SandUSB: 免安裝及可受使用者控制的USB 裝置沙箱

Edwin Lupito Loe; 盧勝榮

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/49125

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君(Hsu-Chun Hsiao)
dc.contributor.author	Edwin Lupito Loe	en
dc.contributor.author	盧勝榮	zh_TW
dc.date.accessioned	2021-06-15T11:16:42Z	-
dc.date.available	2016-08-25
dc.date.copyright	2016-08-25
dc.date.issued	2016
dc.date.submitted	2016-08-19
dc.identifier.citation	[1] Sigrok protocol decoder. https://sigrok.org/wiki/Protocol_decoder_API, Last accessed 16 July 2016. [2] Two decades of“plug and play”:how usb became the most successful interface in the history of computing. http://www.intel.com/content/www/us/en/standards/usb-two-decades-of-plug-and-play-article.html, Last accessed 16 July 2016. [3] K. Abhishek. Beaglebone black beaglelogic. https://github.com/abhishek-kakkar/BeagleLogic, Last accessed 16 July 2016. [4] M. Al-Zarouni. The reality of risks from consented use of usb devices.2006. [5] S. Angel, R. S. Wahby, M. Howald, J. B. Leners, M. Spilo, Z. Sun, A. J. Blumberg, and M. Walfish. Defending against malicious peripherals with cinch. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, 2016. [6] J. Axelson. USB complete: the developer’s guide. Lakeview research LLC, 2015. [7] F. A. Barbhuiya, T. Saikia, and S. Nandi. An anomaly based approach for hid attack detection using keystroke dynamics. In Cyberspace Safety and Security, pages 139–152. Springer, 2012. [8] A. Crenshaw. Programmable hid usb keystroke dongle: Using the teensy as a pen testing device. Retrieved, 8(17):2010, 2010. [9] A. Gostev. Kaspersky security bulletin. Statistics, pages 68–73, 2008. [10] Hak5. Usb rubber ducky. http://hakshop.myshopify.com/products/ usb-rubber-ducky-deluxe?variant=353378649, Last accessed 16 July 2016. [11] J. R. Jacobs. Measuring the effectiveness of the usb flash drive as a vector for social engineering attacks on commercial and residential computer systems. PhD thesis, Embry-Riddle Aeronautical University, 2011. [12] M. Kang. USBWall: A Novel Security Mechanism to Protect Against Maliciously Reprogrammed USB Devices. PhD thesis, University of Kansas, 2015. [13] kernc. logkeys - a gnu/linux keylogger. https://github.com/kernc/logkeys, Last accessed 16 July 2016. [14] D. Kitchen. Usb rubber ducky payloads, 2012. https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads , Last accessed 16 July 2016. [15] A. Komarov. Wired mobile charging – is it safe?, 2016. https://securelist.com/blog/mobile/74804/wired-mobile-charging-is-it-safe/, Last accessed 16 July 2016. [16] D. Kopeček. Usb guard: Usb device authorization policies, 2016. https://dkopecek.github.io/usbguard/, Last accessed 16 July 2016. [17] K. Nohl and J. Lell. Badusb-on accessories that turn evil. Black Hat USA, 2014. [18] W. of Sheep. Juice jacking attack: Usb as a charge port. http://www.wallofsheep.com/pages/juice, Last accessed 16 July 2016. [19] A. Pereira, M. Correia, and P. Brandão. Usb connection vulnerabilities on android smartphones: default and vendors’customizations. In IFIP International Conference on Communications and Multimedia Security, pages 19–32. Springer, 2014. [20] A. F. Roberto Paleari. Samsung galaxy phone lock screen bypass, 2016.https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004,Last accessed 16 July 2016. [21] O. Security. Kali linux nethunter. https://www.kali.org/kali-linux-nethunter/, Last accessed 16 July 2016. [22] O. Security. Nethunter hid attack. https://github.com/offensive-security/kali-nethunter/wiki/NetHunter-HID-Attacks, Last accessed 16 July 2016. [23] S. M. Security. Sve-2015-5301: Disable at command via usb with secured lockscreen, 2016. http://security.samsungmobile.com/smrupdate.html#SMR-JUN-2016, Last accessed 16 July 2016. [24] S. Software. Xbench: Benchmarking tools on mac, 2008. http://www.xbench.com/, Last accessed 16 July 2016. [25] K. Solutions. Kanguru flash, 2016. [26] D. J. Tian, A. Bates, and K. Butler. Defending against malicious usb firmware with goodusb. In Proceedings of the 31st Annual Computer Security Applications Conference, pages 261–270. ACM, 2015. [27] D. J. Tian, N. Scaife, A. Bates, K. Butler, and P. Traynor. Making usb great again with usbfilter. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, 2016. [28] M. Tischer, Z. Durumeric, S. Foster, S. Duan, A. Mori, E. Bursztein, and M. Bailey. Users really do plug in usb drives they find. [29] Z. Wang, R. Johnson, and A. Stavrou. Attestation & authentication for usb communications. In Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conference on, pages 43–44. IEEE, 2012. [30] P. Zaitcev. The usbmon: Usb monitoring framework. In Linux Symposium, page 291, 2005.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/49125	-
dc.description.abstract	本論文研究針對USB裝置兩種新興攻擊－HID攻擊及Juice Jacking攻擊，提出防禦對策。我們的研究也將驗證這種攻擊手法可利用低成本嵌入式開發板（例 Raspberry Pi）實作以及繞過防毒軟體。雖然有些相關研究有辦法有效防禦HID及Juice Jacking攻擊，但這類研究有兩種主要限制：1）必需在電腦安裝軟體，這做法不僅不方便且使用者可能無權限安裝軟體；2）假設使用公開金鑰來做認證機制，可是目前此認證機制在USB協定還沒有提供。想解決此兩種限制，本論文設計及實作SandUSB，免安裝及可受使用者控制的USB裝置沙箱。SandUSB作為USB主機及裝置的中介者，其可以有效率的掃描及分析且無需修改任何USB主機或裝置的設定。SandUSB也提供簡潔的使用者介面來監控連結的USB裝置，從而給使用者足夠資訊來偵測裝置是否偽裝成其他類別的裝置。此外SandUSB還內建自動防禦機制，並提升使用者針對所連結的USB裝置的安全意識。我們實驗顯示SandUSB可以很有效率的偵測多種USB攻擊，包含HID及Juice Jacking攻擊。SandUSB可實作在低成本及容易取得的硬體。我們希望本論文可以提升使用者針對USB裝置的潛在資安威脅的意識。	zh_TW
dc.description.abstract	This thesis investigates two emerging attacks—HID attack and Juice Jacking attack—that leverage USB peripherals, and proposes countermeasures to defend against them.These attacks can be easily reproduced using low-cost prototyping boards (e.g., Raspberry Pi) and can bypass commercial antivirus tools, as confirmed by our study. Although several research prototypes can effectively mitigate Juice Jacking and HID attacks, these prototypes suffer from two limitations: 1) they require installation on host computers, which is inconvenient and users may lack the permission to install software; 2) they assume a public key infrastructure for authentication, but such cryptographic operations may not be supported by legacy USB peripherals and hosts. To address these limitations, this thesis presents the design and implementation of SandUSB, an installation-free and user-controllable security gadget for USB peripherals. Since SandUSB acts as an intermediary between the USB host and device, it can perform efficient scanning and analysis without changing USB devices or hosts. In addition, SandUSB provides users with a simple GUI to control and monitor connected USB devices, thereby empowering users to identify malicious peripherals that masquerade as another type. This is complementary to the automatic defensive measures programmed inside SandUSB, and can improve user awareness of the connected USB peripherals. Our evaluation demonstrates that SandUSB can effectively defend against various USB attacks, including HID and Juice Jacking attacks. SandUSB is implemented using affordable and easy-to-access hardware. We hope this study can raise user awareness of possible threats that leverage USBs.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T11:16:42Z (GMT). No. of bitstreams: 1 ntu-105-R03944043-1.pdf: 2567337 bytes, checksum: 0333658d52ca52612e5861c9e119fb97 (MD5) Previous issue date: 2016	en
dc.description.tableofcontents	Contents 口試委員會審定書 (iii) 誌謝 (v) Acknowledgements (vii) 摘要 (ix) Abstract (xi) 1 Introduction (1) 2 Background (5) 2.1 USB Communication Protocol (5) 2.1.1 USB Host and Device (5) 2.1.2 USB Enumeration (6) 2.1.3 USB Transfer Types (6) 2.1.4 USB Device Classes (7) 2.1.5 USB Packets (7) 3 Attack Model (11) 3.1 Malicious USB Devices attacking USB Hosts (11) 3.1.1 USB Rubber Ducky (12) 3.1.2 BadUSB (13) 3.1.3 Kali Linux Nethunter (13) 3.2 Malicious USB Host Attacking USB Device (13) 3.2.1 USB Juice Jacking Attack (14) 4 Solution (15) 4.1 Device Enumeration (16) 4.2 Scanning and Analysis (17) 4.3 Passive USB Packet Analysis (18) 5 Implementation (19) 5.1 Attack Implementation (19) 5.1.1 Using Arduino Yun to implement HID Attacks (19) 5.1.2 Juice Jacking Implementation (21) 5.2 Defense Implementation (22) 5.2.1 SandUSB Hardware (22) 5.2.2 SandUSB Software (22) 5.2.3 SandUSB Passive Listening (23) 6 Evaluation (25) 6.1 Security (25) 6.1.1 Live test attack using USB Rubber Ducky (25) 6.1.2 Live test attack using Nethunter device (26) 6.1.3 Live test attack using Arduino Yun with HID attack capabilities (27) 6.1.4 Defense against Juice Jacking attacks (27) 6.1.5 Chance to Detect Zero Day Attack (28) 6.1.6 SandUSB Defense Properties (29) 6.2 Deployability (29) 6.2.1 USB Speed Performance (29) 6.2.2 SandUSB Scalability (30) 6.2.3 Cost of SandUSB (31) 7 Related Work (33) 7.1 Security Awareness: Social Experiments on USB (33) 7.2 Attacks (34) 7.3 Defenses (34) 8 Conclusion (37) 9 Future Work (39) 9.1 Software-Based Relay Module (39) 9.2 USB Packet Analysis (39) 9.3 USB Policy (40) 9.4 Secure USB Hub (40) 9.5 Security Box (40) Bibliography (41)
dc.language.iso	en
dc.subject	沙箱	zh_TW
dc.subject	USB安全	zh_TW
dc.subject	HID攻擊	zh_TW
dc.subject	嵌入式	zh_TW
dc.subject	Embedded Device	en
dc.subject	Sandbox	en
dc.subject	HID Attack	en
dc.subject	USB Security	en
dc.title	SandUSB: 免安裝及可受使用者控制的USB 裝置沙箱	zh_TW
dc.title	SandUSB: An Installation-Free and User-Controllable Sandbox For USB Peripherals	en
dc.type	Thesis
dc.date.schoolyear	104-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	鄭欣明(Shin-Ming Cheng),黃俊穎(Chun-Ying Huang),黃世昆(Shih-Kun Huang)
dc.subject.keyword	USB安全,HID攻擊,嵌入式,沙箱,	zh_TW
dc.subject.keyword	USB Security,HID Attack,Embedded Device,Sandbox,	en
dc.relation.page	43
dc.identifier.doi	10.6342/NTU201603138
dc.rights.note	有償授權
dc.date.accepted	2016-08-21
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊網路與多媒體研究所	zh_TW
顯示於系所單位：	資訊網路與多媒體研究所

文件中的檔案：

檔案	大小	格式
ntu-105-1.pdf 未授權公開取用	2.51 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。