DeviceVeil: Robust Authentication for Individual USB Devices Using Physical Unclonable Functions

Abstract

The Universal Serial Bus (USB) supports a diverse and wide-ranging set of device types. To enable ease of use, USB devices are automatically detected and classified by common operating systems, without any authentication. This trust-by-default design principle can be easily exploited, and led to numerous attacks in the past (e.g., Stuxnet, BadUSB, BadAndroid), specifically targeting high-value organizations. Administrators' efforts to prevent these attacks may also be threatened by unscrupulous users who may insert any USB device, or malicious users (inside attackers) who may try to circumvent OS/kernel-enforced protection mechanisms (e.g., via OS replacement). The root causes of USB attacks appear to be the lack of robust authentication of individual USB devices and inadequate tamper-proofing of the solution mechanism itself. We propose DeviceVeil to address these limitations. To authenticate individual USB devices, we utilize the tamper-proof feature of Physical Unclonable Functions (PUFs); PUFs extract unique features from physical characteristics of an integrated circuit (IC) at a reasonable cost (less than 1 USD). To make our authentication mechanism robust, we implement it as a small hypervisor, and protect it by a novel combination of security technologies available in commodity PCs, e.g., Trusted Platform Module (TPM), customized secure boot, and virtualization support. The OS disk image with all user data is encrypted by a key sealed in TPM and can be decrypted by the hypervisor only. Customized secure boot allows the loading of the legitimate hypervisor and OS kernel only. The hypervisor enables pre-OS authentication to protect the trust-by-default OS from USB attacks. The chain of trust continues from power-on to the insertion of a USB device and disallows all illegitimate USB devices. DeviceVeil's PUF authentication takes about 1.7 seconds during device insertion.