Blocking keystroke logging spyware is one of the Holy Grails of network security but Auckland-based SentryBay says it has the solution to the problem.
The company, which has grown out of the Icehouse incubator programme, has patented a process which introduces random characters into the background whenever a user types in a sensitve item such as a user name, password or bank account number.
Although the user doesn’t see the random characters, the keystroke logger cannot distinguish between those and the real password and so returns no usable result.
SentryBay has sold its product, called Entry Protect, to Australia-based BarterCard for its 16-country barter network.
SentryBay’s co-founder and vice president for marketing, Marcus Whittington, says the sale is an important one for the fledgling company.
“We’ll be able to use this as a cornerstone customer in our bid to sell the service to other institutions internationally.”
Entry Protect is downloaded by the customer from the secure site. Typically the install file is less than 500KB in size and is then called on automatically any time the user logs on to that secure site.
Entry Protect works in a variety of different ways to block the more common forms of keystroke logging. It streams random characters at varying time intervals to the keyboard buffer to block most logging spyware. The software also sends out random characters should a more sophisticated logger be installed.
“We’ve analysed the various attack models keystroke loggers adopt and have broken them down into five main areas, which we then use to test our software,” Whittington says.The five areas are: logging the keyboard buffer, text grabbing from window fields, text grabbing from window hooks, kernel-level attacks and replacing the keyboard driver. He says by blocking attacks at this kind of level, rather than adopting a signature-based model similar to antivirus software, SentryBay avoids having to issue updates to its software.
He says the company is still quite small in terms of headcount with only six development staff in New Zealand and four international business developers.
SentryBay has patented its development and hopes to licence its software to other providers such as banks or any secure online service. However, the company’s arsenal doesn’t end there.
“We’ve also built the Online Bank Card which can be deployed as an enhanced form of two-factor authentication,” Whittington says.
While he says two factor authentication is useful for some attacks, it’s not the “silver bullet” some banking institutions make it out to be.
“Two-factor authentication alone is all well and good but it’s really only a defence against clumsy phishing attacks. For more sophisticated attempts to steal your data you need a more sophisticated tool.”
The Online Bank Card is actually a CD shaped like a credit card. Users who want to log on to a secure site run the card on their PC and access the site through a secure browser built on the Firefox browser. The entire session is encrypted and controlled, so even if the customer’s PC is infected, the session is secure.
“We don’t give the user the option — there’s no pop-up box saying ‘would you like to proceed’, we control the session.”
SentryBay is in talks with a number of potential customers about the product.