博碩士論文 106552004 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:29 、訪客IP:18.204.227.117
姓名 許祐瑋(Yu-Wei Hsu)  查詢紙本館藏   畢業系所 資訊工程學系在職專班
論文名稱
(HERMES:A Light Weight Method to Simulate a USB Device or Pass a USB Firewall)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2024-6-30以後開放)
摘要(中) USB 介面已經存在多數電腦硬體平台上,然而大部份認定 USB 裝置的威脅只存 在於 USB 隨身碟上,BadUSB 是一種硬體裝置,通過 USB 介面孔,插入目標電腦或其 他裝置,模擬成 HID 介面,進行執行攻擊程式碼或干擾,達到控制主機和資訊洩漏, 目前阻擋 BadUSB 攻擊的方法,以黑白名單防火牆較為常見,利用 USB 的功能特徵和 訊息進行判別,以達到阻擋效果。
目前存在低成本單晶片 BadUSB 的平台,如 Rubber ducky , Teensy USB 和 Arduino 等等,無法同時模擬儲存裝置和鍵盤,同時也無法把 USB 的資訊個做更底層 的偽冒,讓 USB firewall 可以利用此特點做攔截。因此在本篇論文中我們將發展出可 以穿透目前 USB firewall 的 BadUSB,此 BadUSB 可以做更低階偽冒,模擬同一個 USB 裝置同時存在多個 USB 功能,並使用認證機制來檢驗 HID 攻擊。
摘要(英) The USB interface already exists on most computer hardware platforms. However, most of the threats of the USB devices are only found on USB flash devices. BadUSB is a hardware device that plugs into a target computer or other device through a USB interface and simulates HID. The interface, to execute the attack code or interference, to achieve control host and information leakage, currently blocking the BadUSB attack method, black and white list firewall is more common, using USB features and messages to determine the blocking effect.
There are currently low-cost single-chip BadUSB platforms, such as Rubber ducky, Teensy USB and Arduino, etc., it cannot simulate simultaneous simulation of USB information, so that USB firewall can use this features to do interception. Therefore, in this paper, we will develop BadUSB that can pass current USB firewalls, This BadUSB can do lower-level faking, simulate multiple USB functions at the same time with the same USB device, and use the authentication mechanism to verify HID attacks.
關鍵字(中) ★ USB攻擊
★ USB防火牆
關鍵字(英) ★ USB
★ BadUSB
★ USB firewall
★ Human Interface Device
★ HID
論文目次 中文摘要 vi
Abstract vii
誌謝 viii
Contents ix
List of Figures xi
List of Tables xiv
Chapter 1. Introduction 1
Chapter 2. Background 3
2.1. USB Protocol 3
2.2. USB OTG 4
2.3. Linux gadget module 4
2.4. UEvent 6
2.5. HID Attack 6
Chapter 3. Related Work 8
3.1. USBFilter 8
3.2. USBGuard 9
3.3. Rubber Ducky 10
Chapter 4. System Design 11
4.1. Components in HERMES 12
4.2. HERMES Work Flow 17
4.3. Components in USBAuth 19
4.4. USBAuth Work Flow 20
Chapter 5. Evaluation 22
5.1. Environment 22
5.2. USBFilter and USBGuard 23
5.3. HERMES Pass USBFilter 25
5.4. HERMES Pass USBGuard 27
5.5. USBAuth with HERMES 29
Chapter 6. Discussion 30
6.1. Comparison 30
6.2. Limitation 31
6.3. Future Work 31
Chapter 7. Conclusion 32
Reference 32
參考文獻 [1] Dave (Jing) Tian, Nolen Scaif, Kevin R. B. Butler, Patrick Traynor, “Making USB Great Again with USBFILTER”, USENIX Security Symposium, 2016
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_p aper_tian.pdf
[2] Karsten Nohl, Sascha KriBler, Jakob Lell, “BadUSB- On accessories that turn evil”
https://srlabs.de/wp-content/uploads/2014/11/SRLabs-BadUSB-Pacsec- v2.pdf
[3] Grant Hernandez, Farhaan Fowze, Dave Tian, Tuba Yavuz, Kevin Butler, “FirmUSB Vetting USB Device Firmware using Domain Informed Symbolic Execution”, ACM CCS’17, November, 2017, https://arxiv.org/pdf/1708.09114.pdf
[4] USBGuard[Online]. Available
https://usbguard.github.io/
[5] Rubber Ducky[Online]. Available
https://shop.hak5.org/products/usb-rubber-ducky-deluxe
[6] P4wnP1 [Online]. Available
https://github.com/mame82/P4wnP1
[7] 深入淺出 Raspberry Pi GPIO[Online]. Available https://www.slideshare.net/raspberrypi-tw/raspberry-pigpiolookinside
[8] USB 維基百科[Online]. Available https://zh.wikipedia.org/wiki/USB
[9] Joathan Corbet, Alessandro Rubini, GregKroah-Hartman, “Linux Device Drivers, 3e”
http://www2.electron.frba.utn.edu.ar/~gjoyuela/archivos/linux/ldd3.pdf
[10] Psychson [Online]. Available:
https://github.com/brandonlw/Psychson
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2019-8-12
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明