[unisog] Safe remote access

Peter Van Epp vanepp at sfu.ca
Wed Jul 27 18:09:37 GMT 2005

On Wed, Jul 27, 2005 at 11:26:36AM -0600, Jim Dillon wrote:
> Anyone know of a software "virtual keyboard" that would allow mouse
> clicks to an onscreen keyboard to bypass a potential hardware (or even
> software) logger?  Virtual keyboards (such as those in Windows Tablet
> Editions, or the accessibility keyboard) could provide an alternative
> (albeit slow and somewhat limited functionality) when security was
> needed and hardware assurance couldn't be had. Could the Windows
> accessibility keyboard do this job?  I suspect these virtual keyboards
> use the same interrupts that the hardware keyboard uses, so they may not
> be a solution for an untrusted kernel, but riding on top of a trusted
> connection such an approach might eliminate the hardware logger worry.
> Just a thought, it seems that such a thing could exist.  I used the
> WinXP onscreen keyboard to type this question, and I wouldn't want to
> converse or author emails this way, but for entering a password...
> Just a thought for the technically more grounded than I.  I'd have no
> problems running a keyboard program before entering my VPN password if I
> knew it defeated hardware loggers. 
> Best regards,
> Jim Dillon, CISA
> IT Audit Manager
> CU Internal Audit
> Jim.Dillon at cusys.edu

	Although that would help some (by making the tap more difficult) even
the TCB chips are subject to tapping as soon as they go off chip (such as to
a keyboard or mouse interface and video). You could arrange a sealed keyboard 
that provided encrypted and certificate protected key strokes to the TCB chip, 
but I expect even that hardware could be subverted by some sufficiently 
skillful and motivated. Basically unless you are in complete control of the 
hardware you can't make it secure someone sufficiently motivated can get around
the controls if it is to something useful (such as interact with a human).
	This is the basic reason that TSEC (now Common Criteria I guess) says 
a system is evaluated at B1 or CC alphabet soup. They are saying with a 
suitable security policy (such as an armed marine that shoots people attempting 
to modify the hardware :-)) the evaluated system is capable of being secure, 
not that the system is secure by default if you run the required versions of 
hardware and software. This is why it is always worth a chuckle when a vendor 
claims C2 evaluation with the unstated implication that makes the machine 
secure ...

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list