As broadband Internet access has become ubiquitously available, the thin client technology is now widely adopted. Unfortunately, the old saying "the same knife cuts bread and fingers" applies to the thin client technology perfectly. While it makes people's life easier, malicious attackers are ever happier. Once an attacker compromises a victim's computer and installs a remote controllable backdoor on it, the attacker can do virtually anything the victim can do on his own computer. As far as we know, there are no general solutions for detecting whether a system is remotely controlled or not. In this paper, we propose Physical Presence Verification (PPV), a test to ensure a system is controlled by a local user. If an application is considered critical, it can invoke a PPV test to ensure the user is locally present and prevent an attacker from performing mission-critical actions and accessing private information remotely. Our user studies indicate that PPV tests are effective, reliable, and adoptable in real life. We also discuss potential attacks to PPV tests and our countermeasures.
- Anomaly detection
- Network security