SandUSB: 免安裝及可受使用者控制的USB 裝置沙箱

Abstract

本論文研究針對USB裝置兩種新興攻擊－HID攻擊 及Juice Jacking攻擊，提出防禦對策。我們的研究也將驗證這種攻擊手法可利用低成本嵌入式開發板（例 Raspberry Pi）實作以及繞過防毒軟體。雖然有些相關研究有辦法有效防禦HID及Juice Jacking攻擊，但這類研究有兩種主要限制：1）必需在電腦安裝軟體，這做法不僅不方便且使用者可能無權限安裝軟體；2）假設使用公開金鑰來做認證機制，可是目前此認證機制在USB協定還沒有提供。 想解決此兩種限制，本論文設計及實作SandUSB，免安裝及可受使用者控制的USB裝置沙箱。SandUSB作為USB主機及裝置的中介者，其可以有效率的掃描及分析且無需修改任何USB主機或裝置的設定。SandUSB也提供簡潔的使用者介面來監控連結的USB裝置，從而給使用者足夠資訊來偵測裝置是否偽裝成其他類別的裝置。此外SandUSB還內建自動防禦機制，並提升使用者針對所連結的USB裝置的安全意識。我們實驗顯示SandUSB可以很有效率的偵測多種USB攻擊，包含HID及Juice Jacking攻擊。SandUSB可實作在低成本及容易取得的硬體。我們希望本論文可以提升使用者針對USB裝置的潛在資安威脅的意識。

This thesis investigates two emerging attacks—HID attack and Juice Jacking attack—that leverage USB peripherals, and proposes countermeasures to defend against them.These attacks can be easily reproduced using low-cost prototyping boards (e.g., Raspberry Pi) and can bypass commercial antivirus tools, as confirmed by our study. Although several research prototypes can effectively mitigate Juice Jacking and HID attacks, these prototypes suffer from two limitations: 1) they require installation on host computers, which is inconvenient and users may lack the permission to install software; 2) they assume a public key infrastructure for authentication, but such cryptographic operations may not be supported by legacy USB peripherals and hosts. To address these limitations, this thesis presents the design and implementation of SandUSB, an installation-free and user-controllable security gadget for USB peripherals. Since SandUSB acts as an intermediary between the USB host and device, it can perform efficient scanning and analysis without changing USB devices or hosts. In addition, SandUSB provides users with a simple GUI to control and monitor connected USB devices, thereby empowering users to identify malicious peripherals that masquerade as another type. This is complementary to the automatic defensive measures programmed inside SandUSB, and can improve user awareness of the connected USB peripherals. Our evaluation demonstrates that SandUSB can effectively defend against various USB attacks, including HID and Juice Jacking attacks. SandUSB is implemented using affordable and easy-to-access hardware. We hope this study can raise user awareness of possible threats that leverage USBs.