Conference Paper

T-PIM: Trusted Password Input Method against Data Stealing Malware.

DOI: 10.1109/ITNG.2009.35 Conference: Sixth International Conference on Information Technology: New Generations, ITNG 2009, Las Vegas, Nevada, 27-29 April 2009
Source: DBLP


Internet-based financial services like online shopping and online banking have become popular in the past several years. However, most end-user's environments constructed on existing operating systems always face a threat of malware like keylogger and screenlogger. Especially, conventional anti-virus technology cannot prevent a new type of hypervisor-based stealth viruses yet. This paper proposes a novel password protection mechanism called T-PIM (Trusted Password Input Method). Proposed T-PIM mechanism provides a secure password input method to users. Our proposal employs a hypervisor to isolate a trusted domain. This paper shows a design, a prototype implementation, and results of a performance measurement. We discuss security and usability of proposed T-PIM mechanism, preventable and unpreventable attacks, and comparison with conventional measures against data stealing malware.

1 Follower
34 Reads
  • Source
    • "They advocate that the cryptosystems created accordingly strengthen the password protection. Hirano et al. [19] have proposed a novel password protection mechanism that they call T-PIM or Trusted Password Input Method. Their system employs a hypervisor to isolate a trusted domain. "

    11/2014; -(-):1-6.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Cyber world is susceptible to various attacks, out of which malware attack is the malignant one. It is very difficult to detect and defend. A keylogger spyware contains both scripts keylogger and spyware in a single program. The functionality of this program is that it can capture all key strokes which are pressed by a system user and stores them in a log file, the spyware email this log file to the designer's specified address. It is very harmful for those systems which are used in daily transaction process i.e. online banking system. The prevention of these attacks is necessary. In this paper we have proposed a framework for detection and prevention of novel keylogger spyware attack. It is capable to defend against such kind of attacks.
    Intelligent Systems and Control (ISCO), 2013 7th International Conference on; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Malwares are very precarious problem for Internet users. They are malicious software or programs, programmed by attackers to interrupt computer operation, gather delicate information, or gain access to client computer system [1]. Key-logger is one of the massive threat among various malwares. It can be a hardware key-logger or software key-logger which records the keystrokes and store them in a log file and email that file to the attacker, if attacker wants to do so. It is baleful for system user or end users who use online banking rarely or ordinarily. In this paper, we propose a technique for prevention of password from a key-logger spywares and give assurance of security of password from key-logger spywares.
    IEEE 2014 International Conference on Issues and Challenges in Intelligent Computing Techniques (ICICT), KIET Ghaziabad; 02/2014