Securing USB ports of real-time Cyber Physical Systems

Abstract

With the advent of VLSI, complex circuits can be implemented on a small single chip leading to the development of embedded devices that perform dedicated functions most commonly deployed as Cyber Physical System (CPS) today. Security of real-time cyber physical systems is of great concern these days as attacking a single device in a network may cause all the devices in the network to be affected and the result of attack may be severe as these devices may need to respond in real time. Most of the CPS are built with USB ports which are extensively used for connectivity. It is possible for a proximate attacker to exploit the vulnerabilities in the devices through USB ports. Since merely powering-on a system and connecting a USB device provides it with access to kernel, the security of the device is at stake. For the real time cyber physical systems providing critical functionality, even a typical reboot may be of concern depending on its functionality. Hence these devices are to be thoroughly tested against any vulnerabilities and necessary measures are taken at initial stages of development. This paper covers experiences with fuzzing implemented using both Facedancer21 and umap tool and exploiting the driver vulnerability with invalid endpoint number using Facedancer21. The drivers that are vulnerable were disabled in the target host and the experiment was repeated and the target was found to be resistant to the attacks as the drivers responsible for the system crash were not loading during the enumeration process, thus securing the USB ports.