SandUSB: An Installation-Free and User-Controllable Sandbox For USB Peripherals

• Main Authors: Edwin Lupito Loe, 盧勝榮
• Other Authors: Hsu-Chun Hsiao
• Format: Others
• Language: en_US
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/5w4k8a

碩士 === 國立臺灣大學 === 資訊網路與多媒體研究所 === 104 === This thesis investigates two emerging attacks—HID attack and Juice Jacking attack—that leverage USB peripherals, and proposes countermeasures to defend against them.These attacks can be easily reproduced using low-cost prototyping boards (e.g., Raspberry Pi) and can bypass commercial antivirus tools, as confirmed by our study. Although several research prototypes can effectively mitigate Juice Jacking and HID attacks, these prototypes suffer from two limitations: 1) they require installation on host computers, which is inconvenient and users may lack the permission to install software; 2) they assume a public key infrastructure for authentication, but such cryptographic operations may not be supported by legacy USB peripherals and hosts. To address these limitations, this thesis presents the design and implementation of SandUSB, an installation-free and user-controllable security gadget for USB peripherals. Since SandUSB acts as an intermediary between the USB host and device, it can perform efficient scanning and analysis without changing USB devices or hosts. In addition, SandUSB provides users with a simple GUI to control and monitor connected USB devices, thereby empowering users to identify malicious peripherals that masquerade as another type. This is complementary to the automatic defensive measures programmed inside SandUSB, and can improve user awareness of the connected USB peripherals. Our evaluation demonstrates that SandUSB can effectively defend against various USB attacks, including HID and Juice Jacking attacks. SandUSB is implemented using affordable and easy-to-access hardware. We hope this study can raise user awareness of possible threats that leverage USBs.