Devising an approach to analyze the parameters for determining potential premodified firmware of USB devices

Authors

DOI:

https://doi.org/10.15587/1729-4061.2022.269031

Keywords:

information protection, USB devices, HID, BadUSB, USB controllers, modification of USB devices

Abstract

This paper reports the results of experiments and studies involving different types of devices that can implement a BadUSB scenario, for example, BadUSB, Rubber Ducky, which, when connected to a computer, impersonate a device with a Human Interface Device, emulating other devices such as a keyboard and mouse.

Given the problem of the lack of management tools for detecting preliminary modifications of USB devices against attacks based on the seizure of computer control, a software and hardware system is proposed as an object of study. It is implemented programmatically in the Arduino IDE environment, and physically it is made on the Arduino Mega board with Shield, which reads the parameters of the devices. It monitors the startup of USB devices and checks each device for pre-retrofitting by passing HID descriptors from the connected hardware. Having parsed the data using Python, the data are represented in the appropriate form for analysis, on the basis of which a decision is made by the system on the possible preliminary modification of the USB drive from which these data came. This is due to the detailed consideration and thorough analysis of data, data types, temporal characteristics of data transmitted along different channels. The technical characteristics and functionality of USB devices were investigated; the parameters transmitted at the moment when they are supplied with power were determined. The system can draw a conclusion based on the analysis according to its algorithm and block a suspicious USB device that has been connected and that can intercept control over the computer.

The results of the study could be used in the field of protection of information systems from attacks based on the seizure of control from external media. The designed solution increases the level of security of the system, making it possible to recognize a possibly pre-modified device at the connection stage

Author Biographies

Yekaterina Zuyeva, Almaty University of Power Engineering and Telecommunications named after Gumarbek Daukeyev

Master of Applied Mathematics, Senior Teacher

Department of Information Systems and Cybersecurity

Anna Pyrkova, Al-Farabi Kazakh National University

Candidate of Physical and Mathematical Sciences, Professor

Department of Computer Science

Abdizhapar Saparbayev, Al-Farabi Kazakh National University

Doctor of Economics, Professor

Department of International Relations and World Economy

Aiymzhan Makulova, Narxoz University

Doctor of Economics, Professor

School of Digital Technologies

Gulzinat Ordabayeva, Al-Farabi Kazakh National University

Senior Teacher

Department of Information Systems

References

  1. Neuner, S., Voyiatzis, A. G., Fotopoulos, S., Mulliner, C., Weippl, E. R. (2018). USBlock: Blocking USB-Based Keypress Injection Attacks. Lecture Notes in Computer Science, 278–295. doi: https://doi.org/10.1007/978-3-319-95729-6_18
  2. Yang, B., Qin, Y., Zhang, Y., Wang, W., Feng, D. (2016). TMSUI: A Trust Management Scheme of USB Storage Devices for Industrial Control Systems. Lecture Notes in Computer Science, 152–168. doi: https://doi.org/10.1007/978-3-319-29814-6_13
  3. Johnson, P. C., Bratus, S., Smith, S. W. (2017). Protecting Against Malicious Bits On the Wire. Proceedings of the 33rd Annual Computer Security Applications Conference. doi: https://doi.org/10.1145/3134600.3134630
  4. Ramadhanty, A. D., Budiono, A., Almaarif, A. (2020). Implementation and Analysis of Keyboard Injection Attack using USB Devices in Windows Operating System. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). doi: https://doi.org/10.1109/ic2ie50715.2020.9274631
  5. Mueller, T., Zimmer, E., de Nittis, L. (2019). Using Context and Provenance to defend against USB-borne attacks. Proceedings of the 14th International Conference on Availability, Reliability and Security. doi: https://doi.org/10.1145/3339252.3339268
  6. Karystinos, E., Andreatos, A., Douligeris, C. (2019). Spyduino: Arduino as a HID Exploiting the BadUSB Vulnerability. 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). doi: https://doi.org/10.1109/dcoss.2019.00066
  7. Mohammadmoradi, H., Gnawali, O. (2018). Making Whitelisting-Based Defense Work Against BadUSB. ICSDE'18: Proceedings of the 2nd International Conference on Smart Digital Environment. Available at: http://www2.cs.uh.edu/~gnawali/papers/badusb-icsde2018.pdf
  8. Ji, X., Le Guernic, G., Cuppens-Boulahia, N., Cuppens, F. (2018). USB Packets Filtering Policies and an Associated Low-Cost Simulation Framework. Lecture Notes in Computer Science, 732–742. doi: https://doi.org/10.1007/978-3-030-01950-1_44
  9. Hernandez, G., Fowze, F., Tian, D. (Jing), Yavuz, T., Butler, K. R. B. (2017). FirmUSB. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. doi: https://doi.org/10.1145/3133956.3134050
  10. Pyrkova, А., Zuyeva, Ye. (2019). Creating BADUSB devices and system safety analysis. Vestnik KazNITU, 5, 466–470. Available at: https://official.satbayev.university/download/document/12327/%D0%92%D0%95%D0%A1%D0%A2%D0%9D%D0%98%D0%9A-2019%20%E2%84%965.pdf
  11. Zueva, E. A., Pyrkova, A. Yu. (2019). Nvestigation of USB devices using ducky script. Vestnik AUES, 3, 53–57. Available at: https://vestnik-aues.kz/frontend/web/uploads/magazine/pdf/1591966671_nFx8A8.pdf#page=55
  12. Zueva Ye. (2020). Analysis of work of devices with BADUSB vulnerability. Vestnik KBTU, 17 (1), 141–146. Available at: https://kbtu.edu.kz/images/vesnik_1_2020.pdf
Devising an approach to analyze the parameters for determinimg potential pre-modified firmware of USB devices

Downloads

Published

2022-12-30

How to Cite

Zuyeva, Y., Pyrkova, A., Saparbayev, A., Makulova, A., & Ordabayeva, G. (2022). Devising an approach to analyze the parameters for determining potential premodified firmware of USB devices. Eastern-European Journal of Enterprise Technologies, 6(9 (120), 51–58. https://doi.org/10.15587/1729-4061.2022.269031

Issue

Section

Information and controlling system