Devising an approach to analyze the parameters for determining potential premodified firmware of USB devices
Keywords:information protection, USB devices, HID, BadUSB, USB controllers, modification of USB devices
This paper reports the results of experiments and studies involving different types of devices that can implement a BadUSB scenario, for example, BadUSB, Rubber Ducky, which, when connected to a computer, impersonate a device with a Human Interface Device, emulating other devices such as a keyboard and mouse.
Given the problem of the lack of management tools for detecting preliminary modifications of USB devices against attacks based on the seizure of computer control, a software and hardware system is proposed as an object of study. It is implemented programmatically in the Arduino IDE environment, and physically it is made on the Arduino Mega board with Shield, which reads the parameters of the devices. It monitors the startup of USB devices and checks each device for pre-retrofitting by passing HID descriptors from the connected hardware. Having parsed the data using Python, the data are represented in the appropriate form for analysis, on the basis of which a decision is made by the system on the possible preliminary modification of the USB drive from which these data came. This is due to the detailed consideration and thorough analysis of data, data types, temporal characteristics of data transmitted along different channels. The technical characteristics and functionality of USB devices were investigated; the parameters transmitted at the moment when they are supplied with power were determined. The system can draw a conclusion based on the analysis according to its algorithm and block a suspicious USB device that has been connected and that can intercept control over the computer.
The results of the study could be used in the field of protection of information systems from attacks based on the seizure of control from external media. The designed solution increases the level of security of the system, making it possible to recognize a possibly pre-modified device at the connection stage
- Neuner, S., Voyiatzis, A. G., Fotopoulos, S., Mulliner, C., Weippl, E. R. (2018). USBlock: Blocking USB-Based Keypress Injection Attacks. Lecture Notes in Computer Science, 278–295. doi: https://doi.org/10.1007/978-3-319-95729-6_18
- Yang, B., Qin, Y., Zhang, Y., Wang, W., Feng, D. (2016). TMSUI: A Trust Management Scheme of USB Storage Devices for Industrial Control Systems. Lecture Notes in Computer Science, 152–168. doi: https://doi.org/10.1007/978-3-319-29814-6_13
- Johnson, P. C., Bratus, S., Smith, S. W. (2017). Protecting Against Malicious Bits On the Wire. Proceedings of the 33rd Annual Computer Security Applications Conference. doi: https://doi.org/10.1145/3134600.3134630
- Ramadhanty, A. D., Budiono, A., Almaarif, A. (2020). Implementation and Analysis of Keyboard Injection Attack using USB Devices in Windows Operating System. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). doi: https://doi.org/10.1109/ic2ie50715.2020.9274631
- Mueller, T., Zimmer, E., de Nittis, L. (2019). Using Context and Provenance to defend against USB-borne attacks. Proceedings of the 14th International Conference on Availability, Reliability and Security. doi: https://doi.org/10.1145/3339252.3339268
- Karystinos, E., Andreatos, A., Douligeris, C. (2019). Spyduino: Arduino as a HID Exploiting the BadUSB Vulnerability. 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). doi: https://doi.org/10.1109/dcoss.2019.00066
- Mohammadmoradi, H., Gnawali, O. (2018). Making Whitelisting-Based Defense Work Against BadUSB. ICSDE'18: Proceedings of the 2nd International Conference on Smart Digital Environment. Available at: http://www2.cs.uh.edu/~gnawali/papers/badusb-icsde2018.pdf
- Ji, X., Le Guernic, G., Cuppens-Boulahia, N., Cuppens, F. (2018). USB Packets Filtering Policies and an Associated Low-Cost Simulation Framework. Lecture Notes in Computer Science, 732–742. doi: https://doi.org/10.1007/978-3-030-01950-1_44
- Hernandez, G., Fowze, F., Tian, D. (Jing), Yavuz, T., Butler, K. R. B. (2017). FirmUSB. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. doi: https://doi.org/10.1145/3133956.3134050
- Pyrkova, А., Zuyeva, Ye. (2019). Creating BADUSB devices and system safety analysis. Vestnik KazNITU, 5, 466–470. Available at: https://official.satbayev.university/download/document/12327/%D0%92%D0%95%D0%A1%D0%A2%D0%9D%D0%98%D0%9A-2019%20%E2%84%965.pdf
- Zueva, E. A., Pyrkova, A. Yu. (2019). Nvestigation of USB devices using ducky script. Vestnik AUES, 3, 53–57. Available at: https://vestnik-aues.kz/frontend/web/uploads/magazine/pdf/1591966671_nFx8A8.pdf#page=55
- Zueva Ye. (2020). Analysis of work of devices with BADUSB vulnerability. Vestnik KBTU, 17 (1), 141–146. Available at: https://kbtu.edu.kz/images/vesnik_1_2020.pdf
How to Cite
Copyright (c) 2022 Yekaterina Zuyeva, Anna Pyrkova, Abdizhapar Saparbayev, Aiymzhan Makulova, Gulzinat Ordabayeva
This work is licensed under a Creative Commons Attribution 4.0 International License.
The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.
A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with PC TECHNOLOGY CENTER, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher PC TECHNOLOGY CENTER does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.