{"title":"主机识别通过USB指纹","authors":"Lara Letaw, Joe Pletcher, Kevin R. B. Butler","doi":"10.1109/SADFE.2011.9","DOIUrl":null,"url":null,"abstract":"Determining a computer's identity is a challenge of critical importance to a forensics investigator. However, relay and impersonation attacks can defeat even computers that contain trusted computing hardware. In this paper, we consider how to leverage the virtually ubiquitous USB interface to uniquely identify computers based on the characteristics of their hardware, firmware, and software USB stacks. We use a USB protocol analyzer to collect data on 24 machines connected to a range of different USB devices, and demonstrate through machine learning classification techniques that we can differentiate not only between operating systems, but between seemingly unnoticeable differences in machine model types as well. We also show that we can differentiate between real and virtualized hosts responding to USB stimuli, and point to new ways of recognizing remote attacks. These results are a first step in showing that USB is a novel and effective means of identifying machines, and a valuable tool in the arsenal of a forensics kit.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"Host Identification via USB Fingerprinting\",\"authors\":\"Lara Letaw, Joe Pletcher, Kevin R. B. Butler\",\"doi\":\"10.1109/SADFE.2011.9\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Determining a computer's identity is a challenge of critical importance to a forensics investigator. However, relay and impersonation attacks can defeat even computers that contain trusted computing hardware. In this paper, we consider how to leverage the virtually ubiquitous USB interface to uniquely identify computers based on the characteristics of their hardware, firmware, and software USB stacks. We use a USB protocol analyzer to collect data on 24 machines connected to a range of different USB devices, and demonstrate through machine learning classification techniques that we can differentiate not only between operating systems, but between seemingly unnoticeable differences in machine model types as well. We also show that we can differentiate between real and virtualized hosts responding to USB stimuli, and point to new ways of recognizing remote attacks. These results are a first step in showing that USB is a novel and effective means of identifying machines, and a valuable tool in the arsenal of a forensics kit.\",\"PeriodicalId\":264200,\"journal\":{\"name\":\"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SADFE.2011.9\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SADFE.2011.9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Determining a computer's identity is a challenge of critical importance to a forensics investigator. However, relay and impersonation attacks can defeat even computers that contain trusted computing hardware. In this paper, we consider how to leverage the virtually ubiquitous USB interface to uniquely identify computers based on the characteristics of their hardware, firmware, and software USB stacks. We use a USB protocol analyzer to collect data on 24 machines connected to a range of different USB devices, and demonstrate through machine learning classification techniques that we can differentiate not only between operating systems, but between seemingly unnoticeable differences in machine model types as well. We also show that we can differentiate between real and virtualized hosts responding to USB stimuli, and point to new ways of recognizing remote attacks. These results are a first step in showing that USB is a novel and effective means of identifying machines, and a valuable tool in the arsenal of a forensics kit.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
