924 Hits in 2.1 sec

Attestation & Authentication for USB Communications

Zhaohui Wang, Angelos Stavrou
2012 2012 IEEE Sixth International Conference on Software Security and Reliability Companion  
Attestation & Authentication for USB Communications Zhaohui Wang, Ryan Johnson, Angelos Stavrou  ...  in defending for communication with the host at the same time.  ... 
doi:10.1109/sere-c.2012.43 dblp:conf/ssiri/WangS12 fatcat:uz4kwlreofgypnercc7mfmkn44

A mobile and portable trusted computing platform

Surya Nepal, John Zic, Dongxi Liu, Julian Jang
2011 EURASIP Journal on Wireless Communications and Networking  
In order to address this problem, we propose a mobile and portable trusted computing platform in a form of a USB device.  ...  An analysis on attestation-based authentication is also reported in [50] .  ...  The current authentication mechanism is not strong for many of these applications.  ... 
doi:10.1186/1687-1499-2011-75 fatcat:4agbgfn6p5gz7cfnbo6ggxhidy

Protecting portable storage with host validation

Kevin R.B. Butler, Stephen E. McLaughlin, Patrick D. McDaniel
2010 Proceedings of the 17th ACM conference on Computer and communications security - CCS '10  
Our experiments indicate nominal overheads associated with host validation, with a worst-case throughput overhead of 1.22% for reads and 2.78% for writes.  ...  We explore the design and operation of Kells, and implement a proof-of-concept USB 2.0 storage device on experimental hardware.  ...  Within the Kells device is a policy store containing information about every known host, a measurement database to compare attestations against, and policy details, such as whether the host is authenticated  ... 
doi:10.1145/1866307.1866386 dblp:conf/ccs/ButlerMM10 fatcat:u26ul75u2rfhniswdcismllafy

A portable TPM based on USB key

Dawei Zhang, Zhen Han, Guangwen Yan
2010 Proceedings of the 17th ACM conference on Computer and communications security - CCS '10  
At last, we implement the PTM on the USB Key with Java Card Runtime Environment. The test results show that the PTM scheme is feasible for user-based application.  ...  But there are some drawbacks of TCG's Trusted Computing architecture for user-based applications. This paper presents a new concept of portable TPM (PTM) based on USB Key to solve those problems.  ...  PTM communicates with computing device by USB. In other words, it is a TPM-like device with USB bus.  ... 
doi:10.1145/1866307.1866419 dblp:conf/ccs/ZhangHY10 fatcat:4wn45xigejhbbhxj3bgulzh5my


Dave (Jing) Tian, Adam Bates, Kevin R.B. Butler, Raju Rangaswami
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
ProvUSB maintains data provenance by recording reads and writes at the block layer and reliably identifying hosts editing those blocks through attestation over the USB channel.  ...  This work presents ProvUSB, an architecture for fine-grained provenance collection and tracking on smart USB devices.  ...  Acknowledgements This work is supported in part by the US National Science Foundation under grant numbers CNS-1563883, CNS-1540217, and CNS-1540218, and by the Florida Center for Cybersecurity (F C 2 )  ... 
doi:10.1145/2976749.2978398 dblp:conf/ccs/TianBBR16 fatcat:x4tygoan6nhqredgkrouzackxe

Better Keep Cash in Your Boots - Hardware Wallets are the New Single Point of Failure

Adrian Dabrowski, Katharina Pfeffer, Markus Reichel, Alexandra Mai, Edgar R. Weippl, Michael Franz
2021 Proceedings of the 2021 ACM CCS Workshop on Decentralized Finance and Security  
Unlike previous publications, we found that tightened attestation and communications encryption will not solve the fundamental architectural flaws sustainably.  ...  However, previous publications show that such tokens can be replaced or manipulated in a number of hard-to-detect ways pre-or post-delivery to the user and that implemented (remote) attestation and authenticity  ...  ACKNOWLEDGMENTS We thank Phillip Schindler for his valuable feedback and support. We gratefully acknowledge an ENDEAVOR award from the Donald Bren School of  ... 
doi:10.1145/3464967.3488588 fatcat:i2e2vmlqzfgkjja44hnuxvvtsa

On the Usability of Authenticity Checks for Hardware Security Tokens

Katharina Pfeffer, Alexandra Mai, Adrian Dabrowski, Matthias Gusenbauer, Philipp Schindler, Edgar R. Weippl, Michael Franz, Katharina Krombholz
2021 USENIX Security Symposium  
We present the first comprehensive market review evaluating the effectiveness and usability of authenticity checks for the most commonly used HSTs.  ...  However, recently reported attacks on such tokens suggest that users cannot take the security guarantees of their HSTs for granted, even despite widely deployed authenticity checks.  ...  Acknowledgements We thank the anonymous reviewers, our shepherd Blase Ur as well as Michael Schwarz, Christian Kudera, Manuel Wiesinger, and Sven Bugiel for their valuable feedback on our work.  ... 
dblp:conf/uss/PfefferMDGSWFK21 fatcat:pcxmvlsufng7hnkz3nuwiu7nra

SoK: "Plug & Pray" Today – Understanding USB Insecurity in Versions 1 Through C

Jing Tian, Nolen Scaife, Deepak Kumar, Michael Bailey, Adam Bates, Kevin Butler
2018 2018 IEEE Symposium on Security and Privacy (SP)  
Our systematization extracts offensive and defensive primitives that operate across layers of communication within the USB ecosystem.  ...  We then develop the first formal verification of the recently released USB Type-C Authentication specification, and uncover fundamental flaws in the specification's design.  ...  The authentication between PD devices is thus mutual. However, the TCA specification only allows USB host controllers to initiate an authentication challenge for USB devices.  ... 
doi:10.1109/sp.2018.00037 dblp:conf/sp/TianSKBBB18 fatcat:szwfhcvsvvhxrclx5ataygmj6i

Turtles all the way down

Jonathan M. McCune
2008 Proceedings of the 2nd workshop on Recent advances on intrusiton-tolerant systems - WRAITS '08  
Acknowledgements The authors are grateful to Bryan Parno for his comments and for suggesting the title.  ...  Probably the best choice today would be USB. A USB-based iTurtle would have the ability to act as a master or slave device, and would be equipped with adapters for the different USB plug sizes.  ...  Automated side-channels use means of communication other than the user's computer to establish an authenticated channel.  ... 
doi:10.1145/1413901.1413903 fatcat:yz4qavc6czhhpbkp2wwxlcjlzu


Kevin R. B. Butler, Stephen E. McLaughlin, Patrick D. McDaniel
2010 Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10  
Portable storage devices, such as key-chain USB devices, are ubiquitous.  ...  These experiments indicate nominal overheads associated with host validation , showing a worst case throughput overhead of 1.22% for read operations and 2.78% for writes.  ...  There are actions for communication between threads using both shared memory and message passing.  ... 
doi:10.1145/1920261.1920296 dblp:conf/acsac/ButlerMM10 fatcat:r5gpe6uoxvhb3dknwamdatxjtu

Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation

Rijnard van Tonder, Herman A. Engelbrecht
2014 Workshop on Offensive Technologies  
In this work, we present a USB testing framework that improves significantly over existing methods in providing a cost-effective and flexible way to read and modify USB communication.  ...  Mutation fuzzing is applied during live communication between a host and peripheral, yielding new security-relevant bugs.  ...  Davis [11] attested in 2013 that it is the preferred device for finding USB bugs, although at a cost of approximately $1,400.  ... 
dblp:conf/woot/TonderE14 fatcat:6btiqou3lbhezgekvcdkgjuprm

Bootstrapping Trust in a "Trusted" Platform

Bryan Parno
2008 USENIX Security Symposium  
Unfortunately, no instantiation of these solutions is fully satisfying, and hence, we pose the development of a fully satisfactory solution as an open question to the community.  ...  For the last few years, many commodity computers have come equipped with a Trusted Platform Module (TPM).  ...  Cons: Existing interfaces are not designed to support this type of communication. For example, USB devices cannot communicate with the host platform until addressed by the host.  ... 
dblp:conf/uss/Parno08 fatcat:uky3u74mhfdrtf3bc76snorhqm

Security Keys: Practical Cryptographic Second Factors for the Modern Web [chapter]

Juan Lang, Alexei Czeskis, Dirk Balfanz, Marius Schilder, Sampath Srinivas
2017 Lecture Notes in Computer Science  
We have shipped support for Security Keys in the Chrome web browser and in Google's online services.  ...  Each devices communicates over a USB interface and has a capacitive touch sensor which must be touched by the user in order to authorize any operation (register or authenticate).  ...  Discussion Attestation We chose batch attestation in order to allow servers to assess the trustworthiness of a device, while still affording privacy for the user.  ... 
doi:10.1007/978-3-662-54970-4_25 fatcat:dpt5nzidwjcg5lqjce2vmjot2y

The Evolution of Authentication [chapter]

Rolf Lindemann
2013 ISSE 2013 Securing Electronic Business Processes  
Instead of having a competition for better user authentication methods, authentication companies are faced with a battle for the best server technology.  ...  Other current challenges with Authentication include the need for flexibility.  ...  Securely maintaining the attestation key and only using it for attesting newly generated authentication keys. 2. Securely maintaining the cryptographic authentication keys and a.  ... 
doi:10.1007/978-3-658-03371-2_2 dblp:conf/isse/Lindemann13 fatcat:nvwgfyx4w5efxpuctq3eslrrda

The case for network witnesses

Wu-chang Feng, Travis Schluessler
2008 2008 4th Workshop on Secure Network Protocols  
To combat abuse, this paper examines a general approach for constructing network protocols based on the use of "network witnesses": tamper-resistant, trusted third parties that reside at network protocol  ...  By providing authentic measurements of network use and by ensuring the correct usage of network protocols, we show how network witnesses can enable fundamentally new protocol designs that can protect networks  ...  One straight-forward use for network witnesses is to have them authentically attest to "ground truth" measurements on the host in order to provide situational awareness in the network.  ... 
doi:10.1109/npsec.2008.4664874 fatcat:cvkh7yuudvbdrgjhiklx23jnsi
« Previous Showing results 1 — 15 out of 924 results