Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

Study on Key Logger: Challenges and Solutions

Yash Adhikari1, Durga Suma Priya2, M. Visweswara Rao3,*

1,2,3
Department of Electronics & Communication, Aditya Engineering College, Surrampalem,
Andhra Pradesh, India.
[email protected], [email protected], [email protected],*

Abstract

Key logger is one of the open issues in the present society. A keylogger is a program that record
all key stick entered on the keyboard, in another word key loggersare the sort of the spywares
that take the information of the clients by following their keyboards.Detecting the key loggers is
the troublesome undertaking to perform because generally they hide their presence using
technology like root-kit so they don’t get detected from antivirus and other system protections.
The primary work of this program is that they will catch the keystrokes squeezed by the client
and store them in a log file. Either this log file can be store on the same system or send to other
system using internet or other communication method. we all know how important it is to protect
our password and other important data, this keylogger had the protection task difficult so in this
paper we are going to talk about various type of keylogger and their preventionmethods

Keywords: Key Logger, DMA(Direct Memory Access), Keystroke, GPU.

1. Introduction

We live in the world where we are surrounded by the technology, EARLY morning when we
wakeup we grab our phone or some other devices, These technology have saved our time and
made our life easier, we even make bank transection from our handset as we trust our technology
But the question arises how secure we are with it ?.With the increase in benefit of technology the
threat has also increased. Cracking, hacking, Cyberbully, Cybersquatting, Creating Malware,
Espionage, Identity theft, phishing, spoofing is some of the evil action that are done with the use
of technology. Among these keystroke logging(known as key logger) is one of the most used
technique to abstract the useful data,criminals found it as most effective method.

The word key logging mean ―the action of recording (logging) the keys struck on a keyboard―A
key logger is programming that tracks or logs the keys struck on your keyboard, ordinarily in a

Volume XII, Issue XII, December-2020 Page No:36

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

secret way with the goal that you don't have the idea about that your activities are being
observed. This is usually done with malicious intent to collect your account information, credit
card numbers, user names, passwords, and other private data. key loggers are introduced on your
system by various way, opening infected file, instant message, P2P systems, website browsing if
that site is infected. The key logger can be either hardware or software. [1][2][6], some key
loggeris planted in kernel which is difficult to detect[6]. sometimes the only solution available is
changing the whole system.[1],kernel-level key logger can be detected by kernel integrity and
code attestation tools [2].User-level key logger use high-level APIs to find keystrokes, windows
provide GetAsynckeyState function to see if the key is pressed or not, user-level key logger are
easy to write and easy to detect[2]themost realistic key loggers share two operations: (a) hooking
into user input flow to receive keystrokes and (b) transporting the data to a remote location[5]

The keyboard is the target of the key logger to get key pressed on keyboard as keyboard is one of
the fundamental inputdevices, when we typed a key in a keyboard it has different assigned value
called scan code and the controller receive the scancode and send it to device driver [2][1]. The
device driver converts the scancode into virtual-key, which is send to keyboard layout that
convert these virtual-key to message. The key logger can be placed anywhere throughout the
process, the detection of key logger are based on signature and behavior based, so it difficult to
detect unique key logger[1].This paper aim is to discuss some of the work that has been done to
prevent and to overcome the problem of keylogger, and predict the future of the keylogger.

Type of keylogger: keylogger are generally of four type:

1. Software, 2. Hardware, 3. Wireless incept, 4. Acoustic

SOFTWARE:This softwareis placed between keyboard interface and operating system,these are
implemented as normal application or kernel-based, generallykeylogging application use a
hooking mechanism to steal data, most kernel-based keylogger replace the device drive[7].

Volume XII, Issue XII, December-2020 Page No:37

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

Fig1:The location of a kernel based keylogger in the keystroke to OS path

HARDWARE: Ahardware keylogger are the circuit that are generally placed between the
keyboard and computer(CPU), device is placed in line with keyboard are the most popular type
of hardware keylogger[7].example ps/2keylogger and USB type,we need physical access to
install hardware keylogger.hardware keylogger may have dedicated non-volatile memory.

Fig2: Hardware keylogger

Volume XII, Issue XII, December-2020 Page No:38

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

WIRELESS:We have wireless keyboard intercept generally keyboard devices use 27MHz RF
connection and its range is with in some meter, although wireless keyboard manufactures encrypt
still the inscription is week and the data can be decrypted[7],even Bluetooth can be used for
receiving keystrokes.

Fig3: Wireless keylogger

ACOUSTIC:Every key pressed have its unique sound keeping a microphone near the target
computer and transmitting the sound and then converting the sound into character[7] using some
software this method is expensive and does not work quite often

2. Literature Evaluation

In the mid-1970s, the Soviet Union developed and deployed a hardware keylogger
targeting typewriters. Termed the "selectric bug", it measured the movements of the print head of
IBM Selectric typewriters via subtle influences on the regional magnetic field caused by the
rotation and movements of the print head.The main aim of the keylogger is to store the key
pressed on keyboard, as keyboard is the primary input device, the general way to make a
keylogger is by using the events of the keys. keylogger are the normal software that uses control
unit as normal application. Some keylogger are hidden and some keylogger show its presence.In
the past few year the use of GPU(graphical processing unit), has increasedto make the processing
faster and decrease the relative work on CPU, Keylogger can be implement from GPU, there are
proof-of-concept of keylogger using GPU has been introduce[2],The Compute Unified Device
Architecture (CUDA) introduced by NVIDIA[3], CUDA contain minimal set of extensions to
the C language and a runtime library that provides functions to control the GPU from the host, as

Volume XII, Issue XII, December-2020 Page No:39

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

well as device-specific functions and data types, CUDA also provides related functions for data
exchange between the host and the device. All input and output transactions are performed via
DMA(Direct Memory Access) over the PCI Express bus. DMA enables the GPU to send data
directly—without any CPU involvement—to and from the host memory, using a dedicated DMA
engine. This opens the door to write binary code to perform various task [2].We need to do two
tasks to make GPU keylogger i) Locate the memory address of buffer keylogger. As the address
of the buffer keylogger changes every time system boot or device unplugged, so to get address of
buffer keyboard ii) We need to scan whole memory. So, CPU based component the run once
at boot time to locate memory address and GPU based component that monitor Via DMA,that
record the keystroke.[2]

Fig 4: Temporary and permanent components of the keyloggers

The present malware analysis and detection system is based on CPU architecture only[2] They
are infective to GPU malware, to overcome this we need to scan GPU as well for threats.

3. Key implementation techniques

(A) Anti hook technique:

Anti-hook is one of the best detection techniques, for both known and unknown keylogger. It is
based on the fact that every process either hidden or displayed use hooks API for hooking. The
aim of this technique is to scan all the process of the operating system that may be either static
executable or dynamic link library and detect process which are using hook.Generally the hook

Volume XII, Issue XII, December-2020 Page No:40

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

use SetWindowHookEx, this API is under the USER32.LIB[8] and this technique scan all
process to find SetWindowHookEx. The disadvantage of this technique is that its give false
result as there may be other system file containing SetWindowHookEx and it show that as
keylogger too.

1. System wide:It is used for filtering messages of all applications

2. Thread specific:It is used for filtering messages of specific thread

Fig5:Anti hook approach

Anti-hook sends all information to an anti keylogger. so, user can witness the activities done by
the anti-hook technique

(B) On-screen keyboard: many of the website are using on screen keyboard to input credential
information like username and password, This solves the problem of keylogger[4] but as mouse
click is also an event and when an hacker target the mouse click event is difficult to secure data,
however that’s another vast topic

(C) Entry random characters: This ideal can be used when you have to use public system where
you can’t scan for the malware,the idea is to involve random keys between successive characters

Volume XII, Issue XII, December-2020 Page No:41

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

of password, and changing it to password using mouse. This will mislead the keylogger, instead
of the password it will receive the random phrases[4].

Fig 6:Keylogger Detection Procedure

(D) Random Multiple Layouts: The idea is to use multi keyboard layout. And that will be
selected random after every keystrick, as the keyboard layout is not constant the keylogger will
be mislead, and the log file will be unreadable, each send keys will be converted back to the
intended language-specific keyboard layout by the converting map of the chosen layout selected
randomly while sending[1].

(E) HoneyID: it is the method of detection dialog spyware processes activity in our computer.it
works using specific user activity. To steal and handle the user activity like key stroke, it needs
to generate event. Hence HoneyID cause dialog spyware to fall into trap by creating specific
bogus events. it consists of trap and bug event. Trap consist of component that look after the
changes of each process and bogus event trap the action of user event that can make the dialog
spyware operation. HoneyID can detect dialog spyware processes by checking the changes of the
processes. The advantage of technique is that it has high accuracy and speed is high[9].

Volume XII, Issue XII, December-2020 Page No:42

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

Figure 7. method of detection dialog spyware processes

(F) Safe access to password protected accounts:

Internet cafe machine can be easily running a keylogger, to overcome this,the user can employ a
simple trick to protect password. The string of keys sent to the browser will often contain domain
names. The approach used here is to insert a sequence of random characters between successive
keys of passwords. The content viewed by the key logger will not affect the normal login

4. Determining the parameters in password generation:

The user attempts to determine the parameters in the password generation in securely canal.in
secure canal there is no keylogger software. The parameters for passwords are username,
Xparameters,start,range.the username should be unique.the data registered in table is called pass
parameters in data base.

Volume XII, Issue XII, December-2020 Page No:43

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

1. Infinite space for key:

The password is in between 0to1.there are infinite numbers between oto1.the key space is also
infinite.so, it is against the terrible attacks.

2.Resistance against the password observance by any stranger.

The password entered by the user is not displayed to avoid that the stranger not to see and misuse
it.If the password is known to the stranger, we can immediately change the password with a
higher sequency number.

5. Precaution

1) Scan local drives for log.txt or other log filenames associated with known keyloger

2) Implement solutions that detect unauthorized file transfers via Ftp or other protocols

3) Protecting system is equally important

4) Use web filtering to block access to known or suspected malicious site.

5)Maintain regular update and monitored anti –malware software

6) Allow only necessary protocols on endpoint devices, and block unauthorized sessions between
endpoints and external sites

6. Advantages

Keystroke logging is one the research method for the study of writing processes, developer and
analysts studying user interaction with system. Keylogger is are used for monitoring and security
use, There are generally two types: server-based monitors,designed to be installed on the
organization’s network and client based monitoring designed to be installed on PC(personal
computer) .organization use keylogger to monitor its employ action, depending on type of
program, they can see how much time does a worker spend playing game,what web site they
visit or even read message which are deleted[5]. Quality assurance tester analyzing sources of
system error. Law enforcement or private investigator searching for evidence of crime or illegal
activities

Volume XII, Issue XII, December-2020 Page No:44

Studia Rosenthaliana (Journal for the Study of Research) ISSN NO: 1781-7838

7. Conclusion

In this paper,we have discussed about the types of the keyloggers.The detection techniques are
discussed to reduce the keyloggers and make the informationof the user safe and secure. I
consider the OTP (one-time password)generating is one of the commontricks that are used in
today’s world to prevent user very important data like password. But we can never be 100%
secure. keyloger is just one problem, there are many threats related to technology. If we
combined keylogger and social engineering skilled this will be more dangerous. To make our
system secure user must be careful. If user is careful and know about these attack, we can reduce
the threat.

Reference

[1]Ali, Tasabeeh OM, Omer SA Awadelseed, and Abeer EW Eldewahi. "Random multiple
layouts: Keylogger prevention technique." In 2016 Conference of Basic Sciences and
Engineering Studies (SGCAC), pp. 1-5. IEEE, 2016.
[2]Ladakis, Evangelos, LazarosKoromilas, GiorgosVasiliadis, Michalis Polychronakis, and
Sotiris Ioannidis. "You can type, but you can’t hide: A stealthy GPU-based keylogger."
In Proceedings of the 6th European Workshop on System Security (EuroSec). 2013.
[3]Whitehead, Nathan, and Alex Fit-Florea. "Precision & performance: Floating point and IEEE
754 compliance for NVIDIA GPUs." Vol. 21, no. 1 (2011): 18749-19424.
[4] Herley, Cormac, and Dinei Florencio. "How to login from an Internet café without worrying
about keyloggers." In Symp. on Usable Privacy and Security. 2006.
[5] Tuli, Preeti, and Priyanka Sahu. "System monitoring and security using
keylogger." International Journal of Computer Science and Mobile Computing 2, no. 3 (2013):
106-111.
[6] Rahim, Robbi, D. Hartama, H. Nurdiyanto, A. S. Ahmar, D. Abdullah, and
DarmawanNapitupulu. "Keylogger application to monitoring users activity with exact string
matching algorithm." In J. Phys. Conf. Ser, vol. 954, no. 1, p. 012008. 2018.
[7] Olzak, Tom. "Keystroke logging (keylogging)." Adventures in Security, April (2008).
8] Solairaj, A., S. C. Prabanand, J. Mathalairaj, C. Prathap, and L. S. Vignesh. "Keyloggers
software detection techniques." In 2016 10th International Conference on Intelligent Systems
and Control (ISCO), pp. 1-6. IEEE, 2016.
[9] Fu, Jun, Yiwen Liang, Chengyu Tan, and Xiaofei Xiong. "Detecting software keyloggers
with dendritic cell algorithm." In 2010 International Conference on Communications and Mobile
Computing, vol. 1, pp. 111-115. IEEE, 2010.

Volume XII, Issue XII, December-2020 Page No:45