A bus network topology is a computer network architecture in which two or more clients are interconnected via a shared communications line, called a bus. The bus may employ serial or parallel signaling and address and data transfer. Exemplary busses include Universal Serial Bus (USB) and IEEE 1394 (commonly referred to as “FireWire”). In some cases, “hubs” are used to “fan out” a given bus, via individual interfaces, to several clients. Such hubs are commonly used to enable computer system users to attach several devices, such as keyboards, mice and rotating or solid state mass storage devices (magnetic and solid state “disk drives”) to a single computer system. In some cases, the hubs may be external to the computer system, and in other cases the hubs may be internal, such as on a motherboard of the computer system.
In a bus network topology, more than one client connected to a bus, such as via a hub, share the bus's bandwidth. Furthermore, more than one client has access to the commands, addresses and data that are sent over the bus. Each client is assigned an address, and protocols defined for these busses specify that clients should ignore commands and data that are not addressed to the clients.
However, in prior art bus network topologies, a rogue client may read commands, addresses and data that are carried by the bus, but that are not meant for the client. Such a rogue client may, for example, store a copy of such “sniffed” data in a memory and later make the stored data available to a third party, unbeknownst to the owner of the system in which the bus resides. Such a rogue client would, therefore, present a potential security problem for the system's owner.
For example, a hypothetical attacker may provide a USB device that appears to a typical user to be a common USB mass storage device (“thumb drive”). When first connected to a computer system, the device may automatically install a device driver to handle the device. Many such devices automatically install device drivers, without raising suspicions by their users. The rogue device may perform functions consistent with conventional USB mass storage devices, thereby appearing to the user to be operating as expected.
However, the device may also include additional memory and circuitry or programming that is not disclosed to the user. While the device is connected to a USB, the device may store, in the additional memory, copies of selected data carried by the USB, but not addressed to the device. Some of this data may be sensitive, such as proprietary information or personally identifiable information, e.g., name, birth date, bank account number or password, about the user. Later, when the device driver detects that the computer system is coupled to the Internet, the device or the device driver may send the surreptitiously acquired data to the attacker, via the Internet. Another such rogue device may include a radio-frequency (RF) transmitter, and the device may send the data to the attacker via an RF signal.
Thus, prior art bus network topologies are vulnerable to attacks, in which data may be surreptitiously obtained by third parties.