USBlock: Blocking USB-Based Keypress Injection Attacks - 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)
Conference Papers Year : 2018

USBlock: Blocking USB-Based Keypress Injection Attacks

Sebastian Neuner
  • Function : Author
  • PersonId : 1040489
Artemios G. Voyiatzis
  • Function : Author
  • PersonId : 1022684
Spiros Fotopoulos
  • Function : Author
  • PersonId : 1040490
Collin Mulliner
  • Function : Author
  • PersonId : 1040491
Edgar R. Weippl
  • Function : Author
  • PersonId : 993471

Abstract

The Universal Serial Bus (USB) is becoming a prevalent attack vector. Rubber Ducky and BadUSB are two recent classes of a whole spectrum of attacks carried out using fully-automated keypress injections through innocent-looking USB devices. So far, defense mechanisms are insufficient and rely on user participation in the trust decision.We propose USBlock, a novel approach to detect suspicious USB devices by analyzing the temporal characteristics of the USB packet traffic they generate, similarly to intrusion detection approaches in networked systems.Our approach is unique in that it does not to involve at all the user in the trust decision. We describe a proof-of-concept implementation for Linux and we assess the effectiveness and efficiency of our approach to cope with temporal variations in typing habits and dynamics of legitimate users.
Fichier principal
Vignette du fichier
470961_1_En_18_Chapter.pdf (343 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01954405 , version 1 (13-12-2018)

Licence

Identifiers

Cite

Sebastian Neuner, Artemios G. Voyiatzis, Spiros Fotopoulos, Collin Mulliner, Edgar R. Weippl. USBlock: Blocking USB-Based Keypress Injection Attacks. 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2018, Bergamo, Italy. pp.278-295, ⟨10.1007/978-3-319-95729-6_18⟩. ⟨hal-01954405⟩
170 View
537 Download

Altmetric

Share

More