Difference between revisions of "Universal Serial Bus (USB)"

From MgmtWiki
Jump to: navigation, search
(Selected details about USB)
(Solutions)
 
(2 intermediate revisions by the same user not shown)
Line 17: Line 17:
 
* Early, unsuccessful USB solutions put the [[User]] [[Identity]] into a [[Smart Card]] chip embedded in a USB fob using the existing [[X.509 Certificate]] and [[Public Key Infrastructure]].
 
* Early, unsuccessful USB solutions put the [[User]] [[Identity]] into a [[Smart Card]] chip embedded in a USB fob using the existing [[X.509 Certificate]] and [[Public Key Infrastructure]].
 
* The current solution started as a browser add-on from Google that would allow security keys that were plugged into the computer to be queried by the browser and perform a function just like "Answer to Reset".
 
* The current solution started as a browser add-on from Google that would allow security keys that were plugged into the computer to be queried by the browser and perform a function just like "Answer to Reset".
* A similar solution for [[Smart Phone]]s include NFC and Bluetooth, explained elsewhere, none of which provide a secure physical connection.
+
* A similar solution for [[Smart Phone]]s include [[NFC]] and [[Bluetooth]], explained elsewhere, none of which provide a secure physical connection.
 
* An alternate solution for devices with [[Trusted Execution Environment]]s is to place the [[User]] [[Identifier]] and [[Attribute]]s into a well-secured location within the device itself.
 
* An alternate solution for devices with [[Trusted Execution Environment]]s is to place the [[User]] [[Identifier]] and [[Attribute]]s into a well-secured location within the device itself.
 
===USB Security Tokens===
 
===USB Security Tokens===
Line 35: Line 35:
 
* Linux-USB list of all vendor IDs (yubico=1050): http://www.linux-usb.org/usb.ids
 
* Linux-USB list of all vendor IDs (yubico=1050): http://www.linux-usb.org/usb.ids
  
===Selected sources of USB Late-Binding [[Security Token]]s===
+
===Selected sources of USB [[Late Binding Token]]s===
 
*Titan: https://9to5google.com/2018/07/26/hands-on-google-titan-security-key-2fa/
 
*Titan: https://9to5google.com/2018/07/26/hands-on-google-titan-security-key-2fa/
  

Latest revision as of 09:19, 12 April 2019

Full Title or Meme

Nearly all computers and other portable devices now support a single Universal Serial Bus (USB) for both data and power.

Context

  • Legacy serial ports on computers were slow speed and specific to a particular function, like: keyboard, mouse, audio in, audio out, serial RS232 port or printer port.
  • Now when a device is connected to a computer USB port is must identify itself so that the computer can recognize that device and ensure it can locate the correct software drivers.
  • The smart card had a similar serial port with similar functionality. Since there were multiple card types, the card will "Answer to Reset (ATR)" with a locator code to identify it.[1]
  • New hardware Security Tokens for User Identifiers and Attributes are built to connect directly to the USB port and provide similar locator codes.

Problems

  • Since the first Smart Card was issued, portable identification devices have needed to issue Locator Codes of some sort which allow the attachment to acquire a software driver to support the card.
  • Smart cards have worked well for controlled environments like: governments, colleges and corporations. Consumers have never been willing to tolerate the complexity of the card and the X.509 Certificate they needed.
  • The first attempt was to add a card reader to convert from Smart Card format to USB, but the added hardware was enough to impede consumer adoption.
  • Even if those early USB devices worked as designed, they were not recognized by the User Agent (browser) from companies like Microsoft, Apple and Google.

Solutions

USB Security Tokens

This section will consider one FIDO U2F Security Token in particular, although many other examples exist with the publication of the Web Authentication spec. For USB implementations the U2F Security Token uses the HID (Human Interface Device Protocol) as that is implemented by all computer that have USB port, which means that the appropriate low level USB driver software is already installed on all of those computers.

A unique Usage Page is defined for the FIDO alliance and under this realm, a U2FHID Usage is defined as well. During U2FHID device discovery, all HID devices present in the system are examined and devices that match this usage pages and usage are then considered to be U2FHID devices.

  • Acquire a Yubico Touch U2F Security Token and attach it to USB port on Windows.
  • USB driver receives "USB Device Added" with Locator Codes: idVendor= 0x1050 and idProduct = 0x0120

Selected details about USB

Selected sources of USB Late Binding Tokens

References

  1. eft lab, Smart Cards - Answer To Reset (ATR). https://www.eftlab.co.uk/index.php/site-map/our-articles/169-demystifying-atr-answer-to-reset