Universal Serial Bus (USB)

From MgmtWiki
Revision as of 14:52, 8 August 2018 by Tom (talk | contribs) (Solutions)

Jump to: navigation, search

Full Title or Meme

Nearly all computers and other portable devices now support a single Universal Serial Bus (USB) for both data and power.

Context

  • Legacy serial ports on computers were slow speed and specific to a particular function, like: keyboard, mouse, audio in, audio out, serial RS232 port or printer port.
  • Now when a device is connected to a computer USB port is must identify itself so that the computer can recognize that device and ensure it can locate the correct software drivers.
  • The smart card had a similar serial port with similar functionality. Since there were multiple card types, the card will "Answer to Reset (ATR)" with a locator code to identify it.[1]
  • New Security Tokens for User Identifiers and Attributes are built to connect directly to the USB port and provide similar locator codes.

Problems

  • Since the first Smart Card was issued, portable identification devices have needed to issue Locator Codes of some sort which allow the attachment to acquire a software driver to support the card.
  • Smart cards have worked well for controlled environments like: governments, colleges and corporations. Consumers have never been willing to tolerate the complexity of the card and the X.509 Certificate they needed.
  • The first attempt was to add a card reader to convert from Smart Card format to USB, but the added hardware was enough to impede consumer adoption.
  • Even if the USB device worked, it was not recognized by the User Agent (browser) from companies like Microsoft, Apple and Google.

Solutions

  • Early, unsuccessful USB solutions put the User Identity into a Smart Card chip embedded in a USB fob using the existing X.509 Certificate and Public Key Infrastructure.
  • The current solution started as a browser add-on from Google that would allow security keys that were plugged into the computer to be queried by the browser and perform a function just like "Answer to Reset".
  • A similar solution for Smart Phones include NFC and Bluetooth, explained elsewhere, none of which provide a secure physical connection.
  • An alternate solution for devices with Trusted Execution Environments is to place the User Identifier and Attributes into a well-secured location within the device itself.

USB Security Tokens

This section will consider one FIDO U2F Security Token in particular, although many other examples exist with the publication of the Web Authentication spec.

References

  1. eft lab, Smart Cards - Answer To Reset (ATR). https://www.eftlab.co.uk/index.php/site-map/our-articles/169-demystifying-atr-answer-to-reset
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Universal_Serial_Bus_(USB)&oldid=1946"