/ITNG.2009.35

Filename

5070656