Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security

ISC 2017: Information Security pp 455–471Cite as

Curtain: Keep Your Hosts Away from USB Attacks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10599))

Abstract

In recent years, many attacks targeting USB were proposed. Besides spreading virus through USB storage, attackers are tending to attack USB stacks because in most cases, any information from devices will be trusted. In this paper, we design a system named Curtain on Windows to defend those attacks by analyzing their IRP flows. Curtain is deployed as a filter driver in USB stack on Windows. It’ll sniff all the IRP flows of each USB device and analyze them. It’s based on the fact that an attack always happens in a short time and that will be reflected in IRP flows. In short, Curtain provides a solution to defend USB attacks on Windows by inserting a filter driver to USB stacks and catch the behaviors of each device.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Al-Zarouni, M.: The reality of risks from consented use of USB devices. School of Computer and Information Science, Edith Cowan University (2006)

    Google Scholar 

  2. OLEA Kiosks Inc: Malware Scrubbing Cyber Security Kiosk. https://www.olea.com/product/california-cyber-security-kiosk/

  3. Tetmeyer, A., Saiedian, H.: Security threats and mitigating risk for USB devices. IEEE Technol. Soc. Mag. 29(4), 44–49 (2010)

    Article  Google Scholar 

  4. Falliere, N., Murchu, L., Chien, E.: W32. stuxnet dossier. White paper, Symantec Corp., Security Response. vol. 5, p. 6 (2011)

    Google Scholar 

  5. Pavković, N., Perkov, L.: Social Engineering Toolkit-A systematic approach to social engineering. In: the 34th International Convention, pp. 1485–1489 (2011)

    Google Scholar 

  6. Hak5. Episode 709: USB Rubber Ducky Part 1. http://www.hak5.org/episodes/episode-709

  7. Hak5. USB Rubber Ducky Payloads. https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

  8. MouseJack, KeySniffer and Beyond: Keystroke Sniffing and Injection Vulnerabilities in 2.4GHz Wireless Mice and Keyboards. https://media.defcon.org/DEFCON24/DEFCON24presentations/DEFCON-24-Marc-Newlin-MouseJack-Injecting-Keystrokes-Into-Wireless-Mice-WP-UPDATED.pdf

  9. Karsten, N., Sascha, K., Jakob, L.: BadUSB-On accessories that turn evil. In: BlackHat (2014)

    Google Scholar 

  10. Karsten, N., Sascha, K., Jakob, L.: BadUSB-On accessories that turn evil. In: PacSec (2014)

    Google Scholar 

  11. Caudill, A., Wilson, B.: Phison 2251–03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB). https://github.com/adamcaudill/Psychson/tree/master/firmware/

  12. Tian, D., Scaife, N., Bates, A., Butler, K., Traynor, P.: Making USB great again with USBFILTER. In: the 25th USENIX Security Symposium, pp. 415–430 (2016)

    Google Scholar 

  13. Tian, D., Bates, A., Butler, K.: Defending against malicious USB firmware with GoodUSB. In: The 31st Annual Computer Security Applications Conference, pp. 261–270 (2015)

    Google Scholar 

  14. Bastille: MouseJack. https://www.bastille.net/research/vulnerabilities/mousejack/

  15. Bastille: Keysniffer. https://www.bastille.net/research/vulnerabilities/keysniffer-intro/

  16. Microsoft Hardware Dev Center: Driver Stacks. https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/driver-stacks

  17. Microsoft Hardware Dev Center: I/O request packets. https://docs.microsoft.com/zh-cn/windows-hardware/drivers/gettingstarted/i-o-request-packets

  18. Microsoft Developer Network: USB host-side drivers in Windows. https://msdn.microsoft.com/en-us/library/hh406256(v=vs.85).aspx

  19. Microsoft Windows Embedded 8.1 Industry: Usb flter (industry 8.1). https://msdn.microsoft.com/en-us/library/dn449350(v=winembedded.82).aspx

  20. Universal Serial Organization: USB Class Codes. http://www.usb.org/developers/defined_class

  21. Zaitcev, P.: The usbmon: USB monitoring framework. In: Linux Symposium, pp. 291–296 (2005)

    Google Scholar 

  22. PJRC: Teensy 3.2&3.1-New Features. https://www.pjrc.com/teensy/teensy31.html

  23. Kamkar, S.: USBdriveby. http://samy.pl/usbdriveby/

  24. Liu, F., Ting, K., Zhou, Z.: Isolation forest. In: the 8th IEEE International Conference on Data Mining, pp. 413–422 (2008)

    Google Scholar 

  25. Pham, D., Haigamuge, M., Sysed, A., Mendis, P.: Optimizing windows security features to block malware and hack tools on USB storage devices. In: Progress in Electromagnetics Research Symposium, pp. 350–355 (2010)

    Google Scholar 

  26. Universal Serial Bus Specification. http://sdphca.ucsd.edu/lab_equip_manuals/usb_20.pdf

  27. USB-IF Statement regarding USB security. http://www.usb.org/press/USB-IF_Statement_on_USB_Security_FINAL.pdf

  28. USB Monitor Pro. http://www.usb-monitor.com/

Download references

Acknowledgement

This work is sponsored by the National Natural Science Foundation of China (61373168).

Author information

Authors and Affiliations

  1. Key Laboratory of Aerospace Information Security and Trusted Computing, Wuhan University, Wuhan, China

    Jianming Fu

  2. School of Computer Science, Wuhan University, Wuhan, China

    Jianming Fu, Jianwei Huang & Lanxin Zhang

Authors
  1. Jianming Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianwei Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lanxin Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jianming Fu .

Editor information

Editors and Affiliations

  1. Inria, Tokyo, Japan

    Phong Q. Nguyen

  2. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Fu, J., Huang, J., Zhang, L. (2017). Curtain: Keep Your Hosts Away from USB Attacks. In: Nguyen, P., Zhou, J. (eds) Information Security. ISC 2017. Lecture Notes in Computer Science(), vol 10599. Springer, Cham. https://doi.org/10.1007/978-3-319-69659-1_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69659-1_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69658-4

  • Online ISBN: 978-3-319-69659-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation