TMSUI: A Trust Management Scheme of USB Storage Devices for Industrial Control Systems

The security of sensitive data and the safety of control signal are two core issues in industrial control system (ICS). However, the prevalence of USB storage devices brings a great challenge on protecting ICS in those respects. Unfortunately, there is currently no solution specially for ICS to provide a complete defense against communication between untrusted USB storage devices and critical equipment without forbidding normal USB device function. This paper proposes a trust management scheme of USB storage devices for ICS (TMSUI). By fully considering application scenarios, TMSUI is designed based on security chip to flexibly achieve authorizing a certain USB storage device to only access some exact protected terminals in ICS for a particular period of time. The scheme enables administrators to revoke authorized devices. We analyze six security properties of TMSUI. The prototype system is finally implemented. The evaluation results indicate that our scheme meets the security goals with high compatibility and good efficiency.

[1]  Hossein Saiedian,et al.  Security Threats and Mitigating Risk for USB Devices , 2010, IEEE Technology and Society Magazine.

[2]  Jonathan M. McCune,et al.  OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms , 2013, CCS.

[3]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[4]  Chen-Ching Liu,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees , 2007, 2007 IEEE Power Engineering Society General Meeting.

[5]  Eduardo Tovar,et al.  Real-time fieldbus communications using Profibus networks , 1999, IEEE Trans. Ind. Electron..

[6]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[7]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[8]  Malka N. Halgamuge,et al.  Optimizing Windows security features to prevent USB based software attacks' to 'Optimizing Windows security features to block malware and hack tools on USB storage devices , 2010 .

[9]  Bo Yang,et al.  A Lightweight Anonymous Mobile Shopping Scheme Based on DAA for Trusted Mobile Platform , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[10]  Harlan Carvey,et al.  Tracking USB storage: Analysis of windows artifacts generated by USB storage devices , 2005, Digit. Investig..

[11]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[12]  Barry Charles Ezell,et al.  Infrastructure Vulnerability Assessment Model (I‐VAM) , 2007, Risk analysis : an official publication of the Society for Risk Analysis.

[13]  P. Thomas,et al.  An Investigation into the Development of an Anti-forensic Tool to Obscure USB Flash Drive Device Information on a Windows XP Platform , 2008, 2008 Third International Annual Workshop on Digital Forensics and Incident Analysis.

[14]  Sinan Adnan Diwan,et al.  Complete Security Package for USB Thumb Drive , 2014 .

[15]  Xinghuo Yu,et al.  SCADA system security: Complexity, history and new developments , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[16]  Edilberto Blez Deroncelé,et al.  USB Device Management in GNU/Linux Systems , 2014, OSS.

[17]  Bo Yang,et al.  DAA-TZ: An Efficient DAA Scheme for Mobile Devices Using ARM TrustZone , 2015, TRUST.