System Protection Agent Against Unauthorized Activities via USB Devices

José Oliveira, Miguel Frade, Pedro Pinto

2018

Abstract

Security attacks using USB interfaces and devices are becoming more advanced, which boost efforts to develop counter measures in order to protect systems and data. One of the most recent attacks using USB devices is the BadUSB attack, performed by spoofing the device’s firmware and allowing the attackers to execute a set of malicious actions, e.g. an USB storage device could be mounted as USB keyboard in order to inject malicious scripts into the system. This paper proposes a protection agent against BadUSB attack developed for Windows operative systems. It allows a user to check the class of an USB device ready to be mounted, though enabling the detection of a potential attack if the expected functionality of the device does not match with its class type. The results show that the proposed protection agent is capable of detecting potential intrusions by blocking the installation of the device, scanning the device for something that identifies it, searching for a description locally and finally warning the user about the device meaning that all devices must be approved by the user when plugged in if the system protection agent is running.

Download


Paper Citation


in Harvard Style

Oliveira J., Frade M. and Pinto P. (2018). System Protection Agent Against Unauthorized Activities via USB Devices.In Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-296-7, pages 237-243. DOI: 10.5220/0006708502370243


in Bibtex Style

@conference{iotbds18,
author={José Oliveira and Miguel Frade and Pedro Pinto},
title={System Protection Agent Against Unauthorized Activities via USB Devices},
booktitle={Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},
year={2018},
pages={237-243},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006708502370243},
isbn={978-989-758-296-7},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - System Protection Agent Against Unauthorized Activities via USB Devices
SN - 978-989-758-296-7
AU - Oliveira J.
AU - Frade M.
AU - Pinto P.
PY - 2018
SP - 237
EP - 243
DO - 10.5220/0006708502370243