Defend a System against Keyloggers with a Privilege-Limited Account


Article Preview

Nowadays keystroke logging is one of the most widespread threats used for password theft. In this paper, rather than detecting existing malware or creating a trusted tunnel in the kernel, we present a method called Broker to protect the password that a user provides for a web page to login to a web service. Installing such solutions in a host only requires limited privileges of related computers. The Broker method uses a second device and the Broker server to safely transfer users’ account-related information. Comparing with previous work, the Broker method successfully separates user names and passwords so that even a second device and the Broker server are compromised, users still will not leak their private information to attackers. Finally, the Broker method can be applied to all websites without any modification of them.



Edited by:

Wen-Hsiang Hsieh




C. W. Hung et al., "Defend a System against Keyloggers with a Privilege-Limited Account", Applied Mechanics and Materials, Vols. 284-287, pp. 3385-3389, 2013

Online since:

January 2013




[1] E. Johnson; Symantec Internet Security Threat Report: Trends for 2010, Symantec, Mountain View (2011).

[2] S. Ortolani, C. Giuffrida and B. Crispo; Bait Your Hook: a Novel Detection Technique for Keyloggers, Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection. (2010) September 15 -17; Ottawa, Ontario, Canada.


[3] J.M. McCune, A. Perrig and M.K. Reiter; Bump in the Ether: a Framework for Securing Sensitive User Input, Proceedings of the 2006 USENIX Annual Technical Conference, (2006) May 30 - June 3; Boston, USA.

[4] E. Stobert, A. Forget, S. Chiasson, P. C. van Oorschot and R. Biddle; Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords, Proceedings of the 26th Annual Computer Security Applications Conference, (2010).


[5] A. Pashalidis; Accessing Password-Protected Resources without the Password, Proceedings of the WRI World Congress on Computer Science and Information Engineering, (2009) March 31-April 2; Los Angeles, USA.


[6] F. Dinei and H. Cormac; KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy, Proceedings of the ACSAC Conference, (2006) Dec. 11-15; Miami, USA.


[7] H. Yin, Z. Liang and D. Song; HookFinder: Identifying and Understanding Malware Hooking Behaviors, Proceedings of the 15th Annual Network and Distributed System Security Symposium, (2008) Feb. 8-11; San Diego, USA.