Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Griscioli, Federico | Pizzonia, Maurizio; *
Affiliations: Sezione di Informatica e Automazione, Dipartimento di Ingegneria, Università degli Studi Roma Tre, Via della Vasca Navale 79, 00146 Roma, Italy
Correspondence: [*] Corresponding author. E-mail: pizzonia@ing.uniroma3.it.
Note: [1] A preliminary version of the results shown in this paper was published in (In Privacy, Security and Trust (PST), 2016 14th Annual Conference on (2016) 493–496 IEEE; In Privacy, Security and Trust (PST), 2016 14th Annual Conference on (2016) 477–484 IEEE). A short summary of part of this work was published in (International Journal of Critical Infrastructures 13(2–3) (2017) 206–237).
Abstract: Industrial Control Systems (ICS) are sensible targets for high profile attackers and advanced persistent threats, which are known to exploit USB thumb drives as an effective spreading vector. In ICSes, thumb drives are widely used to transfer files among disconnected systems and represent a serious security risks, since, they may be promiscuously used in both critical and regular systems. The threats come both from malware hidden in files stored in the thumb drives and from BadUSB attacks. BadUSB leverages the modification of firmware of USB devices in order to mimic the behaviour of a keyboard and send malicious commands to the host. We present a solution that allows a promiscuous use of USB thumbs drives while protecting critical machines from malware, that spreads by regular file infection or by firmware infection. The main component of the architecture we propose is an hardware, called USBCaptchaIn, intended to be in the middle between critical machines and connected USB devices. We do not require users to change the way they use thumb drives. To avoid human-errors, we do not require users to take any decision. The proposed approach is highly compatible with already deployed products of a ICS environment and proactively blocks malware before they reach their targets. We describe our solution, provide a thorough analysis of the security of our approach in the ICS context, and report the informal feedback of some experts regarding our first prototypes.
Keywords: Industrial control system (ICS), BadUSB attack, defence against USB-based attacks, hardware-based protection, authenticated data structure, data integrity protection, USB-based attack prevention
DOI: 10.3233/JCS-191404
Journal: Journal of Computer Security, vol. 29, no. 1, pp. 51-76, 2021
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl