Title | Making Whitelisting-Based Defense Work Against BadUSB |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Mohammadmoradi, Hessam, Gnawali, Omprakash |
Conference Name | Proceedings of the 2Nd International Conference on Smart Digital Environment |
Publisher | ACM |
ISBN Number | 978-1-4503-6507-9 |
Keywords | badusb, pubcrawl, resilience, Resiliency, Scalability, signature based defense, USB Malware, Whitelist |
Abstract | Universal serial bus (USB) devices have widespread use in different computing platforms, including IoT gadgets, but this popularity makes them attractive targets for exploits and being used as an attack vector by malicious software. During recent years, several reports [17] ranked USB-based malware among top 10 popular malware. This security flaw can slow down the increasing penetration rate of IoT devices since most of those devices have USB ports. The research community and industry has tried to address USB security problem by implementing authentication protocols to protect users' private information and also scanning USB's storage space for any malicious software using their own repository of malware signatures, or simply disallowing use of USB devices on desktops. The new generation of USB malware does not hide in storage space, which means they are not detectable by conventional anti-malware. BadUSB is a malware recently introduced by security researchers. BadUSB modifies USB firmware and can attack all the systems which the infected USB is plugged in. The only applicable solution against this new generation of malware is whitelisting. However, generating a unique fingerprint for USB devices is challenging. In this paper, we propose an accurate USB feature based fingerprinting approach which helps us to create a list of trusted USBs as device whitelist. Our solution prevents and detects BadUSB and similar attacks by generating fingerprint from trusted USB devices' features and their primary usage. We verified the uniqueness of our generated fingerprints by analyzing real data which is collected from USB drives used by students in academic computer labs over one year. Our results indicate that our feature based whitelisting approach with an accuracy of 98.5% can identify USB whitelist members. |
DOI | 10.1145/3289100.3289121 |
Citation Key | mohammadmoradi_making_2018 |