STARK Tamperproof Authentication to Resist Keylogging

The weakest link in software-based full disk encryption is the authentication procedure. Since the master boot record (MBR) must be present unencrypted in order to launch the decryption of remaining system parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging. The current technological response, as enforced by BitLocker, ascertains the integrity of the boot process by use of the trusted platform module (TPM). However, this countermeasure is insufficient in practice as shown by tamper-and-revert attacks. To overcome the threats of keylogging, STARK is a tamperproof authentication scheme that mutually authenticates the computer and the user during boot. To achieve this, STARK combines two ideas: (1) STARK implements trust bootstrapping from a secure token (a USB flash drive) to the whole PC. (2) In STARK, users can securely verify the authenticity of the PC before entering their password by using one-time boot prompts that are updated upon successful boot.

Paper: STARK (by Tilo Müller, Hans Spath, Richard Mäckl, and Felix C. Freiling)
Slides: STARK (by Tilo Müller, presented at FC 2013 conference)
Implementation: POTTS (by Hans Spath, Bachelor Thesis)

MARK – Mutual Authentication to Resist Keylogging

MARK is an implementation of a new version of the STARK protocol that does not depend on one-time boot prompts. Instead, MARK uses just a secure token. The secure token is implemented as an active USB drive that verifies the integrity of the PC and indicates the verification status by an LED to the user. This way, users can ensure the authenticity of the PC before entering their passwords. In addition to evil maid resistance, the MARK implementation is operating system independent, resistant towards coldboot attacks and it provides plausible deniability.

Paper: MARK (by Johannes Götzfried and Tilo Müller)
Implementation: MARK (by Johannes Götzfried, Master Project)