{"title":"Reducing USB Attack Surface: A Lightweight Authentication and Delegation Protocol","authors":"Arash Mahboubi, S. Çamtepe, Hasmukh Morarji","doi":"10.1109/ICSCEE.2018.8538400","DOIUrl":null,"url":null,"abstract":"A privately owned smart device connected to a corporate network using a USB connection creates a potential channel for malware infection and its subsequent spread. For example, air-gapped (a.k.a. isolated) systems are considered to be the most secure and safest places for storing critical datasets. However, unlike network communications, USB connection streams have no authentication and filtering. Consequently, intentional or unintentional piggybacking of a malware infected USB storage or a mobile device through the air-gap is sufficient to spread infection into such systems. Our findings show that the contact rate has an exceptional impact on malware spread and destabilizing free malware equilibrium. This work proposes a USB authentication and delegation protocol based on radiofrequency identification (RFID) in order to stabilize the free malware equilibrium in air-gapped networks. The proposed protocol is modelled using Coloured Petri nets (CPN) and the model is verified and validated through CPN tools.","PeriodicalId":265737,"journal":{"name":"2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE)","volume":"96 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSCEE.2018.8538400","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
A privately owned smart device connected to a corporate network using a USB connection creates a potential channel for malware infection and its subsequent spread. For example, air-gapped (a.k.a. isolated) systems are considered to be the most secure and safest places for storing critical datasets. However, unlike network communications, USB connection streams have no authentication and filtering. Consequently, intentional or unintentional piggybacking of a malware infected USB storage or a mobile device through the air-gap is sufficient to spread infection into such systems. Our findings show that the contact rate has an exceptional impact on malware spread and destabilizing free malware equilibrium. This work proposes a USB authentication and delegation protocol based on radiofrequency identification (RFID) in order to stabilize the free malware equilibrium in air-gapped networks. The proposed protocol is modelled using Coloured Petri nets (CPN) and the model is verified and validated through CPN tools.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
