Litcius/Paper detail

USB powered devices: A survey of side-channel threats and countermeasures

Hao Liu, Riccardo Spolaor, Federico Turrin, Riccardo Bonafede, Mauro Conti

2021High-Confidence Computing21 citationsDOIOpen Access PDF

Abstract

Recent technological innovations lead to the rise of a plethora of portable electronic devices such as smartphones, small household appliances, and other IoT devices. To power or recharge the battery of such devices, manufacturers identified in the ubiquitous Universal Serial Bus (USB) standard a convenient solution, as it enables both communication and energy supply. Unfortunately, the default trust on USB ports has been exploited by hackers to extract highly sensitive user data on such devices. Despite the efforts by security experts and manufacturers to detect and block this threat, an even more stealthy approach to undermine users privacy relies on side-channel attacks on the USB interface, such as electromagnetic emissions and power consumption. In this paper, we present a comprehensive survey of the state-of-the-art of side-channel analysis on the security of USB-powered devices. Differently from other surveys on USB-based attacks via the communication interface only, this survey considers research works that aim to infer or extract private information from the energy supply, the device itself, or unintentionally available functionalities. In particular, we consider this emergent trend of security work that was not previously considered in other surveys, such as the energy consumption and electromagnetic emission analyses, as well as Juice Filming Charging (JFC) attacks. We first analyze the physical properties of the side-channels and technical characteristics of such research work, we then summarize the countermeasures proposed in the state-of-the-art. Finally, we also identify some possible future directions to foster further research in this field.

Topics & Concepts

USBHackerComputer securityComputer scienceSide channel attackChannel (broadcasting)Interface (matter)Energy consumptionTelecommunicationsEmbedded systemCryptographyEngineeringElectrical engineeringOperating systemSoftwareBubbleMaximum bubble pressure methodInternet Traffic Analysis and Secure E-votingAdvanced Malware Detection TechniquesSecurity and Verification in Computing