引用本文
  • 黄伟庆,李海洋,吕志强,张宁,薛亚楠.USB攻击与检测防护技术研究综述[J].信息安全学报,已采用    [点击复制]
  • huangweiqing,lihaiyang,lvzhiqiang,zhangning,xueyanan.Overview of Research on USB Attack and USB Detection and Protection Technology[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 4673次   下载 800  
USB攻击与检测防护技术研究综述
黄伟庆1, 李海洋1, 吕志强1, 张宁1, 薛亚楠2
0
(1.中国科学院信息工程研究所;2.北方自动控制技术研究所)
摘要:
通用串行总线(universal serial bus, USB)接口因其热插拔,高传输速率等优点得到极为广泛的应用。在USB带来便利的同时,由于USB协议缺乏有效的安全策略,给恶意攻击者带来可乘之机。伴随着USB攻击技术的迅猛发展,USB攻击事件层出不穷,尤其是“Stuxnet”、“BadUSB”等给计算机网络设备和大数据的安全带来巨大挑战,关于USB的安全问题越来越受到重视。更多的安全研究人员开始关注USB连接的安全性,但是目前缺乏针对USB攻击技术和检测防护技术的系统性研究工作。在本文中,我们分析了USB通信的枚举、数据传输过程,和USB攻击技术和检测防护技术的原理,并指出USB攻击技术利用的协议漏洞和操作系统漏洞。我们首次提出了新的分类方法,对典型的USB攻击技术和USB检测和防护技术进行了整理、分类和具体分析。基于USB攻击技术和检测防护技术的实现原理,将USB攻击技术分为USB摆渡攻击技术、USB接口攻击技术、USB电源浪涌攻击技术、USB软件木马攻击技术和USB侧信道攻击技术5类,将USB检测与防护技术分为USB设备管控技术、USB设备认证技术、USB流量监控技术、和基于击键动力学的USB击键特征识别技术4类。同时,我们对这些技术做了比较研究,指出了其优点和缺点。最后,我们讨论了USB攻击技术和检测防护技术的发展趋势,以及关键问题。
关键词:  USB攻击  USB HID  恶意USB设备  攻击检测与防护  USB安全
DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.35
投稿时间:2021-07-08修订日期:2021-08-30
基金项目:国家重点研发计划课题(No.2018YFF01014303)
Overview of Research on USB Attack and USB Detection and Protection Technology
huangweiqing1, lihaiyang1, lvzhiqiang1, zhangning1, xueyanan2
(1.Institute of information engineering,CAS;2.North Automatic Control Technology Institute)
Abstract:
The universal serial bus (USB) interface is widely used due to its hot-swappable, high transmission rate and other ad-vantages. While USB brings us convenience, because the USB protocol lacks an effective security strategy, it brings op-portunities for malicious attackers. With the rapid development of USB attack technology, USB attack incidents have emerged one after another, especially "Stuxnet" and "BadUSB" have brought huge challenges to the security of computer network equipment and big data. The security issues of USB have been paid more and more attention. More security re-searchers have begun to focus on the security of USB connections, but there is currently a lack of systematic research on USB attack technology and detection and protection technology. In this article, we analyzed the enumeration and data transmission process of USB communication, and the principles of USB attack technology and detection and protection technology, and pointed out the protocol vulnerabilities and operating system vulnerabilities used by USB attack technol-ogy. We put forward a new classification method for the first time, sorting out, classifying and analyzing the typical USB attack technology and USB detection and protection technology. Based on the realization principle of USB attack tech-nology and detection and protection technology, the USB attack technology is divided into five types: USB ferry attack technology, USB interface attack technology, USB power surge attack technology, USB software Trojan horse attack technology and USB side channel attack technology. USB detection and protection technology is divided into four cate-gories: USB device management and control technology, USB device authentication technology, USB flow monitoring technology, and USB keystroke feature recognition technology based on keystroke dynamics. At the same time, we have done a comparative study of these technologies and pointed out their advantages and disadvantages. Finally, we dis-cussed the development trend of USB attack technology and detection and protection technology, as well as key issues.
Key words:  USB attack  USB HID  malicious hardware  attack detection and protection