Distributed architecture to enhance systems protection against unauthorized activity via USB devices

Detalhes bibliográficos
Autor(a) principal: Oliveira, José
Data de Publicação: 2021
Outros Autores: Pinto, Pedro, Santos, Henrique
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/1822/72633
Resumo: Cyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device’s firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection.
id RCAP_bb8234bcb613aef2fd84b33097c747db
oai_identifier_str oai:repositorium.sdum.uminho.pt:1822/72633
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Distributed architecture to enhance systems protection against unauthorized activity via USB devicesUSBThreat assessmentBadUSB attackHIDDistributed architectureScience & TechnologyCyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device’s firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection.Multidisciplinary Digital Publishing Institute (MDPI)Universidade do MinhoOliveira, JoséPinto, PedroSantos, Henrique2021-03-022021-03-02T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/1822/72633engOliveira, J.; Pinto, P.; Santos, H. Distributed Architecture to Enhance Systems Protection against Unauthorized Activity via USB Devices. J. Sens. Actuator Netw. 2021, 10, 19. https://doi.org/10.3390/jsan100100192224-270810.3390/jsan10010019https://www.mdpi.com/2224-2708/10/1/19info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:47:16Zoai:repositorium.sdum.uminho.pt:1822/72633Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T19:45:22.496635Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Distributed architecture to enhance systems protection against unauthorized activity via USB devices
title Distributed architecture to enhance systems protection against unauthorized activity via USB devices
spellingShingle Distributed architecture to enhance systems protection against unauthorized activity via USB devices
Oliveira, José
USB
Threat assessment
BadUSB attack
HID
Distributed architecture
Science & Technology
title_short Distributed architecture to enhance systems protection against unauthorized activity via USB devices
title_full Distributed architecture to enhance systems protection against unauthorized activity via USB devices
title_fullStr Distributed architecture to enhance systems protection against unauthorized activity via USB devices
title_full_unstemmed Distributed architecture to enhance systems protection against unauthorized activity via USB devices
title_sort Distributed architecture to enhance systems protection against unauthorized activity via USB devices
author Oliveira, José
author_facet Oliveira, José
Pinto, Pedro
Santos, Henrique
author_role author
author2 Pinto, Pedro
Santos, Henrique
author2_role author
author
dc.contributor.none.fl_str_mv Universidade do Minho
dc.contributor.author.fl_str_mv Oliveira, José
Pinto, Pedro
Santos, Henrique
dc.subject.por.fl_str_mv USB
Threat assessment
BadUSB attack
HID
Distributed architecture
Science & Technology
topic USB
Threat assessment
BadUSB attack
HID
Distributed architecture
Science & Technology
description Cyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device’s firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection.
publishDate 2021
dc.date.none.fl_str_mv 2021-03-02
2021-03-02T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/1822/72633
url http://hdl.handle.net/1822/72633
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Oliveira, J.; Pinto, P.; Santos, H. Distributed Architecture to Enhance Systems Protection against Unauthorized Activity via USB Devices. J. Sens. Actuator Netw. 2021, 10, 19. https://doi.org/10.3390/jsan10010019
2224-2708
10.3390/jsan10010019
https://www.mdpi.com/2224-2708/10/1/19
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Multidisciplinary Digital Publishing Institute (MDPI)
publisher.none.fl_str_mv Multidisciplinary Digital Publishing Institute (MDPI)
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799133018608107520