[Cryptography] USB firewall/condom HW/SW

Jerry Leichter leichter at lrw.com
Tue Mar 14 08:09:02 EDT 2017 

> Can we consider the realities of such a device?  Can a useful device like this actually be built?  If I plug a memory stick into it and the firmware has been modified to actually report that it's a keyboard, and it starts typing commands into the console ... how could the USB firewall know?  It sees a device that identifies itself as a valid keyboard.  How can it know that it was supposed to be something else?
Answering my own question:  The designer of the thing provides some "Technical Details for the Curious" at https://github.com/robertfisk/USG/wiki/Technical-Details-for-the-Curious".  First off, internally the device consists of two STM32F microprocessors connected by a serial link.  So kind of an air gap.  (Given the "USB-killer" devices out there, I'd recommend an opto-isolator between them but that's a simple improvement.)  The two micros use a "simple serial protocol" so that what can be passed between them is controlled.

He enumerates three kinds of attacks:

1.  "USB Driver Exploits" involving malformed or unexpected inputs.  The receiving micro (which we assume has a carefully written USB stack) will simply block these.

2.  "Hidden Evil Functionality" involves things like USB memory sticks that also contain additional functionality like HID devices in addition to their memory device.  These are blocked by allowing only one device to attach at a time, and blocking run-time device class changes.  OK, but if you consider celebrated attacks like the "USB memory stick left on the ground in the parking lot" which may employees will pick up an stick in their machine ... if it acts *only* as HID or network device and attacks the machine that way, the employee will simply decide that it doesn't work, no big deal.

3.  "Evil Functionality in Plain Sight" involves using legitimate USB commans to perform malicious actions.  Defense requires "rules specific to the attached device".  For example, he suggests limiting the arrival rate of keystrokes from HID devices and encrypting blocks on the fly for mass storage devices.  But ... all this is still under development.

So ... a nice idea which has somewhat limited utility right now, and exactly how far one can go with it is unclear.  Nice to see someone thinking along these lines, but I don't see it ever having broad acceptance:  The systems that most need it shouldn't have open USB connections to begin with!
                                                        -- Jerry

More information about the cryptography mailing list