信息安全研究

• 物理空间信息安全专题 • 上一篇    下一篇

恶意USB设备攻击与防护技术研究

  

  1. 1(中国科学院信息工程研究所北京100093) 2(中国科学院大学北京100049) 3(国家保密科技测评中心北京100044) 4(北京交通大学北京100044)
  • 收稿日期:2016-01-08 出版日期:2016-02-05 发布日期:2016-02-06
  • 基金资助:
    国家自然科学基金项目(61501458)

Research on USBHID Device Security

  1. 1(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093) 2(University of Chinese Academy of Sciences, Beijing 100049) 3(National Secrecy Science and Technology Evaluation Center, Beijing 100044) 4(Beijing Jiaotong University, Beijing 100044)
  • Received:2016-01-08 Online:2016-02-05 Published:2016-02-06

摘要: 讨论了近年来出现的恶意USB设备的攻击和防护技术.恶意设备可以利用USB接口协议,获得计算机管理员权限,自动运行恶意程序,获取所存资料甚至远程控制计算机等.为了研究并防护此类USB安全问题,设计开发了1款可以伪装成键盘的恶意USB设备.在网络隔离环境下,成功打开目标电脑中的程序,获取计算机内文件.整个过程不触发任何操作系统规则,发现后不能通过软件清除,对涉密计算机有较大的威胁.针对此类恶意USB设备研究了相应的防护技术.

关键词: 恶意USB设备, HID接口, 数据传输, HID键盘, 安全性分析, 用户权限, USB复合设备

Abstract: This paper discusses research activities that investigated the risk and protection mechanism associated with USB devices. Using USB interface protocol, an adversary can mount suck an attack with an objective to get the administrators permission of computer, autorunning the malware, obtaining the stored information, even remotely controlling the computer. The work was validated through the design and implementation of a malicious USB device that can be disguised as the keyboard. Files stored in the computer are got remotely through this keyboard without violating any system rules. With high concealment, this method has high threat to classified computers, which cannot be found or removed by the antivirus program. Furthermore, this paper proposes the corresponding protection mechanism of USB devices.

Key words: malicious USB device, HID interface, data transmission, HID keyboard, security analysis, user permission, USB composite device