Abstract
Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to replace a USB drive so that when the USB key is connected, it would install passwords stealing tools, root-kit software, and other disrupting malware. In such a way, an attacker can steal sensitive information via the USB-connected devices, as well as inject any kind of malicious software into the host.
To thwart the above-cited raising threats, we propose MAGNETO, an efficient, non-interactive, and privacy-preserving framework to verify the authenticity of a USB flash drive, rooted in the analysis of its unintentional magnetic emissions. We show that the magnetic emissions radiated during boot operations on a specific host are unique for each device, and sufficient to uniquely fingerprint both the brand and the model of the USB flash drive, or the specific USB device, depending on the used equipment. Our investigation on 59 different USB flash drives—belonging to 17 brands, including the top brands purchased on Amazon in mid-2019—reveals a minimum classification accuracy of 98.2% in the identification of both brand and model, accompanied by a negligible time and computational overhead. MAGNETO can also identify the specific USB Flash drive, with a minimum classification accuracy of 91.2%. Overall, MAGNETO proves that unintentional magnetic emissions can be considered as a viable and reliable means to fingerprint read-only USB flash drives. Finally, future research directions in this domain are also discussed.
- Aaronia. 2020. PBS2 EMC Probe. Retrieved from http://tinyurl.com/y4jojj9j.Google Scholar
- S. P. Acharya and I. G. Guardiola. 2013. Detection of RF devices based on their unintended electromagnetic emissions using Principal Components Analysis. In Proceedings of the Wireless Telecommunications Symposium. 1--5.Google Scholar
- Amazon. 2020. Best Sellers in USB Flash Drives. Retrieved from https://tinyurl.com/y6sq85sc.Google Scholar
- S. Angel, R. Wahby, M. Howald, J. Leners, M. Spilo, Z. Sun, A. Blumberg, and M. Walfish. 2016. Defending against malicious peripherals with Cinch. In Proceedings of the 25th USENIX Security Symposium. 397--414.Google Scholar
- A. Bates, R. Leonard, H. Pruse, D. Lowd, and K. Butler. 2014. Leveraging USB to establish host identity using commodity devices. In Proceedings of the Network and Distributed System Security Symposium (NDSS’14).Google Scholar
- T. J. Bihl, K. Bauer, and M. Temple. 2016. Feature selection for RF fingerprinting with multiple discriminant analysis and using ZigBee device emissions. IEEE Trans. Info. Forens. Secur. 11, 8 (2016), 1862--1874.Google Scholar
Digital Library
- K. Bole, J. McGraw, F. Ryan, T. Hawley, M. Davis, and T. Van. 2009. Integrated passive electronic signature modeling. In Proceedings of Atmospheric Propagation VI, Vol. 7324.Google Scholar
- G. Brown, A. Pocock, M. Zhao, and M. Luján. 2012. Conditional likelihood maximisation: A unifying framework for information theoretic feature selection. J. Mach. Learn. Res. 13, 1 (2012), 27--66.Google Scholar
Digital Library
- G. Camurati, S. Poeplau, M. Muench, T. Hayes, and A. Francillon. 2018. Screaming channels: When electromagnetic side channels meet radio transceivers. In Proceedings of the ACM Conference on Computer and Communications Security. 163--177.Google Scholar
- Y. Cheng, X. Ji, J. Zhang, W. Xu, and Y. Chen. 2019. DeMiCPU: Device fingerprinting with magnetic signals radiated by CPU. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1149--1170.Google Scholar
- C. Cimpanu. 2019. Ships infected with ransomware, USB malware, worms. Retrieved from https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/.Google Scholar
- William E. Cobb, Eric W. Garcia, Michael A. Temple, Rusty O. Baldwin, and Yong C. Kim. 2010. Physical layer identification of embedded devices using RF-DNA fingerprinting. In Proceedings of the Military Communications Conference. 2168--2173.Google Scholar
- CRI-Lab. 2019. MAGNETO source code and data. Retrieved from https://cri-lab.net/usb-fingerprinting.Google Scholar
- G. DeJean and D. Kirovski. 2007. RF-DNA: Radio-frequency certificates of authenticity. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 346--363.Google Scholar
- C. K. Dubendorfer, B. W. Ramsey, and M. A. Temple. 2012. An RF-DNA verification process for ZigBee networks. In Proceedings of the IEEE Military Communications Conference. 1--6.Google Scholar
- Essencore. 2020. Klevv Neo C20 16GB. Retrieved from https://tinyurl.com/ya6v9avv.Google Scholar
- Federal Communications Commission (FCC). 2019. Code of Federal Regulations, Title 47 2009. Retrieved from https://www.fcc.gov/wireless/bureau-divisions/technologies-systems-and-innovation-division/rules-regulations-title-47.Google Scholar
- F. Griscioli, M. Pizzonia, and M. Sacchetti. 2016. USBCheckIn: Preventing BadUSB attacks by forcing human-device interaction. In Proceedings of the Annual Conference on Privacy, Security and Trust (PST’16). 493--496.Google Scholar
- Hack5. 2020. Rubber Ducky. Retrieved from https://shop.hak5.org/products/usb-rubber-ducky-deluxe.Google Scholar
- HP. 2020. HP 64GB x900w. Retrieved from https://tinyurl.com/y3sbtutn.Google Scholar
- HP, Intel, Microsoft, NEC, ST-NXP, Texas Instruments. 2018. Universal Serial Bus 3.0 Specifications—Revision 1.0. Retrieved from https://www.usb3.com/whitepapers/USB%203%200%20(11132008)-final.pdf.Google Scholar
- JUANWE. 2020. JUANWE 32GB. Retrieved from https://tinyurl.com/y6myw3vq.Google Scholar
- Kingston. 2020. Kingston Data Traveler. Retrieved from https://tinyurl.com/y46vehoh.Google Scholar
- M. Lukacs, A. Zeqolari, P. Collins, and M. Temple. 2015. RF-DNA fingerprinting for antenna classification. Antenn. Wireless Prop. Lett. IEEE 14 (2015), 1455--1458.Google Scholar
Cross Ref
- C. Lyu, J. Peng, W. Zhou, S. Yang, and Y. Liu. 2016. Design of a high speed 360-degree panoramic video acquisition system based on FPGA and USB 3.0. IEEE Sensors J. (2016), 1--1. DOI:10.1109/JSEN.2016.2628240Google Scholar
- MOSDART. 2020. MOSDART 8GB. Retrieved from https://tinyurl.com/y6o29fv2.Google Scholar
- C. Mulliner and B. Michéle. 2012. Read it twice! A mass-storage-based TOCTTOU attack. In Proceedings of the Workshop on Offensive Technologies (WOOT’12). 105--112.Google Scholar
- N. Nissim, R. Yahalom, and Y. Elovici. 2017. USB-based attacks. Comput. Secur. 70 (2017), 675--688.Google Scholar
Cross Ref
- K. Nohl and J. Lell. 2014. BadUSB—On accessories that turn evil. In Black Hat USA.Google Scholar
- D. Noyes, H. Liu, and P. Fortier. 2016. Security analysis and improvement of USB technology. In Proceedings of the IEEE Symposium on Technologies for Homeland Security (HST’16). 1--3.Google Scholar
- Null Byte. 2015. Make Your Own Bad USB. Retrieved from https://null-byte.wonderhowto.com/how-to/make-your-own-bad-usb-0165419/.Google Scholar
- Patriot. 2020. Patriot 128GB Supersonic Rage Series. Retrieved from https://tinyurl.com/yxuvjsnm.Google Scholar
- Phison. 2019. Phison Consumer Solutions. Retrieved from https://www.phison.com/en/solutions/consumer/removable/usb/53-usb-flash-drive/78-ps2251-70.Google Scholar
- PNY. 2020. PNY Turbo 128GB. Retrieved from https://tinyurl.com/y249c4dd.Google Scholar
- R. Przesmycki and L. Nowosielski. 2016. USB 3.0 interface in the process of electromagnetic infiltration. In Proceedings of the Progress in Electromagnetic Research Symposium (PIERS’16). 1019--1023.Google Scholar
- B. Ramsey, M. Temple, and B. Mullins. 2012. PHY foundation for multi-factor ZigBee node authentication. In Proceedings of the Global Communications Conference (GLOBECOM’12). IEEE, 795--800.Google Scholar
- Samsung. 2020. Samsung BAR. Retrieved from https://tinyurl.com/y3dxrfl2.Google Scholar
- SanDisk. 2020. SanDisk 128GB Ultra Fit. Retrieved from https://tinyurl.com/y2p6y3jy.Google Scholar
- SanDisk. 2020. SanDisk Cruzer. Retrieved from https://tinyurl.com/y4gs24ha.Google Scholar
- SanDisk. 2020. SanDisk Cruzer 128GB. Retrieved from https://tinyurl.com/y6ghcray.Google Scholar
- SanDisk. 2020. SanDisk Cruzer Glide 16 GB. Retrieved from https://tinyurl.com/ydhtuo3c.Google Scholar
- SanDisk. 2020. SanDisk Cruzer Glide CZ60. Retrieved from https://tinyurl.com/y2q669zm.Google Scholar
- SearchSecurity. 2019. USB attacks: Big threats to ICS from small devices. Retrieved from https://searchsecurity.techtarget.com/feature/USB-attacks-Big-threats-to-ICS-from-small-devices.Google Scholar
- A. Shabtai, R. Moskovitch, Y. Elovici, and C. Glezer. 2009. Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Info. Secur. Techn. Rep. 14, 1 (2009), 16--29.Google Scholar
Digital Library
- Silicon Power. 2020. Silicon Power Blaze B30. Retrieved from https://tinyurl.com/y6gvtxfg.Google Scholar
- Strontium. 2020. Strontium Pollex Flash Drive. Retrieved from https://tinyurl.com/y86z8rys.Google Scholar
- W. Suski, M. Temple, M. Mendenhall, and R. Mills. 2008. Radio frequency fingerprinting commercial communication devices to enhance electronic security. Int. J. Electron. Secur. Digit. Forensic 1, 3 (Oct. 2008), 301--322.Google Scholar
- K. Suzaki, Y. Hori, K. Kobara, and M. Mannan. 2019. DeviceVeil: Robust authentication for individual USB devices using physical unclonable functions. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’19). 302--314.Google Scholar
- D. J. Tian, A. Bates, and K. Butler. 2015. Defending against malicious USB firmware with GoodUSB. In Proceedings of the 31st Annual Computer Security Applications Conference. 261--270.Google Scholar
- Dave Jing Tian, Nolen Scaife, and Adam Bates. 2016. Making USB great again with USBFILTER. In Proceedings of the 25th USENIX Security Symposium.Google Scholar
Digital Library
- Toshiba. 2020. Toshiba 64GB TransMemory. Retrieved from https://tinyurl.com/y4r6wg4w.Google Scholar
- Transparency Market Research. 2017. Global USB 3.0 Flash Drives Market. Retrieved from https://www.transparencymarketresearch.com/pressrelease/global-usb-flash-drives-market-size.htm.Google Scholar
- W. Cobb, E. Laspe, R. Baldwin, et al. 2012. Intrinsic physical-layer authentication of integrated circuits. IEEE Trans. Info. Forens. Secur. 7, 1 (Feb. 2012), 14--24.Google Scholar
- B. Wright. 2014. PLC Hardware Discrimination using RF-DNA Fingerprinting. Technical Report. Air Force Institute of Technology, Wright-Patterson Air Force Base.Google Scholar
Index Terms
MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions
Recommendations
Defending Against Malicious USB Firmware with GoodUSB
ACSAC '15: Proceedings of the 31st Annual Computer Security Applications ConferenceUSB attacks are becoming more sophisticated. Rather than using USB devices solely as a delivery mechanism for host-side exploits, attackers are targeting the USB stack itself, embedding malicious code in device firmware to covertly request additional ...
A chipset level network backdoor: bypassing host-based firewall & IDS
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications SecurityChipsets refer to a set of specialized chips on a computer's motherboard or an expansion card [12]. In this paper we present a proof of concept chipset level rootkit/network backdoor. It interacts directly with network interface card hardware based on a ...
Improvement of data refresh rate for dual serial port to universal serial bus acquisition system
VECIMS'09: Proceedings of the 2009 IEEE international conference on Virtual Environments, Human-Computer Interfaces and Measurement SystemsBefore the Universal Serial Bus (USB) Technologies has become popular, there are a lot of software and hardware computer peripheral development based on traditional external interface like General Purpose Interface Bus ( GPIB-IEEE488), parallel port, ...






Comments