Open Access Open Access  Restricted Access Subscription or Fee Access

Virtual Password Obscuring in Avoidance of Keyloggers

J. Jeysree


Security issues are become more and more important in network application. Traditional authentication systems used to protect access to online services with help of passwords which are vulnerable to compromise through the introduction of a keylogger [3]. Users find themselves in the position of having to enter sensitive information like passwords on untrusted machines[11] which could have a keylogger that captures the password and allow unauthorized access. The problem we address is to enable a user to login from a machine that is untrusted. There are a number of anti-logger tracking tools available in the market with which the passwords and other important information about the users are tracked. Using such anti-logger software even every keystroke given by the user gets saved automatically in the plain text format. In this proposal an application is developed for this anti logger tracking tool so that even in the presence of such anti-logger tools installed in the system passwords and other sensitive data are not revealed to the hackers. In the proposed system the user who wants to login a particular Login server, types his password in the infected system. The user instead of typing the actual password develops an obscure password using a shared key given during registration and sends it to the proxy server. This proxy server is placed between the browser and the Login server. The obscure password obtained from the browser is filtered in the proxy server and the actual password is sent to the Login server


Keylogger, Anti-Spyware, Hacking, Anti-Keylogger, Virtual Password

Full Text:



A. Pashalidis and C. J. Mitchell. Impostor: A single sign-on system for use from untrusted devices. Proceedings of IEEE Globecom, 2004.

KLASSP: Entering password on a spyware infected machine using a shared secret proxy. Proceedings of 22nd Annual Computer Security Applications Conference 2006

Dinei Florˆencio and Cormac Herley. How To Login From an Internet Caf´e without Worrying about Keyloggers. Symp. on Usable Privacy and Security, 2006.

Ming Lei, Yang Xiao, Susan V. Vrbsky, Chung-Chih Li, and Li Liu, A Virtual Password Scheme to Protect Passwords ICC 2008 proceedings

Narges Arastouie, Mohammad Reza Razzazi. Hunter : An Anti-Spyware for Windows Operating System

Daphna Weinshall, Cognitive Authentication Schemes Safe Against Spyware

Combating Spam, Spyware, and Other Desktop Intrusions IEEE Security & Privacy 2006

P.Cisar, S. Maravic Cisar. Password a Form of Authentication. SISY 2007. 5th International Symposium on Intelligent Systems and Informatics. 24-25 August, 2007 Subotica, Serbia

E. Gaber, P. Gibbons, Y. Matyas, and A. Mayer. How to make personalized web browsing simple, secure and anonymous. Proc. Finan. Crypto ’97.

B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. Proceedings of the 14th Usenix Security Symposium, 2005.

J. A. Halderman, B. Waters, and E. Felten. A convenient method for securely managing passwords. Proceedings of the 14th International World Wide Web Conference (WWW 2005).

D. Tan, P. Keryana, and M. Czerwinski. Spy-resistant keyboard: more secure password entry on public touch screen displays. CHISIG’05.

Self-Healing Spyware: Detection and Remediation IEEE Transactions on Reliability vol.56, No.4, December 2007


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.