35th Annual Computer Security Applications Conference (ACSAC 2019)

Full Program »
Paper
View File
ACM
Presentation
View File
pdf

WooKey: Designing a Trusted and Efficient USB Device

The work presented in this paper takes place in the design initiatives that have emerged to thwart Bad USB threats. Though many attempts were focusing on the host side, by enhancing the operating system's USB sub-module robustness or by adding a proxy between the host and the device, we have chosen to focus our efforts on the device side.

More specifically, our work presents the WooKey platform, a custom highly secure USB thumb drive with mass storage capabilities, designed for user data encryption and protection, and embedding a full-fledged set of in-depth defenses. The device encloses a firmware with a secure DFU (Device Firmware Update) implementation using up-to-date cryptography as well as an external and extractable authentication token based on a secure element. The runtime software security is built upon EwoK, an innovative open source microkernel designed for microcontrollers with advanced security and performance in mind.

Finally, another strength of the project is its core guiding principle: provide an open source and open hardware platform using off-the-shelf components.

Ryad Benadjila
ANSSI

Arnauld Michelizza
ANSSI

Mathieu Renard
ANSSI

Philippe Thierry
ANSSI

Philippe Trebuchet
ANSSI

 



Powered by OpenConf®
Copyright©2002-2020 Zakon Group LLC