摘要
USB HID攻击技术是近年来新兴的一种恶意硬件攻击技术,利用USB HID协议漏洞伪造用户击键内容获取控制权限.这种技术将恶意代码隐藏在芯片固件内,现有的反病毒软件和入侵检测系统无法防御.而且它发展迅速,波及范围广,已经严重威胁到了用户的隐私安全.从USB协议层面分析了这种攻击技术的原理,并总结整理了这种技术自出现以来至今的发展历程.并且对比分析现有防护技术优劣,并由此讨论了未来安全体系应对恶意硬件的防护策略.
A novel USB attack technology called USB HID attack is emerging, which is an attack using USB HID protocol vulnerabilities. This technology will hide malicious code in the chip firmware, so that it cannot be detected by existing anti-virus software and intrusion detection systems. It has been a serious threat to the security of users privacy due to rapid spread and extreme destruction. This paper analyzes the principle of this attack technology from USB protocol level,and summarizes the development of this technology since its emergence. Moreover,this paper compares the advantages and disadvantages of the existing protection technology. Finally , this paper discusses how the future security system deals with malicious hardware.
出处
《信息安全研究》
2017年第2期129-138,共10页
Journal of Information Security Research
基金
国家自然科学基金项目(61501458)
关键词
USBHID设备
攻击与防护
恶意硬件
USB枚举
主动认证
隐私保护
USB HID device
attack and defense5 malicious hardware
USB enumeration
active authentication
privacy protection
