Overview
Explore a comprehensive analysis of USB security vulnerabilities and defenses in this 18-minute conference talk presented at the 2018 IEEE Symposium on Security & Privacy. Delve into the evolution of USB-based attacks, examining their increasing complexity and diverse attack vectors. Gain insights into the fragmented defensive measures developed by the security community in response to these threats. Discover a systematic categorization of USB attacks and defenses, identifying offensive and defensive primitives across various communication layers within the USB ecosystem. Learn about the trust-by-default nature of USB and how attacks often transcend different software stack layers. Examine the first formal verification of the USB Type-C Authentication specification, uncovering fundamental flaws in its design. Conclude with an exploration of future research directions aimed at enhancing USB security and ensuring safer computing experiences.
Syllabus
Intro
Universal Serial Bus
Universal Security Breach
Attacks: Human Layer
Attacks: Application Layer
Attacks: Transport Layer
Attacks: Physical Layer
Attacks: Summary
Defenses: Human Layer
Defenses: Application Layer
Defenses: Transport Layer
Defenses: Physical Layer
Defenses: Summary
Systematization
USB Device Changes
USB Type-C Authentication Protocol
Formal Verification
Conclusion
Taught by
IEEE Symposium on Security and Privacy