SigUSB: Fingerprinting USB Devices using Distinctive Characteristics of Electrical Signals === Keywords: fingerprint, authenticate, identify, usb, devices, voltage, signals ## Introduction * USB protocol and devices * Insecurity of USB protocol * Challenges of USB device identification * Our approach * Robustness (two graphs in a figure showing variations across devices of different models and consistency of the same devices across different runs) * System design and result highlights * Contributions * The rest of this paper is... ## Background and Motivation * Signals -> packets (figure) * Initialization sequence * Motivation ## Threat Model * Attacker is able to: * Fabricate a USB device that impersonates a benign device * E.g., BadUSB, FaceDancer, BashBunny * USBee [X] * Attacker is not able to: * Steal an authenticated device and change the firmware * We trust known devices * Our focus: authenticating a USB devices when plugged-in (but not monitoring their behaviors after that) * Compromise our authentication mechanism * There exist solutions [DeviceVeil, FPGA] * Host machine has only one USB port available for SigUSB ## Design * Overview [Figure] * Logic analysis -> Noise filtering -> Sequence aligning -> Feature extraction -> ML classification -> Device authentication * Logic analysis & noise filtering * Sequence aligning * Feature extraction * What features are most effective? * ML classification * Device authentication ## Implementation ## Evaluation * Questions * Q1: How accurate is this device fingerprinting? * \# of devices in training and accuracy * With a small # of devices in training, can SigUSB detect many unknown devices? * \# of samples in training and accuracy * How does # of samples in training and testing affect the accuracy? * What classifiers give better accuracy? * Q2: Is this robust against an impersonating device (1) of the same model, (2) across models, (3) consistent across plug-in times? * Q3: Is SigUSB effective against real impersonating devices? * Q4: What is the performance impact of SigUSB? * Setup * Machine spec., experimented with XXX devices (models, types, etc.) * Focus on keyboards and mice because... * Biggest targets for impersonating devices [CITE] * The mechanism is general and can be applied to other types of USB devices * Accuracy of USB device fingerprinting * Robustness of using electrical signals * Experiments with real-world attacks * Performance impact ## Related Work * USB attacks & device authentication * Attacks * BadUSB ... * Authentication * DeviceVeil (closest) * Dave Tian's work: USBFilter, etc. * Figerprinting devices based on electical signals * Automotive ECU fingerprinting * XXX ## Discussion and Future Work * Source of small inaccuracy * Stealing and reprogramming an authenticated device * Retraining after degradation of hardware * Protection of our mechanism ## Conclusion