The literature and the news regularly report cases of exploiting Universal Serial Bus (USB) devices as attack tools for malware injections and private data exfiltration. To protect against such attacks, security researchers proposed different solutions to verify the identity of a
...
The literature and the news regularly report cases of exploiting Universal Serial Bus (USB) devices as attack tools for malware injections and private data exfiltration. To protect against such attacks, security researchers proposed different solutions to verify the identity of a USB device via side-channel information (e.g., timing or electromagnetic emission). However, such solutions often make strong assumptions on the measurement (e.g., electromagnetic interference-free area around the device), on a device’s state (e.g., only at the boot or during specific actions), or are limited to one particular type of USB device (e.g., flash drive or input devices).In this paper, we present PowerID, a novel method to fingerprint USB peripherals based on their power consumption. PowerID analyzes the power traces from a peripheral to infer its identity and properties. We evaluate the effectiveness of our method on an extensive power trace dataset collected from 82 USB peripherals, including 35 models and 8 types. Our experimental results show that PowerID accurately recognizes a peripheral type, model, activity, and identity.@en
