I had a discussion where keyloggers came up and thought of this: if your keystrokes go to a remote location, e.g., to a VNC or similar session, you could encrypt the keystrokes at the keyboard, defeating any keyloggers (hardware or software) on the way.
Should be pretty easy to implement: you need USB host, USB device, and some way to set up keys, e.g., by the remote peer sending the key on a different channel (e.g., to the screen), either initiating key setup directly (if it can send commands on USB) or asking the user to initiate key setup, and the user then typing in the key. The encryption would have to use a stream cypher to avoid simple statistical attacks. If keystrokes can get lost on the way, there would also have to be some "clock synchronization" scheme. To defeat keystroke timing analysis (we won't assume that the enemy doesn't have a few bored scientists in the their team, right ? :), the device should add some randomness to keystroke timing. Advanced issue: automatic session (unencrypted to local system, encrypted to remote system) switching. If the "terminal" software can generate local USB operations (e.g., the HID set/get feature commands), then it could probably use that for this purpose. Probably needs a button or equivalent to enable firmware updates. It could use the keyboard, but that requires a fair amount of preparation. Better to keep it simple. One LED should do nicely: off = no encryption, on = encrypted (make it illuminate a lock symbol), blinking = awaiting key input or some other maintenance action. Note: won't protect wireless keyboards against RF snooping. Except for HID host/device drivers, one should be able to find pretty much all the needed parts in the Anelok, Y-Box, and Ben-WPAN projects. As an added bonus, the HID code could then be contributed back to Anelok :-) - Werner _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
