go-ukip (In Development)
Cross-platform protection from USB keystroke injection attacks
go-ukip (USB Keystroke Injection Protection)
A cross-platform runtime protection solution against USB keystroke injection attacks (like those performed by BadUSB devices) and DNS assignment over DHCP spoof attacks. Built with Golang for maximum portability and performance.
Project Goals
This project addresses critical security vulnerabilities in how operating systems handle new USB devices, particularly those that present themselves as HID keyboards to inject malicious keystrokes.
High-level architecture showing how go-ukip intercepts and analyzes USB device events and network configuration changes.
Key Features (Planned)
- Real-time detection of new USB HID devices
- Behavior analysis to identify suspicious keystroke patterns
- Quarantine mode for suspicious devices
- Protection against DHCP spoofing and DNS hijacking
- Seamless operation across Windows, macOS, and Linux
- Minimal resource footprint
- User-friendly alerting system
Technical Implementation
- USB Monitoring: Custom Golang implementation for cross-platform USB device events
- Keystroke Analysis: Machine learning algorithms to detect abnormal typing patterns
- Network Protection: Monitoring of network configuration changes to prevent silent DNS changes
- User Interface: Simple, non-intrusive notifications and configuration panel
Mock-up of the alert shown when a potentially malicious USB device is detected.
Current Status
This project is currently in active development with core USB monitoring functionality implemented. The behavior analysis engine and network protection components are under development.