YoVDO

Plug & Pray Today - Understanding USB Insecurity in Versions 1 through C

Offered By: IEEE via YouTube

Tags

USB Security Courses Formal Verification Courses

Course Description

Overview

Explore a comprehensive analysis of USB security vulnerabilities and defenses in this 18-minute conference talk presented at the 2018 IEEE Symposium on Security & Privacy. Delve into the evolution of USB-based attacks, examining their increasing complexity and diverse attack vectors. Gain insights into the fragmented defensive measures developed by the security community in response to these threats. Discover a systematic categorization of USB attacks and defenses, identifying offensive and defensive primitives across various communication layers within the USB ecosystem. Learn about the trust-by-default nature of USB and how attacks often transcend different software stack layers. Examine the first formal verification of the USB Type-C Authentication specification, uncovering fundamental flaws in its design. Conclude with an exploration of future research directions aimed at enhancing USB security and ensuring safer computing experiences.

Syllabus

Intro
Universal Serial Bus
Universal Security Breach
Attacks: Human Layer
Attacks: Application Layer
Attacks: Transport Layer
Attacks: Physical Layer
Attacks: Summary
Defenses: Human Layer
Defenses: Application Layer
Defenses: Transport Layer
Defenses: Physical Layer
Defenses: Summary
Systematization
USB Device Changes
USB Type-C Authentication Protocol
Formal Verification
Conclusion


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Predator to Prey - Tracking Criminals with Trojans and Data Mining for Fun and Profit
YouTube
Hackademia - The 2018 Literature Review
BSidesLV via YouTube
Implementing an USB Host Driver Fuzzer
WEareTROOPERS via YouTube
ProvUSB - Block-level Provenance-Based Data Protection for USB Storage Devices
Association for Computing Machinery (ACM) via YouTube
Breaking Samsung's Root of Trust - Exploiting Samsung S10 Secure Boot
Black Hat via YouTube