论文信息 - Attestation & Authentication for USB Communications

Attestation & Authentication for USB Communications

In this paper, we present the design, implementation, and software testing of USBSec, a secure extension of the vanilla USB protocol that incorporates host authentication to defend against software threats. Specifically, we force the USB host to supply authentication information to the peripheral device before enumerating the device. The peripheral validates the authentication information against its own list of authorized host keys. If both sides can validate each other, standard USB enumeration continues otherwise the connection is terminated. We have implemented a fully working prototype of USBSec based on USB implementation in Linux kernel and our experimental results demonstrate its practicality and effectiveness.

Angelos Stavrou | Zhaohui Wang

[1] Roy H. Campbell,et al. Cloaker: Hardware Supported Rootkit Concealment , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[2] Kang G. Shin,et al. Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[3] Hao Chen,et al. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery , 2006, 2006 Securecomm and Workshops.

[4] Byung-Gon Chun,et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[5] Angelos Stavrou,et al. Exploiting smart-phone USB connectivity for fun and profit , 2010, ACSAC '10.

[6] Thomas F. La Porta,et al. Exploiting open functionality in SMS-capable cellular networks , 2005, CCS '05.

[7] Thomas F. La Porta,et al. Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks , 2006, IEEE/ACM Transactions on Networking.

[8] Patrick D. McDaniel,et al. Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.