With OSIRIS Laboratory run by Professor Kevin Butler, I have been taking part in the research of USB Host Fingerprinting using a commodity device. This work is currently in submission at USNIX Security Symposium, 2013.
The basis behind the idea is that using a USB port, there is a certain granularity to which we can detect ‘who’ we are connected to. Using a physical interface which is intimately connected to the motherboard of a server, desktop, (and commonly on mobile devices), we have an advantage over other remote fingerprinting methods that have been tried in the past [1].
The methodology we employ is to measure timing and content of USB transactions from a commodity Samsung Galaxy Nexus. We extract over 5000 features from this data. Then we employ various machine learning algorithms, (e.g., Random Forest, and SVM), on the features to discover with what granularity we can differentiate hosts. Variations in the manufacturing of hardware components has shown promisingly that we can conduct anomaly detection on a single host against other identically specified hosts with 95% accuracy.
The most common use case is to verify that a computer you currently sit in front of is indeed the computer you think you are sitting in front of. We all leave our office at night, with our generic appearing computer lying there overnight. When we come in the next morning, we assume that the machine we sit down at is running in the same state it was in when we left it. We are not actually certain that our computer has not been either infected with a key-logging root-kit or entirely swapped for a visually identical computer. By verifying the machine with our USB Host Fingerprinting technique, you can rest assured that the computer you are about to type your password into is the right computer running in its standard state.
[1] http://homes.cs.washington.edu/~yoshi/papers/PDF/KoBrCl2005PDF-Extended-lowres.pdf