Reducing USB Attack Surface: A Lightweight Authentication and Delegation Protocol
| Title | Reducing USB Attack Surface: A Lightweight Authentication and Delegation Protocol |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Mahboubi, A., Camtepe, S., Morarji, H. |
| Conference Name | 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) |
| Date Published | July 2018 |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-4838-4 |
| Keywords | Air gaps, air-gapped networks, authentication, coloured Petri nets, Coloured Petri Nets (CPN) modelling, composability, Computational modeling, corporate network, cryptographic protocols, delegation protocol, epidemic model., Filtering, free malware equilibrium, Human Behavior, intentional piggybacking, Internet of Things (IoT), invasive software, lightweight authentication, Malware, malware infection, malware spread, Metrics, mobile device, mobile malware, network communications, Petri nets, privately owned smart device, Protocols, pubcrawl, radiofrequency identification, resilience, Resiliency, safest places, secure places, Servers, smart phones, unintentional piggybacking, Universal Serial Bus, USB attack surface, USB connection streams, USB security, USB storage |
| Abstract | A privately owned smart device connected to a corporate network using a USB connection creates a potential channel for malware infection and its subsequent spread. For example, air-gapped (a.k.a. isolated) systems are considered to be the most secure and safest places for storing critical datasets. However, unlike network communications, USB connection streams have no authentication and filtering. Consequently, intentional or unintentional piggybacking of a malware infected USB storage or a mobile device through the air-gap is sufficient to spread infection into such systems. Our findings show that the contact rate has an exceptional impact on malware spread and destabilizing free malware equilibrium. This work proposes a USB authentication and delegation protocol based on radiofrequency identification (RFID) in order to stabilize the free malware equilibrium in air-gapped networks. The proposed protocol is modelled using Coloured Petri nets (CPN) and the model is verified and validated through CPN tools. |
| URL | https://ieeexplore.ieee.org/document/8538400 |
| DOI | 10.1109/ICSCEE.2018.8538400 |
| Citation Key | mahboubiReducingUSBAttack2018 |
- safest places
- mobile device
- mobile malware
- network communications
- Petri nets
- privately owned smart device
- Protocols
- pubcrawl
- radiofrequency identification
- resilience
- Resiliency
- Metrics
- secure places
- Servers
- smart phones
- unintentional piggybacking
- Universal Serial Bus
- USB attack surface
- USB connection streams
- USB security
- USB storage
- Filtering
- air-gapped networks
- authentication
- coloured Petri nets
- Coloured Petri Nets (CPN) modelling
- composability
- Computational modeling
- corporate network
- Cryptographic Protocols
- delegation protocol
- epidemic model.
- Air gaps
- free malware equilibrium
- Human behavior
- intentional piggybacking
- Internet of Things (IoT)
- invasive software
- lightweight authentication
- malware
- malware infection
- malware spread