敏感信息输入安全技术探究

Sensitive Information Input Safety Technology

攻击者有多种方法可以窃取到计算机用户使用键盘输入的信息:可以通过一定设备在物理世界进行偷窥、监听或过滤,也可以通过键盘记录器在操作系统内核层或者应用层进行挂钩或者轮询。其中,后者可以远程、精确地获取信息,造成严重威胁。文章从现有研究和应用角度出发,采取了更改键盘信息输入流程、加入干扰信息、使用软键盘等多种方法对用户敏感信息的安全输入进行防护。从攻防两个角度对敏感信息的安全输入进行了分析与实验。

The attacker has many kinds of methods can steal to computer users to use the keyboard to enter inforation： can peep, monitoring or filtering in the physical world by certain equipment, can also through the keyboard recorder in the operating system kernel layer and application layer are linked or polling. Among them, the latter can be remote, accurate access to information, which poses a serious threat. Based on the existing research and application point of view, to change keyboard input process, join the interference information, multiple use soft keyboard method of user sensitive information security input protection. Analysis and experiments have been carried out safety input of sensitive information from two angles of attack and defense.