I supervised a group of bachelor students this year who developed a key logger as their bachelor thesis.
„BeLT“ stands for „Behaviour Logging Tool“ and comprises key logging, mouse logging, and application usage logging, together with local storage, secure network transmission and safe storage for further processing. This project is a cooperation between behavioral biometrics and security engineering.
Here is how the students themselves describe their project:
BeLT is an application that captures mouse, keyboard and GUI (Graphical User Interface) interaction on a computer, it also provides information about the system state and hardware peripherals. The purpose of BeLT is to simplify data acquisition – after capturing data on a client BeLT sends it securely to a central server for storage. The data is planned to be analysed to develop a new way of finding distinct signatures in a user’s interaction with a computer. This development is currently a part of NISlabs research in biometrics.
Our contribution is the development of BeLT and a client-server architecture that makes it possible to gather and analyse data sets in a larger scale. We have programmed a transmission component for BeLT that communicates with a server based on RFC5424 (Syslog protocol) and TLS (Transport Layer Security). The client-server architecture is scalable and we have optimized the server to handle and efficiently store the data received from BeLT. In order to meet current and future needs we have made it possible to store the data in CSV, XML and relational databases. For security purposes we have implemented certificates to ensure that both the application and the server communication is secure, by codesigning BeLT and by verifying the server identity before sending data from BeLT.
BeLT is different from previous research projects because it captures interaction and correlates it with previous actions – this makes it possible to look at the data in a cause-effect perspective. Many of the changes on a computer is visible on the display, we have managed to capture this by using Microsofts UIA (User Interface Automation). By putting BeLT’s captures in relation to one another, we open up for new research possibilites – analysing keystroke and mouse dynamics correlated with GUI interaction can possibly uncover currently unknown user patterns.
What they do not mention is that their XML export conforms to CEE (Common Event Expression) and that their client software fulfills all requirements for certification as Windows 8 compatible. That means, they did not just deliver a prototype all too common to academic environments, they adhered to industry standards and delivered industry-grade quality.
The thesis was presented and accepted this week. Well done, Robin Stenvi, Magnus Øverbø, and Lasse Johansen!
P.S. Interested in the study programme these three students completed? Check out our bachelor in information Security at HiG: http://english.hig.no/study_programmes/it/bachelor/bis
