anticlick : increasing desktop security
DESCRIPTION
Anticlick : Increasing Desktop security. Jason Petrey Computer Electronic Networking Dept . of Technology Eastern Kentucky University. outline. Basic Idea Motivation Password Security Problem Statement Solution Conclusion Future Work. Security gap. - PowerPoint PPT PresentationTRANSCRIPT
ANTICLICK: INCREASING DESKTOP SECURITY
Jason PetreyComputer Electronic
Networking Dept. of Technology
Eastern Kentucky University
2
OUTLINE Basic Idea Motivation Password Security Problem Statement Solution Conclusion Future Work
3
SECURITY GAP Windows user passwords are not
secure enough There is a need for a security
application to protect a user after the log on process, so I developed one
4
MOTIVATION During my studies at EKU I was shocked at
how unsecure the windows user password is.
I remembered a security program that I had started in high school.
Now had the knowledge and skills needed to complete the program I had started in high school.
5
PASSWORD SECURITY In 2003 a Swiss researcher
reduced the time it takes to crack a password like a windows users password from little less than 2 minutes to 13.6 seconds. (Lemos, 2003)
6
PASSWORD SECURITY Quick list of free ‘tools’
Ophcrack Offline NT Password & Registry Editor Cain & Abel LCP John the Ripper
(Fisher)
7
PROBLEM STATEMENT With the lack of security in
windows user passwords a program is needed to protect a user account after the user logs on.
8
PROPOSED SOLUTION Anticlick: Screen Lock
Clear form covering the entire screen. Blocks key combinations that could
normally bypass the program. Requires pressing two keys, defined by
the user, to bring up password entry, settings, or change password screens
9
PROPOSED SOLUTION Anticlick: Screen Lock (cont.)
Ability to run on startup/log on Email and text message warnings on a
user defined number of failed attempts at the password
All information protected with 3DES encryption (a three-step data encryption algorithm )
10
PROPOSED SOLUTION Anticlick: Administrator Control Panel
Provide administrator override password that will work for any user
Allows an administrator to edit anticlick settings on all local users who have already ran Anticlick: Screen Lock
All information protected with 3DES encryption
11
BLOCK DIAGRAM
12
MAIN FORM
PASSWORD FORMS
13
SETTINGS FORM
14
ADMIN CONTROL PANEL
15
KNOWN VULNERABILITIES Operating system that boot
from removable media Safe Mode An occasional bug that places
the start bar above the for that blocks mouse key strokes.
16
17
CONCLUSIONS When run on startup Anticlick is
an effective invisible layer of protection for a user. When ran manually it makes an effective screen lock.
When working with Visual Basic always start research on MSDN (Microsoft Developer Network)
18
CONCLUSIONS It is surprisingly easy to integrate
functions from external Dynamic-link libraries and windows API (application programming interfaces) functions into programs using Visual Studio, which helps a programmer create programs.
19
FUTURE WORK Multiple monitor support Windows service integration Remove the assumptions about the
host system that are hard coded to increase compatibility
20
FUTURE WORK Administrator Control Panel to
establish settings for users who have not yet ran the Anticlick: Screen Lock
Sell for profit or distribute as freeware /shareware
Permanent Email: [email protected]
21
REFERENCES Lemos, Robert. (2003, July 22). Cracking
Windows passwords in seconds. Retrieved April 10, 2010, from http://news.cnet.com/2100-1009_3-5053063.html
Fisher, Tim. Top 5 Free Windows Password Recovery Tools. Retrieved April 10, 2010, from http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm
22
PROJECT ACKNOWLEDGEMENTS WindowsHooksLib.dll from
www.vbforums.com Provided Keyboard Hooking
MSDN Microsoft repository of dot net
programming (including visual basic) and developer forum
23
PROJECT ACKNOWLEDGEMENTS sms411.net
How to send email to phones as text message
www.codeproject.com How to interact with the registry
www.dreamincode.net How to interact with the registry