WooKey: Designing a Trusted and Efficient USB Device presented at ACSAC2019 2019

by Mathieu Renard, Ryad Benadjila, Arnauld Michelizza, Philippe Thierry, Philippe Trebuchet,

Summary : The work presented in this paper takes place in the design initiatives that have emerged to thwart Bad USB threats. Though many attempts were focusing on the host side, by enhancing the operating system's USB sub-module robustness or by adding a proxy between the host and the device, we have chosen to focus our efforts on the device side.More specifically, our work presents the WooKey platform, a custom highly secure USB thumb drive with mass storage capabilities, designed for user data encryption and protection, and embedding a full-fledged set of in-depth defenses. The device encloses a firmware with a secure DFU (Device Firmware Update) implementation using up-to-date cryptography as well as an external and extractable authentication token based on a secure element. The runtime software security is built upon EwoK, an innovative open source microkernel designed for microcontrollers with advanced security and performance in mind.Finally, another strength of the project is its core guiding principle: provide an open source and open hardware platform using off-the-shelf components.