USB devices are nowadays ubiquitous and participate to a wide variety of use cases. Recent studies have exposed vulnerabilities on the USB implementations, and among them the BadUSB attacks are a serious threat against the integrity of USB devices. Firmwares, hosts Operating Systems, as well as user data confidentiality are at risk. This kind of security threat can lead to critical consequences since USB mass storage devices are used to transfer public or confidential data between different machines, including in air-gapped networks.

Some proprietary devices are already sold as preventive solutions against the BadUSB class of attacks. They however lack code or architecture/design review, sometimes yielding in crucial defects. The academic community has, for its part, focused on the host side by enhancing the Operating Systems USB sub-module robustness and by developing filtering proxies. Such approaches, albeit interesting, can be non-portable and do not protect the USB device itself when it is lost or falls into the hands of adversaries.

Such limitations inclined us to prototype WooKey: a secure and trustworthy USB mass storage device

This talk discusses the results of this initiative and provides insight into how we designed and implemented a custom STM32-based USB thumb drive with mass storage capabilities designed for user data encryption and protection, with a full-fledged set of in-depth security defenses. Another strength of this project is its core guiding principle: provide an open source and open hardware platform using off-the-shelf components for the PCB design to ease its manufacturing and reproducibility.

We first provide a security and threat model for USB mass storage thumb drives, thus highlighting the main challenges of designing a secure device. Then, we discuss the existing public products that adopt such functionalities from an end-user’s perspective, introducing what (we believe) brings new security features to embedded platforms that use off-the-shelf components.

This leads us to detail our hardware and software design choices in the light of the security expectations, bringing insight into our main contributions, namely:

  • A full-featured USB dongle platform with in-depth defense in mind.
  • Software isolation using EwoK: a custom microkernel implementation designed with advanced security paradigms in mind, such as memory confinement using the MPU (Memory Protection Unit) and the integration of safe languages and formal methods for very sensitive modules (Ada and SPARK).
  • A secure DFU (Device Firmware Update) implementation featuring up-to-date cryptography.
  • Two-factor user authentication using an extractable smartcard token.
  • MosEslie: a versatile and modular SDK that has been developed to easily integrate user applications in C, Ada and Rust.

Finally, we wrap up an analysis of the resulting security against our threat model and discuss the residual risks, thus assessing the limitations of an architecture based on off-the-shelf components.

Mathieu Renard and Ryad Benadjila, ANSSI