Cognitive Countermeasures against BAD USB

  • Yeunsu Lee
  • Hyeji Lee
  • Kyungroul Lee
  • Kangbin YimEmail author
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 2)


Recently, a novel attack technique called BAD USB emerged. This attack injects and executes malicious codes in the firmware that is stored in USB controllers. A serious problem regarding BAD USB, which also manipulates the firmware maliciously, is that the existing anti-virus programs cannot detect it, so the seriousness of this kind of attack is increasing. To solve this problem several countermeasures have been researched, but these are not effective enough. Therefore, in this paper, we propose a way to verify the integrity of the driver or the firmware that is installed by BAD USB proposed. Through the use of this method, solutions for the prevention of the malicious BAD USB behaviors can be formulated.


Kernel Mode Malicious Code Device Driver Malicious Behavior Installation Process 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    K. Lee, K. Yim, and E. H. Spafford, Reverse-safe authentication protocol for secure USB memories, Journal of the Security and Communication Networks (SCN), vol. 5, iss. 8, pp. 834-845, Aug. 2012Google Scholar
  2. 2.
    K. Lee, H. Yeuk, Y. Choi, S. Pho, I. You, and K. Yim, Safe Authentication Protocol for Secure USB Memories, Journal of the Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications (JoWUA), vol.1, num.1, pp. 46-55, Jun. 2010Google Scholar
  3. 3.
    J. Kim, Y. Lee, K. Lee, T. Jung, D. Volokhov, and K. Yim, Vulnerability to Flash Controller for Secure USB Drives, Journal of the Internet Services and Information Security (IMIS), vol.3, num.3/4, pp. 136-145, Nov. 2013Google Scholar
  4. 4.
    H. Jeong, Y. Choi, W. Jeon, F. Yang, Y. Lee, S. Kim, and D. Won. Vulnerability analysis of secure usb flash drives. Proceedings of the 2007 IEEE International Workshop on Memory Technology, Design and Testing, (MTDT’07), Taipei, Taiwan, pages 61–64. IEEE, December 2007Google Scholar
  5. 5.
    S. L. Jewan Bang, ByeongYeong Yoo. Secure usb bypassing tool. Journal of the Digital Investigation, 7(Supplement):S114–S120, August 2010Google Scholar
  6. 6.
    K. Lee and K. Yim, Keyboard Security: A Technological Review, Proceedings of the Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 9-15, Jun. 2011Google Scholar
  7. 7.
    K. Lee, K. Bae, and K. Yim, Hardware Approach to Solving Password Exposure Problem through Keyboard Sniff, Academic Science Research, WASET, pp. 23-25, Oct. 2009Google Scholar
  8. 8.
    K. Lee, W. Kim, K. Bae, and K. Yim, A Solution to Protecting USB Keyboard Data, Proceedings of the International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp. 108-111, Nov. 2010Google Scholar
  9. 9.
    K. Nohl and J. Lell, BadUSB – on accessories that turn evil, Black Hat USA, Aug. 2014Google Scholar
  10. 10.
    S. Neuner, Marshall Plan Scholarship Final Report: Security of the Universal Serial Bus, Dec. 2014Google Scholar
  11. 11.
    D. J. Tian, A. Bates, K. Butler, Defending Against Malicious USB Firmware with GoodUSB, Proceedings of the Annual Computer Security Applications Conference (ACSAC), pp. 261-270, 2015Google Scholar
  12. 12.
    R. Langner, Stuxnet: Disserting a Cyberwarfare weapon, Journal of the IEEE Security & Privacy, vol. 9, iss. 3, pp. 49-51, Jun 2011Google Scholar
  13. 13.
    Microsoft Developer Network, Device and Driver Installation Example,
  14. 14.
    Microsoft Hardware Dev Center, IoInvalidateDeviceRelations routine,
  15. 15.
    Microsoft Hardware Dev Center, DEVICE_OBJECT structure,
  16. 16.

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Yeunsu Lee
    • 1
  • Hyeji Lee
    • 1
  • Kyungroul Lee
    • 2
  • Kangbin Yim
    • 1
    Email author
  1. 1.Dept. of Information Security EngineeringSoonchunhyang UniversityAsanSouth Korea
  2. 2.R&BD Center for Security and Safety Industries (SSI), Soonchunhyang UniversityAsanSouth Korea

Personalised recommendations