System Protection Agent Against
Unauthorized Activities via USB Devices

Oliveira, José; Frade, Miguel; Pinto, Pedro

http://hdl.handle.net/10400.8/13595

Use this identifier to reference this record.

Name:	Description:	Size:	Format:
67085.pdf		430.58 KB	Adobe PDF	Download

Send Feedback

Authors

Oliveira, José

Frade, Miguel

Pinto, Pedro

Abstract(s)

Security attacks using USB interfaces and devices are becoming more advanced, which boost efforts to develop counter measures in order to protect systems and data. One of the most recent attacks using USB devices is the BadUSB attack, performed by spoofing the device’s firmware and allowing the attackers to execute a set of malicious actions, e.g. an USB storage device could be mounted as USB keyboard in order to inject malicious scripts into the system. This paper proposes a protection agent against BadUSB attack developed for Windows operative systems. It allows a user to check the class of an USB device ready to be mounted, though enabling the detection of a potential attack if the expected functionality of the device does not match with its class type. The results show that the proposed protection agent is capable of detecting potential intrusions by blocking the installation of the device, scanning the device for something that identifies it, searching for a description locally and finally warning the user about the device meaning that all devices must be approved by the user when plugged in if the system protection agent is running.

Keywords

USB BadUSB Microsoft Windows

URI

http://hdl.handle.net/10400.8/13595

Citation

Oliveira, J., Frade, M. and Pinto, P. System Protection Agent Against Unauthorized Activities via USB Devices. DOI: 10.5220/0006708502370243 In Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security (IoTBDS 2018), pages 237-243 ISBN: 978-989-758-296-7