Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19] [ 20] [ 21]

¡@

Journal of Information Science and Engineering, Vol. 31 No. 3, pp. 943-963 (May 2015)


Physical Presence Verification: A Test to Detect Whether A Computer Is Remotely Controlled


TSUNG-TENG CHEN1, CHUN-YING HUANG2, CHEN-CHI WU3 AND KUAN-TA CHEN4,*
1Kang-Ning Junior College of Medical Care and Management
Taipei, 114 Taiwan
2National Taiwan Ocean University
Keelung, 202 Taiwan
3HTC Corporation
Taipei, 231 Taiwan
4Academia Sinica
Nankang, 115 Taiwan

As broadband Internet access has become ubiquitously available, the thin client technology is now widely adopted. Unfortunately, the old saying ¡§the same knife cuts bread and fingers¡¨ applies to the thin client technology perfectly. While it makes people¡¦s life easier, malicious attackers are ever happier. Once an attacker compromises a victim¡¦s computer and installs a remote controllable backdoor on it, the attacker can do virtually anything the victim can do on his own computer. As far as we know, there are no general solutions for detecting whether a system is remotely controlled or not. In this paper, we propose Physical Presence Verification (PPV), a test to ensure a system is controlled by a local user. If an application is considered critical, it can invoke a PPV test to ensure the user is locally present and prevent an attacker from performing mission-critical actions and accessing private information remotely. Our user studies indicate that PPV tests are effective, reliable, and adoptable in real life. We also discuss potential attacks to PPV tests and our countermeasures.

Keywords: intrusion, detection, network security, anomaly detection

Full Text (¥ş¤åÀÉ) Retrieve PDF document (201505_10.pdf)

Received December 3, 2013; revised January 29, 2014; accepted June 18, 2014.
Communicated by Hung-Min Sun.
* Corresponding author: Institute of Information Science, Academia Sinica (e-mail: swc@iis.sinica.edu.tw).
1 The thin client technology comprises hardware and software solutions. Without loss of generality, our experiments in this paper are based on software solutions, but they can be applied to hardware solutions as well.