CryptoKeys: Another Keyboard-Centric Approach to End-to-End Encryption
摘要
While keyboards continue to be the primary human-computer interface for data entry, they remain vulnerable to threats like keyloggers. This paper presents CryptoKeys, an innovative device that uses end-to-end encryption to protect the confidentiality and integrity of data entered via any USB keyboard. CryptoKeys features multiple operating modes, allowing it to adapt to varying levels of trust between the device and the host system, as well as the host system’s support for the device. Encrypt/Decrypt mode is designed for low-trust scenarios, where there is no assumption of trust in the host system and no explicit support for the CryptoKeys device from the host; Keystroke Encryption mode, which encrypts individual keystrokes to maintain security while interfacing with trusted device drivers, operating systems, or applications in partial trust scenarios; and Data Stream Encryption mode that allows CryptoKeys to function as an auxiliary encryption device that receives data from the host for encryption and returns the encrypted data, all while keeping the encryption parameters (e.g., secret key) confidential. This mode is suitable for high-trust scenarios where the host can be trusted with the data but not with the encryption key. To the best of our knowledge, all existing similar keyboard security approaches are integrated into specific keyboard products and cannot be used with any arbitrary USB keyboards, unlike CryptoKeys. Additionally, only a few existing solutions support multiple modes of operation like CryptoKeys.