In a computer system, peripherals and other devices may be attached to a computer system by means of a bus, such as a USB bus. A computer system utilizing a USB bus will include a USB software layer that will interact with applications and mediate the sending and receipt of data from a central host to the peripherals.
The USB software layer supports generic USB hardware. The USB software layer is complex and flexible, in order to support the USB communication. The USB software layer preferably supports multiple independent hardware vendors' drivers and must remain pluggable. Therefore, the USB software layer may be changed often in order to respond to challenges such as changes in hardware or other updates. Moreover, there are a large number of different USB hardware elements available, and the USB software layer is preferably able to support this multiplicity of options.
Because the data on the USB bus is passed through an insecure USB software layer and this data is also available to any device on the bus, security is a concern. For example, a computer model may include a secure component, software or hardware, which requires data to be passed over the USB bus. However, it is desirable for simplicity, flexibility, and upgradeability that the USB software layer not be part of that secure software component. However, if the USB software layer is not part of the secure software component, the security implemented in the secure software component is imperiled.
A software or hardware attack may make the system vulnerable. For example, it may be possible for an attacker to spoof device inputs from a hardware device, so that the user's typed information is not sent to the application to which the data was directed. It may also be possible for the attacker to sniff device inputs, for example, saving the user's keystrokes to gain passwords or other data information. Recording, modification or replay of inputs is also possible through software attacks in the computer.
If secure software is running on a computer system, communications with the USB devices must go through the insecure USB software and the bus. Such devices are often necessary for display and input purposes to a user. Thus, for secure software to be secure, the inputs and outputs to the secure software must be secured as well If secure software does not have a secure path to the user, then the secure software has no way of knowing that the action it takes are actually on behalf of the user. First, an attacker could manufacture user input (input that did not come from the user, and thus was not the user intent) to trick the secure software into behavior the legitimate user did not intend. Second, if the output for the trusted software does not go directly to the user through a secure path then the legitmate user has no assurance that the user is actually seeing the real output from the secure software. However, the USB protocol is a standard in the computer industry, and modifying the USB protocol or architecture to provide security would remove the advantages of using a widely available and widely implemented architecture.
Thus, there is a need for a way to provide the benefits of USB connectivity and compatibility with existing USB devices and systems, while allowing for increased security.