USBlock: Blocking USB-Based Keypress Injection Attacks

The Universal Serial Bus (USB) is becoming a prevalent attack vector. Rubber Ducky and BadUSB are two recent classes of a whole spectrum of attacks carried out using fully-automated keypress injections through innocent-looking USB devices. So far, defense mechanisms are insufficient and rely on user participation in the trust decision.

[1]  Anton Beitler,et al.  A transparent defense against USB eavesdropping attacks , 2016, EuroSec '16.

[2]  Malka N. Halgamuge,et al.  Universal serial bus based software attacks and protection solutions , 2011, Digit. Investig..

[3]  Nick Mathewson,et al.  Anonymity Loves Company: Usability and the Network Effect , 2006, WEIS.

[4]  Kevin R. B. Butler,et al.  Defending Against Malicious USB Firmware with GoodUSB , 2015, ACSAC.

[5]  Kevin R. B. Butler,et al.  ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices , 2016, CCS.

[6]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[7]  Maurizio Pizzonia,et al.  USBCheckIn: Preventing BadUSB attacks by forcing human-device interaction , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[8]  Mordechai Guri,et al.  GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies , 2015, USENIX Security Symposium.

[9]  Angelos Stavrou,et al.  Exploiting smart-phone USB connectivity for fun and profit , 2010, ACSAC '10.

[10]  Yu Qin,et al.  TMSUI: A Trust Management Scheme of USB Storage Devices for Industrial Control Systems , 2015, ICICS.

[11]  Brian Anderson,et al.  Seven Deadliest USB Attacks , 2010 .

[12]  Sergey Bratus,et al.  Protecting Against Malicious Bits On the Wire: Automatically Generating a USB Protocol Parser for a Production Kernel , 2017, ACSAC.

[13]  Patrick Traynor,et al.  Making USB Great Again with USBFILTER , 2016, USENIX Security Symposium.

[14]  Artemios G. Voyiatzis,et al.  When Security Meets Usability: A User-Centric Approach on a Crossroads Priority Problem , 2010, 2010 14th Panhellenic Conference on Informatics.

[15]  David Umphress,et al.  Identity Verification Through Keyboard Characteristics , 1985, Int. J. Man Mach. Stud..

[16]  Shin-Ming Cheng,et al.  SandUSB: An installation-free sandbox for USB peripherals , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[17]  Matthew Tischer,et al.  Users Really Do Plug in USB Drives They Find , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[18]  Yuval Elovici,et al.  USB-based attacks , 2017, Comput. Secur..

[19]  Andrew Beng Jin Teoh,et al.  A Survey of Keystroke Dynamics Biometrics , 2013, TheScientificWorldJournal.

[20]  Andrew J. Blumberg,et al.  Defending against Malicious Peripherals with Cinch , 2016, USENIX Security Symposium.

[21]  Hossein Saiedian,et al.  USBWall: A novel security mechanism to protect against maliciously reprogrammed USB devices , 2017, Inf. Secur. J. A Glob. Perspect..