skip to main content
research-article

MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions

Published:07 December 2020Publication History
Skip Abstract Section

Abstract

Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to replace a USB drive so that when the USB key is connected, it would install passwords stealing tools, root-kit software, and other disrupting malware. In such a way, an attacker can steal sensitive information via the USB-connected devices, as well as inject any kind of malicious software into the host.

To thwart the above-cited raising threats, we propose MAGNETO, an efficient, non-interactive, and privacy-preserving framework to verify the authenticity of a USB flash drive, rooted in the analysis of its unintentional magnetic emissions. We show that the magnetic emissions radiated during boot operations on a specific host are unique for each device, and sufficient to uniquely fingerprint both the brand and the model of the USB flash drive, or the specific USB device, depending on the used equipment. Our investigation on 59 different USB flash drives—belonging to 17 brands, including the top brands purchased on Amazon in mid-2019—reveals a minimum classification accuracy of 98.2% in the identification of both brand and model, accompanied by a negligible time and computational overhead. MAGNETO can also identify the specific USB Flash drive, with a minimum classification accuracy of 91.2%. Overall, MAGNETO proves that unintentional magnetic emissions can be considered as a viable and reliable means to fingerprint read-only USB flash drives. Finally, future research directions in this domain are also discussed.

References

  1. Aaronia. 2020. PBS2 EMC Probe. Retrieved from http://tinyurl.com/y4jojj9j.Google ScholarGoogle Scholar
  2. S. P. Acharya and I. G. Guardiola. 2013. Detection of RF devices based on their unintended electromagnetic emissions using Principal Components Analysis. In Proceedings of the Wireless Telecommunications Symposium. 1--5.Google ScholarGoogle Scholar
  3. Amazon. 2020. Best Sellers in USB Flash Drives. Retrieved from https://tinyurl.com/y6sq85sc.Google ScholarGoogle Scholar
  4. S. Angel, R. Wahby, M. Howald, J. Leners, M. Spilo, Z. Sun, A. Blumberg, and M. Walfish. 2016. Defending against malicious peripherals with Cinch. In Proceedings of the 25th USENIX Security Symposium. 397--414.Google ScholarGoogle Scholar
  5. A. Bates, R. Leonard, H. Pruse, D. Lowd, and K. Butler. 2014. Leveraging USB to establish host identity using commodity devices. In Proceedings of the Network and Distributed System Security Symposium (NDSS’14).Google ScholarGoogle Scholar
  6. T. J. Bihl, K. Bauer, and M. Temple. 2016. Feature selection for RF fingerprinting with multiple discriminant analysis and using ZigBee device emissions. IEEE Trans. Info. Forens. Secur. 11, 8 (2016), 1862--1874.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. K. Bole, J. McGraw, F. Ryan, T. Hawley, M. Davis, and T. Van. 2009. Integrated passive electronic signature modeling. In Proceedings of Atmospheric Propagation VI, Vol. 7324.Google ScholarGoogle Scholar
  8. G. Brown, A. Pocock, M. Zhao, and M. Luján. 2012. Conditional likelihood maximisation: A unifying framework for information theoretic feature selection. J. Mach. Learn. Res. 13, 1 (2012), 27--66.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. G. Camurati, S. Poeplau, M. Muench, T. Hayes, and A. Francillon. 2018. Screaming channels: When electromagnetic side channels meet radio transceivers. In Proceedings of the ACM Conference on Computer and Communications Security. 163--177.Google ScholarGoogle Scholar
  10. Y. Cheng, X. Ji, J. Zhang, W. Xu, and Y. Chen. 2019. DeMiCPU: Device fingerprinting with magnetic signals radiated by CPU. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1149--1170.Google ScholarGoogle Scholar
  11. C. Cimpanu. 2019. Ships infected with ransomware, USB malware, worms. Retrieved from https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/.Google ScholarGoogle Scholar
  12. William E. Cobb, Eric W. Garcia, Michael A. Temple, Rusty O. Baldwin, and Yong C. Kim. 2010. Physical layer identification of embedded devices using RF-DNA fingerprinting. In Proceedings of the Military Communications Conference. 2168--2173.Google ScholarGoogle Scholar
  13. CRI-Lab. 2019. MAGNETO source code and data. Retrieved from https://cri-lab.net/usb-fingerprinting.Google ScholarGoogle Scholar
  14. G. DeJean and D. Kirovski. 2007. RF-DNA: Radio-frequency certificates of authenticity. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 346--363.Google ScholarGoogle Scholar
  15. C. K. Dubendorfer, B. W. Ramsey, and M. A. Temple. 2012. An RF-DNA verification process for ZigBee networks. In Proceedings of the IEEE Military Communications Conference. 1--6.Google ScholarGoogle Scholar
  16. Essencore. 2020. Klevv Neo C20 16GB. Retrieved from https://tinyurl.com/ya6v9avv.Google ScholarGoogle Scholar
  17. Federal Communications Commission (FCC). 2019. Code of Federal Regulations, Title 47 2009. Retrieved from https://www.fcc.gov/wireless/bureau-divisions/technologies-systems-and-innovation-division/rules-regulations-title-47.Google ScholarGoogle Scholar
  18. F. Griscioli, M. Pizzonia, and M. Sacchetti. 2016. USBCheckIn: Preventing BadUSB attacks by forcing human-device interaction. In Proceedings of the Annual Conference on Privacy, Security and Trust (PST’16). 493--496.Google ScholarGoogle Scholar
  19. Hack5. 2020. Rubber Ducky. Retrieved from https://shop.hak5.org/products/usb-rubber-ducky-deluxe.Google ScholarGoogle Scholar
  20. HP. 2020. HP 64GB x900w. Retrieved from https://tinyurl.com/y3sbtutn.Google ScholarGoogle Scholar
  21. HP, Intel, Microsoft, NEC, ST-NXP, Texas Instruments. 2018. Universal Serial Bus 3.0 Specifications—Revision 1.0. Retrieved from https://www.usb3.com/whitepapers/USB%203%200%20(11132008)-final.pdf.Google ScholarGoogle Scholar
  22. JUANWE. 2020. JUANWE 32GB. Retrieved from https://tinyurl.com/y6myw3vq.Google ScholarGoogle Scholar
  23. Kingston. 2020. Kingston Data Traveler. Retrieved from https://tinyurl.com/y46vehoh.Google ScholarGoogle Scholar
  24. M. Lukacs, A. Zeqolari, P. Collins, and M. Temple. 2015. RF-DNA fingerprinting for antenna classification. Antenn. Wireless Prop. Lett. IEEE 14 (2015), 1455--1458.Google ScholarGoogle ScholarCross RefCross Ref
  25. C. Lyu, J. Peng, W. Zhou, S. Yang, and Y. Liu. 2016. Design of a high speed 360-degree panoramic video acquisition system based on FPGA and USB 3.0. IEEE Sensors J. (2016), 1--1. DOI:10.1109/JSEN.2016.2628240Google ScholarGoogle Scholar
  26. MOSDART. 2020. MOSDART 8GB. Retrieved from https://tinyurl.com/y6o29fv2.Google ScholarGoogle Scholar
  27. C. Mulliner and B. Michéle. 2012. Read it twice! A mass-storage-based TOCTTOU attack. In Proceedings of the Workshop on Offensive Technologies (WOOT’12). 105--112.Google ScholarGoogle Scholar
  28. N. Nissim, R. Yahalom, and Y. Elovici. 2017. USB-based attacks. Comput. Secur. 70 (2017), 675--688.Google ScholarGoogle ScholarCross RefCross Ref
  29. K. Nohl and J. Lell. 2014. BadUSB—On accessories that turn evil. In Black Hat USA.Google ScholarGoogle Scholar
  30. D. Noyes, H. Liu, and P. Fortier. 2016. Security analysis and improvement of USB technology. In Proceedings of the IEEE Symposium on Technologies for Homeland Security (HST’16). 1--3.Google ScholarGoogle Scholar
  31. Null Byte. 2015. Make Your Own Bad USB. Retrieved from https://null-byte.wonderhowto.com/how-to/make-your-own-bad-usb-0165419/.Google ScholarGoogle Scholar
  32. Patriot. 2020. Patriot 128GB Supersonic Rage Series. Retrieved from https://tinyurl.com/yxuvjsnm.Google ScholarGoogle Scholar
  33. Phison. 2019. Phison Consumer Solutions. Retrieved from https://www.phison.com/en/solutions/consumer/removable/usb/53-usb-flash-drive/78-ps2251-70.Google ScholarGoogle Scholar
  34. PNY. 2020. PNY Turbo 128GB. Retrieved from https://tinyurl.com/y249c4dd.Google ScholarGoogle Scholar
  35. R. Przesmycki and L. Nowosielski. 2016. USB 3.0 interface in the process of electromagnetic infiltration. In Proceedings of the Progress in Electromagnetic Research Symposium (PIERS’16). 1019--1023.Google ScholarGoogle Scholar
  36. B. Ramsey, M. Temple, and B. Mullins. 2012. PHY foundation for multi-factor ZigBee node authentication. In Proceedings of the Global Communications Conference (GLOBECOM’12). IEEE, 795--800.Google ScholarGoogle Scholar
  37. Samsung. 2020. Samsung BAR. Retrieved from https://tinyurl.com/y3dxrfl2.Google ScholarGoogle Scholar
  38. SanDisk. 2020. SanDisk 128GB Ultra Fit. Retrieved from https://tinyurl.com/y2p6y3jy.Google ScholarGoogle Scholar
  39. SanDisk. 2020. SanDisk Cruzer. Retrieved from https://tinyurl.com/y4gs24ha.Google ScholarGoogle Scholar
  40. SanDisk. 2020. SanDisk Cruzer 128GB. Retrieved from https://tinyurl.com/y6ghcray.Google ScholarGoogle Scholar
  41. SanDisk. 2020. SanDisk Cruzer Glide 16 GB. Retrieved from https://tinyurl.com/ydhtuo3c.Google ScholarGoogle Scholar
  42. SanDisk. 2020. SanDisk Cruzer Glide CZ60. Retrieved from https://tinyurl.com/y2q669zm.Google ScholarGoogle Scholar
  43. SearchSecurity. 2019. USB attacks: Big threats to ICS from small devices. Retrieved from https://searchsecurity.techtarget.com/feature/USB-attacks-Big-threats-to-ICS-from-small-devices.Google ScholarGoogle Scholar
  44. A. Shabtai, R. Moskovitch, Y. Elovici, and C. Glezer. 2009. Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Info. Secur. Techn. Rep. 14, 1 (2009), 16--29.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Silicon Power. 2020. Silicon Power Blaze B30. Retrieved from https://tinyurl.com/y6gvtxfg.Google ScholarGoogle Scholar
  46. Strontium. 2020. Strontium Pollex Flash Drive. Retrieved from https://tinyurl.com/y86z8rys.Google ScholarGoogle Scholar
  47. W. Suski, M. Temple, M. Mendenhall, and R. Mills. 2008. Radio frequency fingerprinting commercial communication devices to enhance electronic security. Int. J. Electron. Secur. Digit. Forensic 1, 3 (Oct. 2008), 301--322.Google ScholarGoogle Scholar
  48. K. Suzaki, Y. Hori, K. Kobara, and M. Mannan. 2019. DeviceVeil: Robust authentication for individual USB devices using physical unclonable functions. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’19). 302--314.Google ScholarGoogle Scholar
  49. D. J. Tian, A. Bates, and K. Butler. 2015. Defending against malicious USB firmware with GoodUSB. In Proceedings of the 31st Annual Computer Security Applications Conference. 261--270.Google ScholarGoogle Scholar
  50. Dave Jing Tian, Nolen Scaife, and Adam Bates. 2016. Making USB great again with USBFILTER. In Proceedings of the 25th USENIX Security Symposium.Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Toshiba. 2020. Toshiba 64GB TransMemory. Retrieved from https://tinyurl.com/y4r6wg4w.Google ScholarGoogle Scholar
  52. Transparency Market Research. 2017. Global USB 3.0 Flash Drives Market. Retrieved from https://www.transparencymarketresearch.com/pressrelease/global-usb-flash-drives-market-size.htm.Google ScholarGoogle Scholar
  53. W. Cobb, E. Laspe, R. Baldwin, et al. 2012. Intrinsic physical-layer authentication of integrated circuits. IEEE Trans. Info. Forens. Secur. 7, 1 (Feb. 2012), 14--24.Google ScholarGoogle Scholar
  54. B. Wright. 2014. PLC Hardware Discrimination using RF-DNA Fingerprinting. Technical Report. Air Force Institute of Technology, Wright-Patterson Air Force Base.Google ScholarGoogle Scholar

Index Terms

  1. MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!