Devising an approach to analyze the parameters for determining potential premodified firmware of USB devices
Creators
- 1. Almaty University of Power Engineering and Telecommunications named after Gumarbek Daukeyev
- 2. Al-Farabi Kazakh National University
- 3. Narxoz University
Description
This paper reports the results of experiments and studies involving different types of devices that can implement a BadUSB scenario, for example, BadUSB, Rubber Ducky, which, when connected to a computer, impersonate a device with a Human Interface Device, emulating other devices such as a keyboard and mouse.
Given the problem of the lack of management tools for detecting preliminary modifications of USB devices against attacks based on the seizure of computer control, a software and hardware system is proposed as an object of study. It is implemented programmatically in the Arduino IDE environment, and physically it is made on the Arduino Mega board with Shield, which reads the parameters of the devices. It monitors the startup of USB devices and checks each device for pre-retrofitting by passing HID descriptors from the connected hardware. Having parsed the data using Python, the data are represented in the appropriate form for analysis, on the basis of which a decision is made by the system on the possible preliminary modification of the USB drive from which these data came. This is due to the detailed consideration and thorough analysis of data, data types, temporal characteristics of data transmitted along different channels. The technical characteristics and functionality of USB devices were investigated; the parameters transmitted at the moment when they are supplied with power were determined. The system can draw a conclusion based on the analysis according to its algorithm and block a suspicious USB device that has been connected and that can intercept control over the computer.
The results of the study could be used in the field of protection of information systems from attacks based on the seizure of control from external media. The designed solution increases the level of security of the system, making it possible to recognize a possibly pre-modified device at the connection stage
Files
Devising an approach to analyze the parameters for determining potential premodified firmware of USB devices.pdf
Files
(598.1 kB)
Name | Size | Download all |
---|---|---|
md5:8e1f3a217bac7f1afe0698ae441985ea
|
598.1 kB | Preview Download |
Additional details
References
- Neuner, S., Voyiatzis, A. G., Fotopoulos, S., Mulliner, C., Weippl, E. R. (2018). USBlock: Blocking USB-Based Keypress Injection Attacks. Lecture Notes in Computer Science, 278–295. doi: https://doi.org/10.1007/978-3-319-95729-6_18
- Yang, B., Qin, Y., Zhang, Y., Wang, W., Feng, D. (2016). TMSUI: A Trust Management Scheme of USB Storage Devices for Industrial Control Systems. Lecture Notes in Computer Science, 152–168. doi: https://doi.org/10.1007/978-3-319-29814-6_13
- Johnson, P. C., Bratus, S., Smith, S. W. (2017). Protecting Against Malicious Bits On the Wire. Proceedings of the 33rd Annual Computer Security Applications Conference. doi: https://doi.org/10.1145/3134600.3134630
- Ramadhanty, A. D., Budiono, A., Almaarif, A. (2020). Implementation and Analysis of Keyboard Injection Attack using USB Devices in Windows Operating System. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). doi: https://doi.org/10.1109/ic2ie50715.2020.9274631
- Mueller, T., Zimmer, E., de Nittis, L. (2019). Using Context and Provenance to defend against USB-borne attacks. Proceedings of the 14th International Conference on Availability, Reliability and Security. doi: https://doi.org/10.1145/3339252.3339268
- Karystinos, E., Andreatos, A., Douligeris, C. (2019). Spyduino: Arduino as a HID Exploiting the BadUSB Vulnerability. 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). doi: https://doi.org/10.1109/dcoss.2019.00066
- Mohammadmoradi, H., Gnawali, O. (2018). Making Whitelisting-Based Defense Work Against BadUSB. ICSDE'18: Proceedings of the 2nd International Conference on Smart Digital Environment. Available at: http://www2.cs.uh.edu/~gnawali/papers/badusb-icsde2018.pdf
- Ji, X., Le Guernic, G., Cuppens-Boulahia, N., Cuppens, F. (2018). USB Packets Filtering Policies and an Associated Low-Cost Simulation Framework. Lecture Notes in Computer Science, 732–742. doi: https://doi.org/10.1007/978-3-030-01950-1_44
- Hernandez, G., Fowze, F., Tian, D. (Jing), Yavuz, T., Butler, K. R. B. (2017). FirmUSB. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. doi: https://doi.org/10.1145/3133956.3134050
- Pyrkova, А., Zuyeva, Ye. (2019). Creating BADUSB devices and system safety analysis. Vestnik KazNITU, 5, 466–470. Available at: https://official.satbayev.university/download/document/12327/%D0%92%D0%95%D0%A1%D0%A2%D0%9D%D0%98%D0%9A-2019%20%E2%84%965.pdf
- Zueva, E. A., Pyrkova, A. Yu. (2019). Nvestigation of USB devices using ducky script. Vestnik AUES, 3, 53–57. Available at: https://vestnik-aues.kz/frontend/web/uploads/magazine/pdf/1591966671_nFx8A8.pdf#page=55
- Zueva Ye. (2020). Analysis of work of devices with BADUSB vulnerability. Vestnik KBTU, 17 (1), 141–146. Available at: https://kbtu.edu.kz/images/vesnik_1_2020.pdf