International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, Volume 8, Issue 5, May 2018)223
A Novel Method for Securing Password Transparency
from Keylogger Recorder
Somya Shrivastava
1, Bhupendra Panchal
21,2
Oriental Institute of Science & Technology, Bhopal, India
Abstract—Keylogger recorder is a spyware program that can record key enrollments and mouse clicks along with locations that can retrieve the password whether it is in a hidden form. Keylogger exposes all enrolled keys; and password can be visible to illegitimate user that can access user accounts. Keylogger is able to work in the hidden mode and extract information in a log file that can be access later. Keylogger can expose which program or website was opened and what was typed. It even monitors who someone is chatting with on Instant Messaging programs. Certain researches have been done in this field that only detects keylogger by considering it as malicious program. But there are various keyloggers available that can run without any interruptions, such as Macro Recorder. Proposed system is able to provide secure authentication module that can securely enroll password without revealing it. Proposed system does not detect key loggers; instead of that it is concealing user’s password among encrypted strings. System can differentiate physical keystrokes as well as bots keystrokes. While entering password; system strokes some random keys for encrypting password among unreadable strings. Here it is a situation where password cannot be visible in actual form and it is impossible to find correct credentials.
Keywords— Keylogger, Authentication System, Malicious Program, Password Transparency, Input Credentials, Security.
I. INTRODUCTION
Keylogger is a spyware that can record key strokes as well as mouse pointer location. It is also known as surveillance software once installed in a computer having the capability to record every key stroke. The recording processed and saved as log file in local computer or on a server. Keylogger is able to record messages, emails or anything what a user type using keyboard whether it is physical or virtual. It is also able to record personal information including username and password that affects the security concerns. A keylogger can be detected either by task manager if a user is familiar with its name or antivirus can recognize whenever it gets activated. But antivirus is not able to detect every keylogger software or it can detect only those keyloggers that antivirus possess its information in its database.
II. RELATEDWORKS
A. Literature Review
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, Volume 8, Issue 5, May 2018)224
III. PROBLEMIDENTIFICATION
Fig. 1 Cued Click Registration [8]
Cued authentication is supposed to provide secure authentication system using cued click on images at the time of registration and same click location is expected to achieve at the time of login. But keylogger is able to record mouse locations and it is often easier to recognize password as compare to the physical keystrokes because keylogger exposes all activities that performed whether it is made by mouse or keystrokes.
Fig. 2 Cued Click Login [8]
Fig. 3 Graphical Keystrokes [8]
IV. PROPOSEDWORK
[image:2.612.317.543.487.640.2]Proposed system is able to provide secure authentication module that can securely enrol password without revealing it. Proposed system does not detect key loggers; instead of that it is concealing user’s password among encrypted strings. System can differentiate physical keystrokes as well as bots keystrokes. While entering password; system strokes some random keys for encrypting password among unreadable strings.
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, Volume 8, Issue 5, May 2018) [image:3.612.72.538.98.678.2]225
Fig. 5 Flow chart for Registration module
[image:3.612.325.536.126.435.2]In registration module, a user requires to create username and password strings for testing system’s reliability by validating password in validation module. Once the username and password generated, system aspires for key placement or password enrollment that concealing each password string among illegible strings. System uses ASCII representation for each key reference. Encrypted password does not possess actual password strings, it may also replace actual key press with random one
Fig. 6 Flow chart for Login module
[image:3.612.72.281.127.566.2]International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, Volume 8, Issue 5, May 2018) [image:4.612.52.288.220.609.2]226
These are the credentials which have been entered by a user, and while observing it; password cannot be identified from encrypted one. Keylogger becomes failed to retrieve actual key press, instead of that it records encrypted password through which a system never been hacked. System proposes a novel method for securing password from key loggers.Fig. 8 Macro Recorder
Fig. 9 Macro Recorder Keystrokes
System is able to confuse key loggers to record the actual key pressed by stroking random keys while entering credentials. Key logger records encrypted keystrokes along with physical key press that unable to extract actual password.
V. PROPOSEDMETHODOLOGY
Some spywares are able to infect a system by using malicious programs. Those programs are capable to capture each keystroke and monitor the coordinate values of cursor and generates log file which will be forwarded to the designer or malicious user via internet. Through this, an attacker or hacker got access of legitimate user’s account. Key Logger is one of the frequently active malicious programs run as a spyware. It is considered as a surveillance technique which can intercept the activity of mouse pointer and every keystroke. Nowadays, key loggers can infect a Smartphone as various applications have that malicious program to hack the crucial information of user. There are two kinds of key logger used i.e. hardware based key loggers and software based key loggers. Hardware based key logger can be act as an interface or connector between the computer and its keyboard and captures every keystroke. Key loggers that are based on software can monitor each activity of user and records the session which will be send for illegitimate access.
A. Abstract window toolkit
Abstract Window Toolkit is a tool that differentiates bots keystrokes and physical one. Physical keystroke is recorded as actual key press and bots keystrokes are entertained for encrypting password among unreadable strings. System is able to confuse key loggers that exploits actual key press and encrypted the password string that cannot be affected by guessing attacks. It is a java based implementation that emphasizes all virtual keystrokes for miscarrying key loggers.
B. Key Conceal Encryption (KCE) Algorithm
Require: Physical Keystroke K, Bots Keystroke R, Entered Password I, Actual Password P, Encrypted Password E, Physical Keystroke String An, Bots Keystroke String Rn, Timer t, Input Session N, ASCII printable value Vn.
Input: Keystrokes Output: Encrypted String 1. Acquire input field
2. Differentiate physical keystroke and virtual bots keystrokes using Abstract Window Toolkit and key press function.
3. While (t≠N) do
if K = 0 then //No Physical Keystroke R ← False
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, Volume 8, Issue 5, May 2018)227
elseR ← True K ← True
Keystroke ← Rn //Bots Keystroke
append K as encrypted password string //Virtual Password String Keystroke ← An //Physical Keystroke
append K as password string //Entered Password String end if
end else end do
5. if Vn = 13 then //ASCII value for ENTER
Declare I as input password & E as encrypted password Validate I from database
end if 6. if t = N then Expire Input Session
Keystroke ← False // For both physical and bots keystrokes end if
7. End
[image:5.612.32.566.308.656.2]VI. RESULTANALYSIS
Table 1: Result Analysis
Un Encrypted K
s Actual Ks
Actual STR Ln
Encrypted STR Ln
Keylogger Recognized String
Guessing Attack Prevention
U1 gogrrbeijjseonknnaatlaqafld oriental 8 27 gogrrbeijjseonknnaatlaqafld Strong
U2 Eijjwpipchtgognknseo iphone 6 20 eijjwpipchtgognknseo Strong
U3 laqakakgig1 ak1 3 11 laqakakgig1 Strong
U4 tzed Z 1 4 tzed Weak
U5 obxchtgogwpiplaqafld bhopal 6 20 obxchtgogwpiplaqafld Strong
U6 rrbxgfwpipdvc49s7c81f18g6 rgpv786 7 25 rrbxgfwpipdvc49s7c81f18g6 Strong
U7 eijjnknudreijjlaqa india 5 18 eijjnknudreijjlaqa Strong
U8 kmegognkneijjkaklaqa monika 6 20 kmegognkneijjkaklaqa Strong
U9 rrbgogkmelaqaqoljlaqaeijjnkn romajain 8 28 rrbgogkmelaqaqoljlaqaeijjnkn Strong
U10 c81fc81f49s7d92xgfnaatobxkak 8879gtbk 8 28 c81fc81f49s7d92xgfnaatobxkak Strong
U11 kakseorrbchtwpipeijj kerhpi 6 20 kakseorrbchtwpipeijj Strong
U12 fldfldzsyzsyobxgog llssbo 6 18 fldfldzsyzsyobxgog Strong
U13 nknseochtlaqaobxlaqaeijjzsy nehabais 8 27 nknseochtlaqaobxlaqaeijjzsy Strong
U14 nknseochtlaqa neha 4 13 nknseochtlaqa Strong
U15 gognknfldeijjnknseo online 6 19 gognknfldeijjnknseo Strong
U16 wpipeijjwpipwpipeijjwpipfldlaqankneijj pippiplani 10 38 wpipeijjwpipwpipeijjwpipfldlaqankneijj Strong
U17 t305 5 1 4 t305 Weak
U18 nknseorogwgognknseo newone 6 19 nknseorogwgognknseo Strong
U19 kmevswyfldlaqawpipeijj mylapi 6 22 kmevswyfldlaqawpipeijj Strong
U20 xgfgogudrobxfldseozsyzsyvswygogubu godblessyou 11 34 xgfgogudrobxfldseozsyzsyvswygogubu Strong
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, Volume 8, Issue 5, May 2018)228
VII. CONCLUSION
Thus the system which has been proposed provides better level of security from various key loggers. Earlier systems are intended to detect key loggers as antivirus program but some key loggers such as ―Macro Recorder‖ is able to run without any interruption. No antivirus affects Macro Recorder. Proposed system is able to prevent from all kind of key loggers by encrypting password into unreadable strings. Hence, the future scope of proposed system is splendent that can be applicable in various fields such as banking, secret agencies, institution logins, defense sectors and many more.
References
[1] Mohammad Wazid, Avita Katal, R.H. Goudar, D.P. Singh, Asit Tyagi, Robin Sharma and Priyanka Bhakuni, ―A Framework for Detection and Prevention of Novel Key logger Spyware Attacks‖, ISCO, IEEE Transaction, 2013.
[2] S. Gunalakshmii1 & P. Ezlunnalai2 ―Mobile Key logger Detection Using Machine Learning Technique‖, IEEE Transaction, 2014.
[3] M Hossein Ahmadzadegan, Ali-Asghar Khorshidvand, Meherdad Pezeshki, ―A Method for Securing Username and Password against the Key Logger Software using the Logistic Map Chaos Method‖, IEEE Transaction, 2015.
[4] Junsung Cho, Geumhwan Cho and Hyoungshick Kim, ―Keyboard or Key logger: a security analysis of third-party keyboards on Android‖, IEEE Transaction, 2015.
[5] NeenuN A, ―On Screen Randomized Blank Keyboard, National Conference on Recent Advances in Electronics & Computer Engineering, RAECE -2015.
[6] Tasabeeh O. M. Ali, Omer S. A. Awadelseed, Abeer E. W. Eldewahi, ―Random Multiple Layouts Keylogger Prevention Technique‖, Conference of Basic Sciences and Engineering Studies (SGCAC), 2016.
[7] A.Solairaj1, S.C.Prabanand2, J.Mathalairaj3, C.Prathap4 and L.S.Vignesh5, ―Key Loggers Software Detection Techniques‖ , Intelligent Systems and Control (ISCO), IEEE, 2016
[8] Shaikh Saubiya Ahmed S. and Narendra M. Shekokar, ―Cued Click Authentication‖, IEEE Transaction, 2017.
