Leveraging USB to Establish Host Identity Using Commodity Devices

Bates, Adam; Leonard, Ryan; Pruse, Hannah; Lowd, Daniel; Butler, Kevin

doi:10.14722/ndss.2014.23238

Cited by 25 publications

(29 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The adversary develops and distributes a malicious application usually as a Trojan (step 1). They trick the victim into installing the application (step 2) through techniques such as social engineering (e.g., a malicious application disguised as a game or a note taking application or through USB connection to bogus devices [2]). Previous works have found examples of such applications with backdoors in the Android marketplace [30], [32].…”

Section: Attack Vectormentioning

confidence: 99%

Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning

Narain

Sanatinia

Noubir

2014

Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless &Amp; Mobile Networks

View full text Add to dashboard Cite

Mobile phones are equipped with an increasingly large number of precise and sophisticated sensors. This raises the risk of direct and indirect privacy breaches. In this paper, we investigate the feasibility of keystroke inference when user taps on a soft keyboard are captured by the stereoscopic microphones on an Android smartphone. We developed algorithms for sensor-signals processing and domain specific machine learning to infer key taps using a combination of stereo-microphones and gyroscopes. We implemented and evaluated the performance of our system on two popular mobile phones and a tablet: Samsung S2, Samsung Tab 8 and HTC One. Based on our experiments, and to the best of our knowledge, our system (1) is the first to exceed 90% accuracy requiring a single attempt, (2) operates on the standard Android QWERTY and number keyboards, and (3) is language agnostic. We show that stereo-microphones are a much more effective side channel as compared to the gyroscope, however, their data can be combined to boost the accuracy of prediction. While previous studies focused on larger key sizes and repetitive attempts, we show that by focusing on the specifics of the keyboard and creating machine learning models and algorithms based on keyboard areas combined with adequate filtering, we can achieve an accuracy of 90% -94% for much smaller key sizes in a single attempt. We also demonstrate how such attacks can be instrumentalized by a malicious application to log the keystrokes of other sensitive applications. Finally, we describe some techniques to mitigate these attacks.

show abstract

Section: Attack Vectormentioning

confidence: 99%

Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning

Narain

Sanatinia

Noubir

2014

Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless &Amp; Mobile Networks

View full text Add to dashboard Cite

show abstract

“…Finally, the method using distributions of IATs requires a large number (at least 2500) of training samples to achieve accurate results, but with some devices on ICS networks being polled at an interval as large as a few seconds, this would result in unacceptably slow operation. Another technique was developed that used timing measurements of USB enumerations to fingerprint host devices [4], but this is also impractical in the ICS environment where most devices do not have USB interfaces and where it is desirable to passively fingerprint all devices on the network at once rather than driving out to remote locations to fingerprint each individual device.…”

Section: Related Workmentioning

confidence: 99%

Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems

Formby¹,

Srinivasan²,

Leonard³

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

121

View full text Add to dashboard Cite

Industrial control system (ICS) networks used in critical infrastructures such as the power grid present a unique set of security challenges. The distributed networks are difficult to physically secure, legacy equipment can make cryptography and regular patches virtually impossible, and compromises can result in catastrophic physical damage. To address these concerns, this research proposes two device type fingerprinting methods designed to augment existing intrusion detection methods in the ICS environment. The first method measures data response processing times and takes advantage of the static and lowlatency nature of dedicated ICS networks to develop accurate fingerprints, while the second method uses the physical operation times to develop a unique signature for each device type. Additionally, the physical fingerprinting method is extended to develop a completely new class of fingerprint generation that requires neither prior access to the network nor an example target device. Fingerprint classification accuracy is evaluated using a combination of a real world five month dataset from a live power substation and controlled lab experiments. Finally, simple forgery attempts are launched against the methods to investigate their strength under attack. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

“…Often firmware fingerprinting is not sufficient and thus it required to fingerprint the device itself. Many approaches exist for fingerprinting and identification of computing device and sensors [6,14,19]. However, the fingerprinting features used by these techniques are strongly linked to the real hardware or the way the live devices operate.…”

Section: Device Fingerprinting and Identificationmentioning

confidence: 99%

“…Within this context we formulate the following problems: (i) how to automatically label the brand and the model of the device for which the firmware is intended and (ii) how to automatically identify the vendor, the model, and the firmware version of an arbitrary web-enabled online device. File classification and (web) fingerprinting might seem trivial problems, however, such problems are not trivial and were addressed in different contexts, for file classification [5,26,27,32], device fingerprinting [6,14,19], and web fingerprinting [1,2,29,33]. Moreover, these problems need to be addressed in a reliable and scalable manner which is independent of device, vendor, or custom protocols running on the device.…”

Section: Introductionmentioning

confidence: 99%

Towards Automated Classification of Firmware Images and Identification of Embedded Devices

Costin

Zarras

Francillon

2017

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Embedded systems, as opposed to traditional computers, bring an incredible diversity. The number of devices manufactured is constantly increasing and each has a dedicated software, commonly known as firmware. Full firmware images are often delivered as multiple releases, correcting bugs and vulnerabilities, or adding new features. Unfortunately, there is no centralized or standardized firmware distribution mechanism. It is therefore difficult to track which vendor or device a firmware package belongs to, or to identify which firmware version is used in deployed embedded devices. At the same time, discovering devices that run vulnerable firmware packages on public and private networks is crucial to the security of those networks. In this paper, we address these problems with two different, yet complementary approaches: firmware classification and embedded web interface fingerprinting. We use supervised Machine Learning on a database subset of real world firmware files. For this, we first tell apart firmware images from other kind of files and then we classify firmware images per vendor or device type. Next, we fingerprint embedded web interfaces of both physical and emulated devices. This allows recognition of web-enabled devices connected to the network. In some cases, this complementary approach allows to logically link web-enabled online devices with the corresponding firmware package that is running on the devices. Finally, we test the firmware classification approach on 215 images with an accuracy of 93.5%, and the device fingerprinting approach on 31 web interfaces with 89.4% accuracy.

show abstract

Leveraging USB to Establish Host Identity Using Commodity Devices

Cited by 25 publications

References 47 publications

Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning

Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning

Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems

Towards Automated Classification of Firmware Images and Identification of Embedded Devices

Contact Info

Product

Resources

About