35th Annual Computer Security Applications Conference (ACSAC 2019)

Full Program »
View File
View File

WooKey: Designing a Trusted and Efficient USB Device

The work presented in this paper takes place in the design initiatives that have emerged to thwart Bad USB threats. Though many attempts were focusing on the host side, by enhancing the operating system's USB sub-module robustness or by adding a proxy between the host and the device, we have chosen to focus our efforts on the device side.

More specifically, our work presents the WooKey platform, a custom highly secure USB thumb drive with mass storage capabilities, designed for user data encryption and protection, and embedding a full-fledged set of in-depth defenses. The device encloses a firmware with a secure DFU (Device Firmware Update) implementation using up-to-date cryptography as well as an external and extractable authentication token based on a secure element. The runtime software security is built upon EwoK, an innovative open source microkernel designed for microcontrollers with advanced security and performance in mind.

Finally, another strength of the project is its core guiding principle: provide an open source and open hardware platform using off-the-shelf components.

Ryad Benadjila

Arnauld Michelizza

Mathieu Renard

Philippe Thierry

Philippe Trebuchet


Powered by OpenConf®
Copyright©2002-2020 Zakon Group LLC