Distributed Architecture to Enhance Systems Protection against Unauthorized Activity via USB Devices
Abstract
:1. Introduction
2. Related Work
- 1.
- USB Mass Storage devices containing malware: consists of external USB storage that is used to inject malicious code to a computer. Examples can be found in [20,25]. If these devices are shared between multiple computers, the malicious code can be widely disseminated. Microsoft Windows allowed autorun by default, allowing automatic file execution, a feature that was later abandoned [26];
- 2.
- U3 smart drives: These devices are similar to Mass Storage Devices but have a special partition that is recognized by Microsoft Windows as a CD-ROM. CD-ROMs can use the autorun feature to execute malicious code. If the U3 Thumb Drive runs a malicious autorun payload, then the intention was to harm the system by delivering malware [24];
- 3.
- USB devices in the Middle (USBiM): a USB device that installs activity loggers in the host computer, such as keyloggers. Some of these devices are available as forensic tools [27]; however, other devices with malicious purposes fit into this category, such as printer loggers, or hardware USB sniffers. In [28], a proof of concept is presented, where a device is capable of achieving the same results as hardware keyloggers, keyboard emulation and BadUSB hardware implants;
- 4.
- Denial of Service USB devices: USB devices intending to disrupt services. An example of Permanent Denial of Service (PDoS) hardware used in this type of attack is the USB killer [29] that uses the USB power lines to charge capacitors and, when fully charged, discharge high voltage (200 volts) over the data lines of the host device, permanently damaging any circuit board with no electrical surge protection. Another example would be [30] where attackers have compromised over 25,000 devices and used them to launch a Distributed Denial of Service (DDoS);
- 5.
- USB with programmable HID consists of malicious code that is embedded in device’s firmware and requests a USB human interface. As pointed out in [31], this procedure provides unacknowledged and malicious functionality that lies outside the apparent purpose of the device.
3. Distributed Agent Architecture
Algorithm 1: INF File Path/Functionality Assessment Algorithm (step 5) |
Algorithm 2: Threat Assessment Algorithm (step 5) and User Interaction (steps 6 and 7) |
4. Implementation and Results
5. Conclusions and Future Work
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Sabillon, R.; Serra-Ruiz, J.; Cavaller, V.; Cano, J. A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). In Proceedings of the 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017, Quito, Ecuador, 23–25 November 2018; Volume 2017, pp. 253–259. [Google Scholar] [CrossRef]
- Almeida, V.A.; Doneda, D.; De Souza Abreu, J. Cyberwarfare and digital governance. IEEE Internet Comput. 2017, 21, 68–71. [Google Scholar] [CrossRef]
- Li, X.; Zhou, C.; Tian, Y.C.; Xiong, N.; Qin, Y. Asset-Based Dynamic Impact Assessment of Cyberattacks for Risk Analysis in Industrial Control Systems. IEEE Trans. Ind. Inform. 2018, 14, 608–618. [Google Scholar] [CrossRef]
- Floyd, T.; Grieco, M.; Reid, E.F. Mining hospital data breach records: Cyber threats to U.S. hospitals. In Proceedings of the IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016, Tucson, AZ, USA, 9–10 November 2016; pp. 43–48. [Google Scholar] [CrossRef]
- Reddy, S.T.; Lakshmi, D.L.; Deepthi, C.; Sikha, O.K. USB-SEC: A secure application to manage removable media. In Proceedings of the 10th International Conference on Intelligent Systems and Control, ISCO 2016, Coimbatore, India, 7–8 January 2016; pp. 1–4. [Google Scholar] [CrossRef]
- Jodeit, M.; Johns, M. USB Device Drivers: A Stepping Stone into Your Kernel. In Proceedings of the 2010 European Conference on Computer Network Defense, Berlin, Germany, 28–29 October 2010; pp. 46–52. [Google Scholar] [CrossRef]
- Human Interface Device (HID). Available online: https://www.techopedia.com/definition/19781/human-interface-device-hid (accessed on 20 January 2021).
- Nohl, K.; Krißler, S.; Lell, J. BadUSB—On Accessories That Turn Evil. Available online: https://srlabs.de/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf (accessed on 20 December 2020).
- Shafique, U.; Zahur, S.B. Towards Protection Against a USB Device Whose Firmware Has Been Compromised or Turned as ‘BadUSB’; Springer: Cham, Switzerland, 2020; pp. 975–987. [Google Scholar] [CrossRef]
- Oliveira, J.; Frade, M.; Pinto, P. System protection agent against unauthorized activities via USB devices. In Proceedings of the IoTBDS 2018—Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security, Funchal, Portugal, 19–21 March 2018; Volume 2018. [Google Scholar] [CrossRef]
- Pham, D.V.; Syed, A.; Halgamuge, M.N. Universal Serial Bus Based Software Attacks and Protection Solutions. Digit. Investig. 2011. [Google Scholar] [CrossRef]
- Tian, J.; Scaife, N.; Kumar, D.; Bailey, M.; Bates, A.; Butler, K. SoK: “Plug & Pray” Today—Understanding USB Insecurity in Versions 1 Through C. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 20–24 May 2018; pp. 1032–1047. [Google Scholar] [CrossRef]
- Benadjila, R.; Renard, M.; Trebuchet, P.; Thierry, P.; Michelizza, A.; Lefaure, J. WooKey: USB Devices Strike Back. In Proceedings of the SSTIC 2018, Rennes, France, 13–15 June 2018. [Google Scholar]
- Mertz, L. Cyberattacks on Devices Threaten Data and Patients: Cybersecurity Risks Come with the Territory. Three Experts Explain What You Need to Know. IEEE Pulse 2018, 9, 25–28. [Google Scholar] [CrossRef] [PubMed]
- Poeplau, S.; Gassen, J.; Gerhards-Padilla, E. A honeypot for arbitrary malware on USB storage devices. In Proceedings of the 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012, Cork, Ireland, 10–12 October 2012; pp. 1–8. [Google Scholar] [CrossRef]
- Tischer, M.; Durumeric, Z.; Bursztein, E.; Bailey, M. The Danger of USB Drives. 2017. Available online: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7891503 (accessed on 21 December 2018).
- Tischer, M.; Durumeric, Z.; Foster, S.; Duan, S.; Mori, A.; Bursztein, E.; Bailey, M. Users Really Do Plug in USB Drives They Find. In Proceedings of the 2016 IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016; pp. 306–319. [Google Scholar] [CrossRef]
- Andreasson, K.J. Cybersecurity: Public Sector Threats and Responses; CRC Press: Boca Raton, FL, USA, 2012. [Google Scholar]
- Greene, T. Conficker Worm Takes Manchester Police Offline for Three Days|Security|Computerworld UK. 2010. Available online: https://www.computerworlduk.com/security/conficker-worm-takes-manchester-police-offline-for-three-days-18640/ (accessed on 27 December 2018).
- Terdiman, D. Stuxnet Delivered to Iranian Nuclear Plant on Thumb Drive. 2012. Available online: https://www.cnet.com/news/stuxnet-delivered-to-iranian-nuclear-plant-on-thumb-drive/ (accessed on 30 December 2020).
- Complex, I. Stuxnet could Hijack Power Plants, Refineries. 2010. Available online: https://www.cnet.com/news/stuxnet-could-hijack-power-plants-refineries/ (accessed on 30 December 2020).
- Nissim, N.; Yahalom, R.; Elovici, Y. USB-based attacks. Comput. Secur. 2017, 70, 675–688. [Google Scholar] [CrossRef]
- Cimpanu, C. Here’s a List of 29 Different Types of USB Attacks. 2018. Available online: https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/ (accessed on 30 December 2020).
- Crenshaw, A. Plug and Prey: Malicious USB Devices. In Proceedings of the Shmoocon, Washington, DC, USA, 28–30 January 2011; pp. 1–41. [Google Scholar]
- Walters, P. The Risks of Using Portable Devices What Are the Risks? Carnegie Mellon University: Pittsburgh, PA, USA, 2012. [Google Scholar]
- Microsoft Releases Security Update for Autorun Vulnerability—Redmondmag.com. Available online: https://redmondmag.com/articles/2011/02/10/update-for-autorun-vulnerability.aspx (accessed on 30 December 2020).
- Reviews of the Best USB Keyloggers for 2018–2019—Nerd Techy. 2017. Available online: https://nerdtechy.com/reviews-best-usb-keyloggersl (accessed on 21 December 2018).
- Say hello to BadUSB 2.0: A USB Man-In-The-Middle Attack Proof of Concept|CSO Online. Available online: https://www.csoonline.com/article/3087484/say-hello-to-badusb-20-usb-man-in-the-middle-attack-proof-of-concept.html (accessed on 30 December 2020).
- USB Killer v3—USBKill. Available online: https://usbkill.com/products/usb-killer-v3 (accessed on 30 December 2020).
- Thousands of Hacked CCTV Devices Used in DDoS Attacks | PCWorld. Available online: https://www.pcworld.com/article/3089346/thousands-of-hacked-cctv-devices-used-in-ddos-attacks.html (accessed on 30 December 2020).
- Tian, D.; Bates, A.; Butler, K. Defending Against Malicious USB Firmware with GoodUSB. In Proceedings of the 31st Annual Computer Security Applications Conference on—ACSAC 2015, Los Angeles, CA, USA, 7–11 December 2015. [Google Scholar] [CrossRef]
- USBKey. Available online: http://www.meet-electronics.com/products/usbkey (accessed on 30 December 2020).
- Ulanoff Lance. How You Can Avoid a BadUSB Attack. 2014. Available online: https://mashable.com/2014/10/03/how-can-you-avoid-badusb/?europe=true#DhMbENGvxiqh (accessed on 30 December 2020).
- Natalie, C. Protect Against BadUSB with Mobile Cloud Storage|ChaiOne. 2016. Available online: https://chaione.com/blog/protect-badusb-cloud-storage/ (accessed on 30 December 2020).
- Port Blocking: Why Corporate Computers Need Disabled USB Ports—The Network Hub. Available online: https://searchnetworking.techtarget.com/blog/The-Network-Hub/Port-blocking-Why-corporate-computers-need-disabled-USB-ports (accessed on 30 December 2020).
- Poppe, C.H. USB Port Locking and Blocking Device. U.S. Patent 7,635,272, 22 December 2009. [Google Scholar]
- Block Access to USB Ports—SecuPlus Shop. Available online: https://www.secuplus-shop.nl/en/secumate-usb-port-locks.html (accessed on 30 December 2020).
- Oliveira, J.; Frade, M.; Pinto, P. JoseOliveira01/usb-Whitelisting: USB-Whitelisting. 2017. Available online: https://zenodo.org/record/1009691#.XB0Ya8_7TKM (accessed on 30 December 2020).
- Overview of INF Files—Windows Drivers | Microsoft Docs. Available online: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/overview-of-inf-files (accessed on 30 December 2020).
- Bourdon, R. WampServer, La Plate-Forme De Développement Web Sous Windows—Apache, MySQL, PHP. 2020. Available online: https://www.wampserver.com/en/ (accessed on 21 February 2021).
Description | Name Obtained from OS | Agent Delay (s)(1) | Installation Delay (s)(2) | Total Delay (s) (3) = (1) + (2) | Delay Ratio (%)100 |
Card Reader Writer | USB 2.0-CRW | 0.56 | 1.59 | 2.15 | 26.04 |
Kingston DataTraveler Mass Storage Device | DataTraveler G2 | 0.54 | 4.45 | 4.99 | 10.82 |
TP-Link Network Adapter | 802.11n NIC | 0.58 | 2.03 | 2.61 | 22.22 |
Bluetooth Adapter | ISSCEDRBTA | 0.80 | 1.06 | 1.86 | 43.01 |
Kingston DataTraveler Mass Storage Device | DT 101 G2 | 0.75 | 0.67 | 1.42 | 52.81 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Oliveira, J.; Pinto, P.; Santos, H. Distributed Architecture to Enhance Systems Protection against Unauthorized Activity via USB Devices. J. Sens. Actuator Netw. 2021, 10, 19. https://doi.org/10.3390/jsan10010019
Oliveira J, Pinto P, Santos H. Distributed Architecture to Enhance Systems Protection against Unauthorized Activity via USB Devices. Journal of Sensor and Actuator Networks. 2021; 10(1):19. https://doi.org/10.3390/jsan10010019
Chicago/Turabian StyleOliveira, José, Pedro Pinto, and Henrique Santos. 2021. "Distributed Architecture to Enhance Systems Protection against Unauthorized Activity via USB Devices" Journal of Sensor and Actuator Networks 10, no. 1: 19. https://doi.org/10.3390/jsan10010019
APA StyleOliveira, J., Pinto, P., & Santos, H. (2021). Distributed Architecture to Enhance Systems Protection against Unauthorized Activity via USB Devices. Journal of Sensor and Actuator Networks, 10(1), 19. https://doi.org/10.3390/jsan10010019