PMC Ciphers - The Inventors of Polymorphic Encryption

View full paper as PDF here (0.3Mb)

Click here for more multimedia footage

TurboCrypt is the only OTFE (On-The-Fly-Encryption) software on the market featuring the Trojan-Horse-proof Virtual Keyboard. Our invention is a real competitive advantage over the entire competition. What is encryption good for if a simple attack can be mounted on a (poor) implementation?

View full paper as PDF here (0.3Mb)

Introduction

Professional hackers and assigned organisations like intelligence agencies are recently developing a number of trojan-horses that can potentially target anybody.

Very evident is the way how data is collected and what kind of data is of interest:

Passwords – collected via Internet

Why passwords? They are short but powerful as they give access to:
- e-mail accounts
- bank accounts
- ordering systems and internet communities
- encrypted data (encryption is generally used by people who have something to hide: like music, love letters, pictures of naked women or other personal and thus “highly suspicious” data)

Passwords further seem to be easily accessible.

How is password data collected?
By intercepting information sent from your keyboard to your computer. Keystrokes can either be recorded by a hidden piece of hardware in the keyboard or they are simply logged by malicious software – so called “Trojan Horses”. While normal criminals sometimes use the first approach do professional hackers and assigned organisations generally prefer the latter approach.

What is a Trojan Horse?

The term is defined as a program that looks like having a useful and desired function. The software performs undesired functions – at least sometimes. The seemingly useful functions are nothing but camouflage for the functions that are undesired for the user. A Trojan Horse always does malicious things that are unknown to the user.
Real-world Trojan Horses usually contain spying functions or backdoors that allow to control the computer from a remote location.

Today the term is mixed with computer viruses, simply because there exist computer viruses that report gathered information “home” to a server which belongs to the hacker who has created the Trojan Horse. In the classic sense although were Trojan Horses not designed to spread themselves. Trojan Horses can be polymorphic (encrypted with different passwords with an identical crypto engine) and they can even run in the system context of the operating system!
The latter is actually the biggest threat. A Trojan Horse that has not been designed to spread itself can look like any useful piece of software – applications, self-registering DLLs and software drivers. Kernel-mode software drivers are generally created in the system context of the operating system. Such software has access to all kinds of user data.

The Trojan-Horse-Proof Virtual Keyboard

The photo below shows our invention of a virtual keyboard that allows for totally secure password entry. Conventional OTFE (On-The-Fly-Encryption) software - or encryption software in general - only allow for password entry by keyboard (or by smart cards and other authentication methods that are not suitable for guaranteeing perfect secrecy).

Well, it’s flickering and somewhat exhausting to use, but this thing is one of the most decisive inventions in computer security – at least when it comes down to trying to keep a little bit of privacy.

Features:

- No Trojan Horse can spy on passwords that are entered in this Trojan-Horse-Proof Virtual Keyboard.
- Runs theoretically on any multitasking operating system.
- Is built into the disk encryption software “TurboCrypt” from Global IP Telecommunications / PMC Ciphers.
- Can be tested for free by downloading TurboCrypt here.
- Video cameras are the only potential risk. Please make sure that no camera can make screenshots while you’re entering your passwords.
- Costs no money at all as no special hardware is required.
- Is the only available solution to prevent trojan horses from gathering passwords!
- Is a little tedious to use. Users who prefer to have no secrets at all are asked to forward all their data to the next best hacker in the neighbourhood.

How does the Trojan-Horse-proof Virtual Keyboard work?

Trojan-Horse-proof Virtaul Keyboard - key characters half visible

In any case does our invention provide perfect secrecy for your passwords as the trojan-horse-proof virtual keyboard does not allow any malicious piece of software to gather any useful information.

The photo actually reveals the mode of operation of the virtual keyboard. Key characters are painted, deleted, painted again and deleted again. This sequence repeats itself several times per second. In order to keep highly intelligent trojan horses from taking a snapshot of the screen while all characters are visible, a characteristic that is inherent to the task scheduler, which is implemented in the core of the operating system, is exploited:
Processes running at realtime priority level will probably never be descheduled by processes featuring a lower priority level. Even processes with the same (very high) priority level won’t interrupt our virtual keyboard process as long as the virtual keyboard does not consume too much CPU time. It wouldn’t make must sense for the scheduler to interrupt a media player application by a process that e.g. indexes e-mails in the background. The operating system wouldn’t be popular if audio or video playback was choppy.

This is the sequence of operations executed by the trojan-horse-proof virtual keyboard:

It should be noted that modern microprocessors feature at least two independent CPU cores. TurboCrypt uses up all available CPU time on all but one CPU core to compute pseudorandom numbers in order not to give any malicious piece of software any access to CPU time.

This fascinatingly simple but highly efficient method keeps hackers away from your password data. The tool has been thoroughly tested by us for many months. You can test the efficiency easily by yourself with the help of a frame grabber tool or our Screen DC grabber, a test tool that takes screenshots at realtime priority level and that displays these screenshots instantly. If this tool rarely displays key characters of the virtual keyboard, you can be sure that your timing settings are good and that no Trojan Horse can gather any screen information successfully. It is further suggested to test the efficiency of the algorithm with screen grabber tools like Camtasia or CapturePad.

Even if a number of Trojan Horses (i.e. malicious computer software or possibly a computer virus which report all keystrokes and/or screen content back to the server of a criminal or an assigned organisation) have infected the user’s computer, users can still be sure that their password remains completely secret.

Unchallenged since 10 years

	No attack has ever reported. Why does renowned expert curse our invention? Read more...

Earn money! Break it!

	Try to do it better than Bruce Schneier. Break Polymorphic Encryption. Read more...

Become a member. Use TurboCrypt

	Encrypt your music, videos and files. Nobody but YOU has access. Read more...

Secure telephony

	The ONLY truly secure telephone in the world - NINJA from Global IP Telecommunications. Read more...