Computer peripherals, such as keyboards, scanners, printers, cameras, and Personal Data Assistants (PDAs) typically communicate with a host PC via an unencrypted protocol, leaving them vulnerable to eavesdropping techniques, such as keyloggers. An encryption system was developed that is simple enough to be used in peripherals that do not have large amounts of processing power and memory. A software driver loaded in the operating system of the host computer communicates with a simple 8-bit microcontroller in the peripheral device. The driver handles key generation, key exchange, and provides decrypted data to the operating system. A key exchange protocol allows the driver and microcontroller to securely exchange randomly generated keys. The system can function without user intervention, but will alert a user if a non-encrypting or non-authorized peripheral device is detected. The system is designed to be implemented over a variety of interfaces including PS/2, RS-232, TCP/IP over Ethernet, 802.11, and Bluetooth. A demonstration system was built, which encrypts data on the PS/2 bus between a keyboard and the host computer. Several ciphers were considered for use in encryption. The RC4 cipher was selected for encrypting and decrypting the data in a demonstration system because of it's speed and efficiency when working with 8-bit data. The driver and the microcontroller share a hard-coded key, which is used to encrypt a randomly generated session key, in order to provide a secure exchange of the session key. The demonstration system performs well, without introducing enough latency to be noticed by the user, and the microcontroller is idle over 95% of the time, even when a fast typist is using the keyboard.
College and Department
Ira A. Fulton College of Engineering and Technology; Technology
BYU ScholarsArchive Citation
Norman, Kelly Robert, "Encryption of Computer Peripheral Devices" (2006). All Theses and Dissertations. 389.
Encryption, computer peripheral, microcontroller, RC4
Information Technology (IT)