Browse Prior Art Database

USB Trust Extensions for secured USB devices

IP.com Disclosure Number: IPCOM000245301D
Publication Date: 2016-Feb-26
Document File: 7 page(s) / 185K

Publishing Venue

The IP.com Prior Art Database

Abstract

USB (Universal serial Bus) is widely used protocol for computer accessory devices, external storage, etc. USB provides an easy to use, plug-n-play way to connect external devices to a computer system. In order to make devices compatible with most of computer system, the USB protocol has provisions by which the device presents its functionality and capability to the host system and host assigns the desired resources to device and make it functional. It is important to note that the host does not perform any authorization or security checks before letting the USB device operate on the computer system. The absence of any authorization in USB device enumeration and discovery poses a serious security threat to any secured computing environment. The security threat from USB devices is very real, USB based attacks have been demonstrated at prominent conferences. What makes malicious USB devices more threating is that they cannot be detected by existing firewalls or security software and they open up a security backdoor in a secured computing environment. A solution to USB security issues is presented in this paper. The solution adds an authentication mechanism to the USB protocol as vendor extensions, and proposes a way to sign the authorized USB devices. This provides a foolproof way for mitigating USB security threats.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 24% of the total text.

Page 01 of 7

USB Trust Extensions for secured USB devices

devices

Abstract

Abstract

USB (Universal serial Bus) is widely used protocol for computer accessory devices, external storage, etc. USB provides an easy to use, plug-n-play way to connect external devices to a computer system. In order to make devices compatible with most of computer system, the USB protocol has provisions by which the device presents its functionality and capability to the host system and host assigns the desired resources to device and make it functional. It is important to note that the host does not perform any authorization or security checks before letting the USB device operate on the computer system.

The absence of any authorization in USB device enumeration and discovery poses a serious security threat to any secured computing environment. The security threat from USB devices is very real, USB based attacks have been demonstrated at prominent conferences. What makes malicious USB devices more threating is that they cannot be detected by existing firewalls or security software and they open up a security backdoor in a secured computing environment.

A solution to USB security issues is presented in this paper. The solution adds an authentication mechanism to the USB protocol as vendor extensions, and proposes a way to sign the authorized USB devices. This provides a foolproof way for mitigating USB security threats.

Problem Description

When a USB device is connected to a host system, USB enumeration sequence takes place between the host and device according steps specified by USB protocol. During Enumeration, the device sends the descriptor, which describes the device class and functionality of the device. The host looks into the descriptor and identifies the device for example keyboard, mouse, storage device, etc. The host also associates the driver and allocates the required operating system resources to the device. It is also possible for a device to export multiple functions to the host, for example, a device can expose functionality of a microphone and speaker to the host. Such devices are called multi-function devices, and the host assigns the device resources required by each of the function.

There is no inherent security authentication mechanism in USB protocol so a device can masquerade the descriptors to expose functions, which are in addition to the device's primary function. For example, a USB pen drive can expose a mass storage device and a keyboard to the host. The host believes the device and assumes that a pen drive and keyboard are connected to the host. Now the device can send any commands via keyboard, and host will honor them as if they were keyed by a logged-in user in the system. There are other examples like a device can expose a network interface device in addition to its primary function, this device can now send gratuitous DNS updates to the host so that all the traffic is redirected through the device.


Page 02 of 7

Thus, USB devices po...