Abstract
Cyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device’s firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection.
Highlights
Public and private institutions are constantly dealing with new cyberthreats and cyberattacks [1] intended to disrupt infrastructure sectors such as water, power, transportation, communication and health-care systems [2,3,4]
An example of the latter attack is known as BadUSB [8,9], which exploits an vulnerability in Universal Serial Bus (USB) firmware by reprogramming the USB device to act as a defined Human Interface Device (HID) and discreetly execute commands or run malicious programs on a target
The BadUSB attack allows attackers to inject a malicious set of keystrokes on the Operating System (OS) without the user’s knowledge
Summary
Public and private institutions are constantly dealing with new cyberthreats and cyberattacks [1] intended to disrupt infrastructure sectors such as water, power, transportation, communication and health-care systems [2,3,4]. The USB-related attacks exist in multiple forms, such as USB Mass Storage devices that contain malware, smart drives that include malicious auto-run payloads or programmable Human Interface Device (HID), where malicious code is embedded in the device’s firmware and asks to install a hidden USB human interface, such as keyboard, mouse or other interface devices [7]. The BadUSB attacks can be prevented by adopting specific strategies, such as disabling USB ports on computers or disabling the Plug and Play (PnP) devices’ installation (i.e., disable all peripheral devices). The architecture allows the intersecting of the installation of the device driver and presents the user with a local and remote threat assessment based on the identified functionalities of the HID.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
