research-article

A transparent defense against USB eavesdropping attacks

Authors:

Matthias Neugschwandtner,

Anil KurmusAuthors Info & Claims

EuroSec '16: Proceedings of the 9th European Workshop on System Security

Article No.: 6, Pages 1 - 6

https://doi.org/10.1145/2905760.2905765

Published: 18 April 2016 Publication History

Abstract

Attacks that leverage USB as an attack vector are gaining popularity. While attention has so far focused on attacks that either exploit the host's USB stack or its unrestricted device privileges, it is not necessary to compromise the host to mount an attack over USB. This paper describes and implements a USB sniffing attack. In this attack a USB device passively eavesdrops on all communications from the host to other devices, without being situated on the physical path between the host and the victim device. To prevent this attack, we present UScramBle, a lightweight encryption solution which can be transparently used, with no setup or intervention from the user. Our prototype implementation of UScramBle for the Linux kernel imposes less than 15% performance overhead in the worst case.

References

[1]

D. Barrall and D. Dewey. Plug and Root, the USB Key to the Kingdom. BlackHat US, 2005.

[2]

M. Becher, M. Dornseif, and C. Klein. Firewire -- all your memory are belong to us. CanSecWest, 2014.

[3]

Compaq, DEC, IBM, Intel, Microsoft, NEC and Nortel. Universal Serial Bus Revision 2.0 Specification. http://www.usb.org/developers/docs/usb20_docs/, 2005.

[4]

J. Corbet. Random numbers for embedded devices. Linux Weekly News, https://lwn.net/Articles/507115/, 2012.

[5]

N. Falliere, L. O. Murchu, and E. Chien. W32.Stuxnet Dossier. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf, 2011.

[6]

D. He, N. Kumar, J.-H. Lee, and R. Sherratt. Enhanced three-factor security protocol for consumer usb mass storage devices. Consumer Electronics, IEEE Transactions on, 60(1), 2014.

[7]

N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman. Mining your ps and qs: Detection of widespread weak keys in network devices. In USENIX Security Symposium (USENIX SEC), 2012.

Digital Library

[8]

M. Jodeit and M. Johns. Usb device drivers: A stepping stone into your kernel. In European Conference on Computer Network Defense (EC2ND), 2010.

Digital Library

[9]

J. Larimer. Beyond Autorun: Exploiting vulnerabilities with removable storage. BlackHat US, 2011.

[10]

K. Nohl, S. Krissler, and J. Lell. Badusb -- on accessories that turn evil. BlackHat US, 2014.

[11]

G. Ose. Exploiting USB Devices with Arduino. BlackHat US, 2011.

[12]

S. Schumilo, R. Spenneberg, and H. Schwartke. Dont trust your usb! how to find bugs in usb device drivers. BlackHat US, 2014.

[13]

R. Sevinsky. Funderbolt - adventures in thunderbolt dma attacks. BlackHat US, 2013.

[14]

P. Stewin and I. Bystrov. Understanding dma malware. In Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2013.

Digital Library

[15]

A. Tetmeyer and H. Saiedian. Security threats and mitigating risk for usb devices. Technology and Society Magazine, IEEE, 29(4), 2010.

[16]

D. Tian, A. Bates, and K. Butler. Defending Against Malicious USB Firmware with GoodUSB. In Annual Computer Security Applications Conference (ACSAC), 2015.

Digital Library

[17]

Z. Wang and A. Stavrou. Exploiting smart-phone usb connectivity for fun and profit. In Annual Computer Security Applications Conference (ACSAC), 2010.

Digital Library

[18]

Z. Wang and A. Stavrou. Usbsec: A defense to the ghost in your pocket. Kaspersky Security IT Conference, 2011.

[19]

B. Yang, D. Feng, Y. Qin, Y. Zhang, and W. Wang. Tmsui: A trust management scheme of usb storage devices for industrial control systems. In Conference on Information and Communications Security (ICICS), 2015.

Cited By

Li SLi SLiu QSong YZhang CLu L(2024)Watch Out Your Thumb Drive: Covert Data Theft From Portable Data Storage via BackscatterIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330560721:4(2434-2447)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3305607
Dumitru RGenkin DWabnitz AYarom YCalandrino JTroncoso C(2023)The impostor among US(B)Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620565(5863-5880)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620565
Sebastian APadmanabha VMani J(2023)Biometrically Authenticated Boot Loading System from USB Drive by Exploiting the Fingerprint and Finger VeinProceedings of the 1st International Conference on Innovation in Information Technology and Business (ICIITB 2022)10.2991/978-94-6463-110-4_18(250-261)Online publication date: 31-Jan-2023
https://doi.org/10.2991/978-94-6463-110-4_18
Show More Cited By

Index Terms

A transparent defense against USB eavesdropping attacks
1. Hardware
  1. Communication hardware, interfaces and storage
    1. Buses and high-speed links
2. Security and privacy
  1. Security in hardware
    1. Embedded systems security
  2. Systems security

Recommendations

DDoS attacks and defense mechanisms: classification and state-of-the-art

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
Seven Deadliest USB Attacks
Adaptive Defense Against Various Network Attacks

In defending against various network attacks, such as distributed denial-of-service (DDoS) attacks or worm attacks, a defense system needs to deal with various network conditions and dynamically changing attacks. Therefore, a good defense system needs ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

EuroSec '16: Proceedings of the 9th European Workshop on System Security

April 2016

47 pages

ISBN:9781450342957

DOI:10.1145/2905760

Program Chairs:
Michalis Polychronakis
Stony Brook University
,
Cristiano Giuffrida
VU University Amsterdam

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

European Union Horizon 2020

Conference

EuroSys '16

EuroSys '16: Eleventh EuroSys Conference 2016

April 18 - 21, 2016

London, United Kingdom

Acceptance Rates

EuroSec '16 Paper Acceptance Rate 7 of 16 submissions, 44%;

Overall Acceptance Rate 47 of 113 submissions, 42%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
391
Total Downloads

Downloads (Last 12 months)58
Downloads (Last 6 weeks)2

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li SLi SLiu QSong YZhang CLu L(2024)Watch Out Your Thumb Drive: Covert Data Theft From Portable Data Storage via BackscatterIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330560721:4(2434-2447)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3305607
Dumitru RGenkin DWabnitz AYarom YCalandrino JTroncoso C(2023)The impostor among US(B)Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620565(5863-5880)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620565
Sebastian APadmanabha VMani J(2023)Biometrically Authenticated Boot Loading System from USB Drive by Exploiting the Fingerprint and Finger VeinProceedings of the 1st International Conference on Innovation in Information Technology and Business (ICIITB 2022)10.2991/978-94-6463-110-4_18(250-261)Online publication date: 31-Jan-2023
https://doi.org/10.2991/978-94-6463-110-4_18
Dumitru RBeaumont MHopkins BWindows S(2023)USB ProxyProceedings of the 2023 Australasian Computer Science Week10.1145/3579375.3579390(122-125)Online publication date: 30-Jan-2023
https://dl.acm.org/doi/10.1145/3579375.3579390
Wahanani HIdhom MKurniawan D(2020)Exploit remote attack test in operating system using arduino microJournal of Physics: Conference Series10.1088/1742-6596/1569/2/0220381569(022038)Online publication date: 24-Jul-2020
https://doi.org/10.1088/1742-6596/1569/2/022038
Mueller TZimmer Ede Nittis L(2019)Using Context and Provenance to defend against USB-borne attacksProceedings of the 14th International Conference on Availability, Reliability and Security10.1145/3339252.3339268(1-9)Online publication date: 26-Aug-2019
https://dl.acm.org/doi/10.1145/3339252.3339268
Suzaki KHori YKobara KMannan M(2019)DeviceVeil: Robust Authentication for Individual USB Devices Using Physical Unclonable Functions2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN.2019.00041(302-314)Online publication date: Jun-2019
https://doi.org/10.1109/DSN.2019.00041
Mohammadmoradi HGnawali O(2018)Making Whitelisting-Based Defense Work Against BadUSBProceedings of the 2nd International Conference on Smart Digital Environment10.1145/3289100.3289121(127-134)Online publication date: 18-Oct-2018
https://dl.acm.org/doi/10.1145/3289100.3289121
Neuner SVoyiatzis AFotopoulos SMulliner CWeippl E(2018)USBlock: Blocking USB-Based Keypress Injection AttacksData and Applications Security and Privacy XXXII10.1007/978-3-319-95729-6_18(278-295)Online publication date: 10-Jul-2018
https://doi.org/10.1007/978-3-319-95729-6_18

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents