Network Security Lab


National Taiwan University


Research on Other Topics of Security


Our group also research on othes interesting topics of security. Below are the brief introduction and achievement of our projects on other topics of security:

SandUSB

An installation-free sandbox for USB peripherals


This work investigates two emerging attacks - Human Interface Device (HID) attack and Juice Jacking attack - that leverage USB peripherals, and proposes countermeasures to defend against them. These attacks can be easily reproduced using low-cost IoT prototyping boards (e.g., Raspberry Pi) and can bypass commercial antivirus tools. Although several research prototypes can effectively mitigate Juice Jacking and HID attacks, these prototypes encounter two challenges with respect to deployability: 1) Some require installation on host computers, which is inconvenient and users may lack permission to install software; 2) Some assume cryptographic keys for authentication, but such cryptographic operations may not be supported by legacy USB peripherals and hosts. To address these challenges, this work presents the design and implementation of SandUSB, an installation-free and user-controllable security gadget for USB peripherals. Since SandUSB acts as an intermediary between the USB host and device, SandUSB can perform efficient scanning and analysis without changing USB devices or hosts. In addition, SandUSB provides a simple user interface (UI) to control and monitor connected USB devices, enabling users to identify malicious peripherals that masquerade as another type. This UI is complementary to the automatic defensive measures that SandUSB supports or cryptographic-based authentication. Our evaluation demonstrates that SandUSB can effectively defend against various USB attacks, including the HID attack and Juice Jacking, using affordable and easily accessible hardware.

SandUSB System Architecture.

SandUSB Hardware.

SandUSB User Interface.

Security Implications of Redirection Trail in Popular Websites Worldwide


URL redirection is a popular technique that automatically navigates users to an intended destination webpage without user awareness. However, such a seemingly advantageous feature may offer inadequate protection from security vulnerabilities unless every redirection is performed over HTTPS. Even worse, as long as the final redirection to a website is performed over HTTPS, the browser's URL bar indicates that the website is secure regardless of the security of prior redirections, which may provide users with a false sense of security. This paper reports a well-rounded investigation to analyze the wellness of URL redirection security. As an initial large-scale investigation, we screened the integrity and consistency of URL redirections for the Alexa top one million (1M) websites, and further examined 10,000 (10K) websites with their login features. Our results suggest that 1) the majority (83.3% in the 1M dataset and 78.6% in the 10K dataset) of redirection trails among web-sites that support only HTTPS are vulnerable to attacks, and 2) current incoherent practices (e.g., naked domains and www subdomains being redirected to different destinations with varying security levels) undermine the security guarantees provided by HTTPS and HSTS.

An illustration of redirection trails along six phases. The first three phases and all six phases are applicable for our comprehensive and extensive analysis, respectively.

Sankey diagram for top Alexa 1M dataset. It shows detailed percentages of security levels for each phase with the applicable website count. Red and blue indicate the most insecure and secure trails, respectively.

Sankey diagram of redirection trails among Alexa top 10K websites worldwide. It also shows detailed percentages of security levels for each phase. Red and blue trails indicate the most insecure and secure combinations, respectively.