SlideShare a Scribd company logo

Complete security package for usb thumb drive

Alexander Decker
Alexander Decker

The International Institute for Science, Technology and Education (IISTE). Science, Technology and Medicine Journals Call for Academic Manuscripts

Business
1 of 9
Download to read offline
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 Complete Security Package for USB Thumb Drive Sinan Adnan Diwan 1,4, .Dr.Sundresan Perumal 2, Ammar J.Fatah 3* 1. Wasit University,College of Computer and Mathematics,Computer Science dept. Wasit,Republic of Iraq 2. Limkokwing University of creative technology,information technology department ,cyberjaya,Selangor,Malaysia 3.Science Gate,Virtual Research Center ,System security dept. 4. Limkokwing University of Creative Technology,Information Technology Department, Cyberjaya,Selangor,Malaysia 30 Abstract This paper is devoted to design and implement a complete security platform for USB flash disks due to the popularity of this device in exchanging data, it is a complete system security solution as it concerns the thumb drive due to the manipulation of I/O operation not the file system. USB flash disks have been the major threat for computer system beside the internet threats where viruses can spread from computer to computer or from computer to network. USB complete security system presented by this paper is composed of three essential elements: kernel filter driver which will be installed in USB device driver stack to intercept all exchanged packets and send it to encryption unit, kernel level encryption/decryption unit and configuration unit. In contrary to most USB security modules the system presented by this paper will store only the round number of the key generator with the encrypted data. Round number will be coded using MD5 algorithm to increase the immunity of attacking data stored in the flash disks. Keywords: USB protection, kernel driver, device stack, encryption/decryption, filter driver, MD5. 1. Introduction USB memory sticks can be found almost everywhere. Today, they can be seen as the replacement for floppy-disks, ZIP-drives and all that kind of media. A USB device is indeed a useful, economical way to transfer data. In fact, according to Gartner IT research and advisory company, there were roughly 222 million USB devices shipped in 2009. However, a recent study shows that though USB devices are a convenient means of transferring information, they can also serve as channels to transmit potential threats.[1] Sunnyvale (California, US) based security firm, Narus Inc. recently listed the 10 "cyber threat trends" for 2011 and beyond, claiming that as attacks through USB becomes inexpensive and data is circulated through them at various public and private locations, the probability of computer Trojans and other malicious software is increasing.[2] According to Panda’s report, 25% of worm based malware spreads through the USB drives. Even more, most of viruses are designed to spread via USB drives. Security Company confirms that cybercriminals are very persistent and put a lot of efforts to make user’s life impossible.[3] 25% of latest created malware are configured to enter the system through portable storage devices, usually USB drives. Luis Corrons, the technical director of PandaLabs, the research arm of Panda Security comments: „Much of the malware in circulation has been designed to distribute through these devices. Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user.“ [2] A recent Panda survey has shown that 27% attacks of worm based malware discovered last year used USB hardware to get in. Corrons warns about the real threat to smartphones, cameras and music players. “All these devices have memory cards or internal memories and therefore it is very easy for a cell phone to be carrying a virus.[4,3] Kaspersky Lab warns of a new type of malicious program, which currently gives up virus experts still riddle the Stuxnet Trojan. Alex Gostev, Virenanalyst bei Kaspersky Lab, nimmt in drei Blogbeiträgen die neue Windows-Zero-Day-Lücke genauer unter die Lupe. Alex Gostev, virus analyst at Kaspersky Lab, takes in three blog posts, the new Windows zero-day vulnerability more closely. [5] Der Trojaner Stuxnet, von Kaspersky Lab als Trojan-Dropper.Win32.Stuxnet identifiziert, infiziert USB-Sticks mittels Lnk-Dateien und verbreitet sich anschließend durch die mobilen Datenträger über die Autorun- Funktion von Windows. The Trojan Stuxnet, Kaspersky Lab as Trojan-Dropper.Win32.Stuxnet identified from infected USB sticks by Link files and then spread through the mobile devices through the auto-run feature of Windows.[7]
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 Upper filter driver Function driver Lower filter driver Bus driver Figure 1 : Layering of device objects & drivers in the Windows Driver Model 31 2. Windows Architecture and Device Stack Windows NT allows several driver layers to exist between an application and a piece of hardware. Thus drivers are grouped together in stacks that work together to completely process a request targeted at a particular device object.[5] The operating system uses a data structure known as an I/O Request Packet (IRP), to communicate with a kernel-mode device driver as it is presented in figure (1).[5] Windows NT uses a layered driver model, starting in Bus driver tile it ends in upper filter driver, to process I/O Requests Packet. In this model, drivers are organized into stacks. Each driver in a stack is responsible for processing the part of the request that it can handle, if any. If the request cannot be completed, information for the lower driver in the stack is set up and the request is passed along to that driver.[2,5] This layered driver model allows functionality to be dynamically added to a driver stack. It also allows each driver to specialize in a particular type of function and decouples it from having to know about other drivers.[2,5] IRP FiDO FDO FiDO PDO In the windows Driver Model, each hardware device has at least two device drivers. One of these drivers, which is the function driver (FDO), is which it appears to be thought as the device driver; it understands all the details about how to make the hardware work. It’s responsible for initiating I/O operations, for handling the interrupts what occur when those operations finish, and for providing a way for the end user to exercise any control over the device that might be appropriate. [1,4,5] 2.1 Functional driver Function driver, this type of drivers can be either class or mini drivers, but they always act as an interface between abstract I/O request and the low-level physical driver code, function driver knows how to interpret all requested operations from the application level and upper drivers in the device stack, and without this driver the physical device can't even operate normally. [5,6,7] 2.2 Filter Drivers A Filter Driver is a special type of layered driver. What sets a filter driver apart from the layered driver is that it is invisible. They attach themselves to any other driver and intercept requests directed at the lower driver's Device objects. It is developed primarily to allow the addition of new functionality beyond what is currently available. The filter driver may either use the services of the original target of the I/O request, or use the services of other kernel-mode drivers to provide value-added functionality.[4,5,8] Filter drivers are divided into two classes, upper and lower class filters, what is above the function driver is upper driver while what is below the function driver is lower driver. Upper filter drivers see IRPs before the function driver, and they have the chance to support additional features that the function driver doesn’t know about. Lower filter drivers see IRPs that the function driver is trying to send to the bus driver. [5]
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 IRP passed to Dispatch routine Device Upper Filter Function drivers Class Lower Filter Figure (2) shows the life cycle of a communication session between user mode windows application and the hardware level device. The IRP constructed by the I/O manager will encapsulated both requested operation (i.e., READ, WRITE) and the data to be sent to the device. [5] Filter driver will intercept all IRPs exchanged between windows application and the hardware device and it is up to the designer to decide either to manipulate the data within the IRP or just sent down the stack [3,5] Figure (3) shows how filter driver will direct all IRPs passed through to a special handling function (for example DispatchAny), this handling function will receive all IRPs sent by the application and the operating system to the hardware device (for example USB device ). 32 Applications Win32 subsystem I/Q Manager Class Upper Filter Hardware abstraction layer Hardware driver Device divers Device lower filter Win32 API calls User mode Kernel mode Figure 2 : Shows the communication scheme between the application and the hardware Hal Calls
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 extern "C" NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject Intercept ALL IRPs traffic sent across device driver stack and send it to DispatchAny routine Figure (4) shows a kernel level code segment that represents the filter driver handler function where all IRPs end to. It is the filter driver handler function to decide what to do with the received IRPs, it could be any processing (encryption/decryption, compression, or any other added functionality). Writing filter driver in the first place to modify the behavior of a device in some way. Therefore, it should have a dispatch functions that do something with some of the IRPs that are directed this way. Normally not all IRP types are to be processed so, many are to be passed down the stack.[1,3,5] 33 Punicode_STRING RegistryPath) { Int i; DriverObject->DriverExtension->AddDevice=Add for ( i= 0; i < arraysize (DriverObject->MajorFunction) ; ++i) DriverObject->MajorFunction[i]= DispatchAnv; DriverObject-> MajorFunction [ IRP_MJ_POWER] = DispatchPower; DriverObject->MajorFunction [IRP_MJ_POWER]= DispatchPnp; Return STATUS_SUCCESS; } Figure 3: Shows code segment responsible of intercepting and directing IRP traffic
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 Figure (4) shows DispatchAny() function created to receive all IRPs moving down the stack, it is up to the programmer to pass it down or to reject it as a filteration process. 3. The Proposed USB complete protection model The core idea in this paper is to secure both the USB device and the data stored in that device due to manipulation of power and PNP packets, where the entire communication sessions established between USB plug and play devices and the computer system are monitored and secured by specially designed filter driver. The security model presented by this paper is not to secure sensitive data stored in a USB device as an isolated offline procedure, in other words data would not be manipulated at the file system level due to the complications of the file system auditing capabilities which are crucially required at this level. Secure device driving is the ultimate objective of the model presented in this work, where USB devices' traffic is to be manipulated at the packet level before even assembling data file. Windows I/O manager communicates to the mounted hardware devices through its corresponding installed drivers (i.e., provided by the hardware manufacturer). It is the responsibility of the drivers to do the real communication with the hardware while I/O manager responsibility is only to relay IRPs to/from user level applications and device driver stack (i.e., device stack layered device drivers in a sequential manner). The work introduced by this paper is composed of many software modules to grant developers the ability to develop each component separately, the main components are: 1- USB lower filter driver : to capture USB traffic 2- Kernel level Encryption Unit: to encrypt/decrypt USB traffic Configuration unit: to configure the encryption algorithm and interact with kernel module. 34 .
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 USB protection model presented in this paper is using symmetrical stream cipher algorithm using system of three linear shift registers (LFSR) as figure (6) shows. Figure 6: shows the key generator used by USB protection system The proposed package is upgradable in term of the ability to change the encryption algorithm due to the isolation of operation module and the encryption module. At each encryption session the round of the key-generator will be registered and saved with the encrypted data in the USB device. This round number could be very useful for the attacker in his/her way to compromise the encryption algorithm, so, this paper also has deployed a security software to encode the round number before saving it with the encrypted data. It is the MD5 module that has been deployed as the figure (7) shows. 35
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 36 4. USB File Filter Driver A file system filter driver is a kernel driver that has the same architecture and components of all kernel drivers, the only difference is the processing components where filter driver adds value to or modifies the behavior of a file system which is represented by stream of packets moving up and down the device stack. A file system filter driver is a kernel-mode component that runs as part of the Microsoft Windows NT executive. indows operating systems treat all devices as a file to which write/read operations can be conducted. So, the file system filter driver can filter I/O operations for one or more
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 file systems or file system devices. Depending on the nature of the driver, filter can mean log, observe, modify, encrypt/decrypt, compress/decompress, or even prevent. Typical applications for file system filter drivers include antivirus utilities, encryption programs, and hierarchical storage management systems. In this paper filter driver will be used to add security to the file system by encrypting file system send by applications which is encapsulated as stream of IRPs sent by I/O manager. 5. Discussion All hardware devices visibility is done through the device driver, without a driver it is impossible to communicate the device. In windows many kernels are contacting the device for example I/O manager, PNP manager and Power manager each of which has its own packet and interpretation, the common thing among those kernels is their packets have to pass through device driver, so, any manipulation to entire traffic of IRPs would not affect only the file system or power manipulation but it will affect all system behavior. The generated information of flash disk will have a great immunity against wide range of viruses due to the fact that viruses have to interpret data before attacking it, otherwise viruses will not be activated, this is the style used be Trojan viruses and other kind. As it concerns the spyware it has embed itself into the device stack at the authorized machine, and this issue has been resolved by many tapping proof security modules in windows 7. For the flash disk loaded with data generated by this system, the spyware has nothing to get on any other machines because the flash disk can't be read, so, how can the spyware intervene data exchanged with the un authorized system. 6. Conclusions 1- USB devices can be manipulated easily by filter driver without being noticed by traditional anti-virus, this paper has installed USB filter drive and has manipulated the traffic exchanged with the USB device without even a notice from the anti-virus installed on the test machine. 2- USB security system can be guaranteed for the USB device when an attacker tries to get the information on a different machine, so this model presented by this paper can secure the USB device mobility but it can't protect it from other intrusion techniques on the same machine like installing upper level filter driver where information can be captured easily. 7. References 1- Krs: http://www.krs.ca/2011/01/17/malware-virus-now-targets-usb-devices/ 2- Sunny: Sunnyvale (California, US) based security firm, threat report, Narus Inc. 2011 3- Microsoft Division, “Microsoft Windows 2000 Driver Design Guide”, Microsoft press,2000 4- Kasper001: www.kaspersky.com/de/news?id=207566365 5- Art Baker and Jerry Lozano, “The Windows 2000 Device Driver Book”, second edition , prentice-Hall, 2001 6- Andrew S. Tanenbaum, “Modern Operating Systems”, second edition , prentice-Hall 2001. 7- Charis Cant, “writing Windows WDM device drivers”, Berkeley, 1999 8- Walter Oney, “Programming the Microsoft Windows Driver Moderl”, second edition ,2003 37
The IISTE is a pioneer in the Open-Access hosting service and academic event management. The aim of the firm is Accelerating Global Knowledge Sharing. More information about the firm can be found on the homepage: http://www.iiste.org CALL FOR JOURNAL PAPERS There are more than 30 peer-reviewed academic journals hosted under the hosting platform. Prospective authors of journals can find the submission instruction on the following page: http://www.iiste.org/journals/ All the journals articles are available online to the readers all over the world without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself. Paper version of the journals is also available upon request of readers and authors. MORE RESOURCES Book publication information: http://www.iiste.org/book/ IISTE Knowledge Sharing Partners EBSCO, Index Copernicus, Ulrich's Periodicals Directory, JournalTOCS, PKP Open Archives Harvester, Bielefeld Academic Search Engine, Elektronische Zeitschriftenbibliothek EZB, Open J-Gate, OCLC WorldCat, Universe Digtial Library , NewJour, Google Scholar

Recommended

Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2Nishant Reshwal
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016dilahkmpk
 
Analysis of rxbot
Analysis of rxbotAnalysis of rxbot
Analysis of rxbotUltraUploader
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3IJERA Editor
 
Top 10 Latest Viruses
Top 10 Latest VirusesTop 10 Latest Viruses
Top 10 Latest VirusesLouise Balicat
 
IT Essentials (Version 7.0) - ITE Chapter 12 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 12 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 12 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 12 Exam AnswersITExamAnswers.net
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageMohamed Khaled
 

Recommended

Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2Nishant Reshwal
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016dilahkmpk
 
Analysis of rxbot
Analysis of rxbotAnalysis of rxbot
Analysis of rxbotUltraUploader
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3IJERA Editor
 
Top 10 Latest Viruses
Top 10 Latest VirusesTop 10 Latest Viruses
Top 10 Latest VirusesLouise Balicat
 
IT Essentials (Version 7.0) - ITE Chapter 12 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 12 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 12 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 12 Exam AnswersITExamAnswers.net
 
Android forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageAndroid forensics an Custom Recovery Image
Android forensics an Custom Recovery ImageMohamed Khaled
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesmkgspsu
 
computer security
computer securitycomputer security
computer securityAzhar Akhtar
 
Operating systems system structures
Operating systems system structuresOperating systems system structures
Operating systems system structuresMukesh Chinta
 
Android Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android AppsAndroid Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android AppsMoe Tanabian
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
Forensic Investigation of Android Operating System
Forensic Investigation of Android Operating SystemForensic Investigation of Android Operating System
Forensic Investigation of Android Operating Systemnishant24894
 
File000148
File000148File000148
File000148Desmond Devendran
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
HTCondor version 8.0 Windows Installation
HTCondor version 8.0 Windows InstallationHTCondor version 8.0 Windows Installation
HTCondor version 8.0 Windows InstallationGuy Tel-Zur
 
Embedded software
Embedded softwareEmbedded software
Embedded softwareAravind Manu
 
Comparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesComparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesIJERA Editor
 
Android Mobile forensics with custom recoveries
Android Mobile forensics with custom recoveriesAndroid Mobile forensics with custom recoveries
Android Mobile forensics with custom recoveriesIbrahim Mosaad
 
It ppt new
It ppt newIt ppt new
It ppt newchrispaul8676
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0Adebisi Tolulope
 
Linux System-R.D.Sivakumar
Linux System-R.D.SivakumarLinux System-R.D.Sivakumar
Linux System-R.D.SivakumarSivakumar R D .
 
Nota Padat ICT SPM
Nota Padat ICT SPMNota Padat ICT SPM
Nota Padat ICT SPMD.J Md Thani
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)ClubHack
 
outpass system
outpass systemoutpass system
outpass systemDhivakar K
 
J_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJ_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJuanita McConnell
 
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...IJITCA Journal
 

More Related Content

What's hot

(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesmkgspsu
 
Operating systems system structures
Operating systems system structuresOperating systems system structures
Operating systems system structuresMukesh Chinta
 
Android Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android AppsAndroid Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android AppsMoe Tanabian
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
Forensic Investigation of Android Operating System
Forensic Investigation of Android Operating SystemForensic Investigation of Android Operating System
Forensic Investigation of Android Operating Systemnishant24894
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
HTCondor version 8.0 Windows Installation
HTCondor version 8.0 Windows InstallationHTCondor version 8.0 Windows Installation
HTCondor version 8.0 Windows InstallationGuy Tel-Zur
 
Comparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesComparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesIJERA Editor
 
Android Mobile forensics with custom recoveries
Android Mobile forensics with custom recoveriesAndroid Mobile forensics with custom recoveries
Android Mobile forensics with custom recoveriesIbrahim Mosaad
 
Linux System-R.D.Sivakumar
Linux System-R.D.SivakumarLinux System-R.D.Sivakumar
Linux System-R.D.SivakumarSivakumar R D .
 
Nota Padat ICT SPM
Nota Padat ICT SPMNota Padat ICT SPM
Nota Padat ICT SPMD.J Md Thani
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)ClubHack
 
outpass system
outpass systemoutpass system
outpass systemDhivakar K
 

What's hot (20)

(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
computer security
computer securitycomputer security
computer security
 
Operating systems system structures
Operating systems system structuresOperating systems system structures
Operating systems system structures
 
Android Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android AppsAndroid Forensics: Exploring Android Internals and Android Apps
Android Forensics: Exploring Android Internals and Android Apps
 
Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoors
 
Forensic Investigation of Android Operating System
Forensic Investigation of Android Operating SystemForensic Investigation of Android Operating System
Forensic Investigation of Android Operating System
 
File000148
File000148File000148
File000148
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
 
HTCondor version 8.0 Windows Installation
HTCondor version 8.0 Windows InstallationHTCondor version 8.0 Windows Installation
HTCondor version 8.0 Windows Installation
 
Embedded software
Embedded softwareEmbedded software
Embedded software
 
Comparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced FeaturesComparison of Windows and Linux Operating Systems in Advanced Features
Comparison of Windows and Linux Operating Systems in Advanced Features
 
Android Mobile forensics with custom recoveries
Android Mobile forensics with custom recoveriesAndroid Mobile forensics with custom recoveries
Android Mobile forensics with custom recoveries
 
It ppt new
It ppt newIt ppt new
It ppt new
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Linux System-R.D.Sivakumar
Linux System-R.D.SivakumarLinux System-R.D.Sivakumar
Linux System-R.D.Sivakumar
 
Nota Padat ICT SPM
Nota Padat ICT SPMNota Padat ICT SPM
Nota Padat ICT SPM
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)
 
outpass system
outpass systemoutpass system
outpass system
 

Similar to Complete security package for usb thumb drive

J_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJ_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJuanita McConnell
 
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...IJITCA Journal
 
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...IJNSA Journal
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
Security Privacy Operating System and Artificial Intelligence
Security Privacy Operating System and Artificial IntelligenceSecurity Privacy Operating System and Artificial Intelligence
Security Privacy Operating System and Artificial IntelligenceMark John Lado, MIT
 
Slingshot APT - Critical Vulnerability through routers
Slingshot APT - Critical Vulnerability through routersSlingshot APT - Critical Vulnerability through routers
Slingshot APT - Critical Vulnerability through routersK. A. M Lutfullah
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 
The Pc And Its Operating Systems
The Pc And Its Operating SystemsThe Pc And Its Operating Systems
The Pc And Its Operating SystemsAmber Wheeler
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
Garbage Management using Android Smartphone
Garbage Management using Android SmartphoneGarbage Management using Android Smartphone
Garbage Management using Android Smartphoneijsrd.com
 
Portable storage device management
Portable storage device managementPortable storage device management
Portable storage device managementcseij
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityIAEME Publication
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Android vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspectiveAndroid vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspectiveRaj Pratim Bhattacharya
 

Similar to Complete security package for usb thumb drive (20)

J_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJ_McConnell_LabReconnaissance
J_McConnell_LabReconnaissance
 
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...
PROTOTYPE APPLICATION IN ANDROID PLATFORM FOR SYSTEM ADMINISTRATION OF HPC CL...
 
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
 
Security Privacy Operating System and Artificial Intelligence
Security Privacy Operating System and Artificial IntelligenceSecurity Privacy Operating System and Artificial Intelligence
Security Privacy Operating System and Artificial Intelligence
 
Slingshot APT - Critical Vulnerability through routers
Slingshot APT - Critical Vulnerability through routersSlingshot APT - Critical Vulnerability through routers
Slingshot APT - Critical Vulnerability through routers
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
 
The Pc And Its Operating Systems
The Pc And Its Operating SystemsThe Pc And Its Operating Systems
The Pc And Its Operating Systems
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud Environment
 
Garbage Management using Android Smartphone
Garbage Management using Android SmartphoneGarbage Management using Android Smartphone
Garbage Management using Android Smartphone
 
Assingment 5 - ENSA
Assingment 5 - ENSAAssingment 5 - ENSA
Assingment 5 - ENSA
 
Portable storage device management
Portable storage device managementPortable storage device management
Portable storage device management
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
 
A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network security
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Android vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspectiveAndroid vs ios System Architecture in OS perspective
Android vs ios System Architecture in OS perspective
 

More from Alexander Decker

Abnormalities of hormones and inflammatory cytokines in women affected with p...
Abnormalities of hormones and inflammatory cytokines in women affected with p...Abnormalities of hormones and inflammatory cytokines in women affected with p...
Abnormalities of hormones and inflammatory cytokines in women affected with p...Alexander Decker
 
A validation of the adverse childhood experiences scale in
A validation of the adverse childhood experiences scale inA validation of the adverse childhood experiences scale in
A validation of the adverse childhood experiences scale inAlexander Decker
 
A usability evaluation framework for b2 c e commerce websites
A usability evaluation framework for b2 c e commerce websitesA usability evaluation framework for b2 c e commerce websites
A usability evaluation framework for b2 c e commerce websitesAlexander Decker
 
A universal model for managing the marketing executives in nigerian banks
A universal model for managing the marketing executives in nigerian banksA universal model for managing the marketing executives in nigerian banks
A universal model for managing the marketing executives in nigerian banksAlexander Decker
 
A unique common fixed point theorems in generalized d
A unique common fixed point theorems in generalized dA unique common fixed point theorems in generalized d
A unique common fixed point theorems in generalized dAlexander Decker
 
A trends of salmonella and antibiotic resistance
A trends of salmonella and antibiotic resistanceA trends of salmonella and antibiotic resistance
A trends of salmonella and antibiotic resistanceAlexander Decker
 
A transformational generative approach towards understanding al-istifham
A transformational generative approach towards understanding al-istifhamA transformational generative approach towards understanding al-istifham
A transformational generative approach towards understanding al-istifhamAlexander Decker
 
A time series analysis of the determinants of savings in namibia
A time series analysis of the determinants of savings in namibiaA time series analysis of the determinants of savings in namibia
A time series analysis of the determinants of savings in namibiaAlexander Decker
 
A therapy for physical and mental fitness of school children
A therapy for physical and mental fitness of school childrenA therapy for physical and mental fitness of school children
A therapy for physical and mental fitness of school childrenAlexander Decker
 
A theory of efficiency for managing the marketing executives in nigerian banks
A theory of efficiency for managing the marketing executives in nigerian banksA theory of efficiency for managing the marketing executives in nigerian banks
A theory of efficiency for managing the marketing executives in nigerian banksAlexander Decker
 
A systematic evaluation of link budget for
A systematic evaluation of link budget forA systematic evaluation of link budget for
A systematic evaluation of link budget forAlexander Decker
 
A synthetic review of contraceptive supplies in punjab
A synthetic review of contraceptive supplies in punjabA synthetic review of contraceptive supplies in punjab
A synthetic review of contraceptive supplies in punjabAlexander Decker
 
A synthesis of taylor’s and fayol’s management approaches for managing market...
A synthesis of taylor’s and fayol’s management approaches for managing market...A synthesis of taylor’s and fayol’s management approaches for managing market...
A synthesis of taylor’s and fayol’s management approaches for managing market...Alexander Decker
 
A survey paper on sequence pattern mining with incremental
A survey paper on sequence pattern mining with incrementalA survey paper on sequence pattern mining with incremental
A survey paper on sequence pattern mining with incrementalAlexander Decker
 
A survey on live virtual machine migrations and its techniques
A survey on live virtual machine migrations and its techniquesA survey on live virtual machine migrations and its techniques
A survey on live virtual machine migrations and its techniquesAlexander Decker
 
A survey on data mining and analysis in hadoop and mongo db
A survey on data mining and analysis in hadoop and mongo dbA survey on data mining and analysis in hadoop and mongo db
A survey on data mining and analysis in hadoop and mongo dbAlexander Decker
 
A survey on challenges to the media cloud
A survey on challenges to the media cloudA survey on challenges to the media cloud
A survey on challenges to the media cloudAlexander Decker
 
A survey of provenance leveraged
A survey of provenance leveragedA survey of provenance leveraged
A survey of provenance leveragedAlexander Decker
 
A survey of private equity investments in kenya
A survey of private equity investments in kenyaA survey of private equity investments in kenya
A survey of private equity investments in kenyaAlexander Decker
 
A study to measures the financial health of
A study to measures the financial health ofA study to measures the financial health of
A study to measures the financial health ofAlexander Decker
 

More from Alexander Decker (20)

Abnormalities of hormones and inflammatory cytokines in women affected with p...
Abnormalities of hormones and inflammatory cytokines in women affected with p...Abnormalities of hormones and inflammatory cytokines in women affected with p...
Abnormalities of hormones and inflammatory cytokines in women affected with p...
 
A validation of the adverse childhood experiences scale in
A validation of the adverse childhood experiences scale inA validation of the adverse childhood experiences scale in
A validation of the adverse childhood experiences scale in
 
A usability evaluation framework for b2 c e commerce websites
A usability evaluation framework for b2 c e commerce websitesA usability evaluation framework for b2 c e commerce websites
A usability evaluation framework for b2 c e commerce websites
 
A universal model for managing the marketing executives in nigerian banks
A universal model for managing the marketing executives in nigerian banksA universal model for managing the marketing executives in nigerian banks
A universal model for managing the marketing executives in nigerian banks
 
A unique common fixed point theorems in generalized d
A unique common fixed point theorems in generalized dA unique common fixed point theorems in generalized d
A unique common fixed point theorems in generalized d
 
A trends of salmonella and antibiotic resistance
A trends of salmonella and antibiotic resistanceA trends of salmonella and antibiotic resistance
A trends of salmonella and antibiotic resistance
 
A transformational generative approach towards understanding al-istifham
A transformational generative approach towards understanding al-istifhamA transformational generative approach towards understanding al-istifham
A transformational generative approach towards understanding al-istifham
 
A time series analysis of the determinants of savings in namibia
A time series analysis of the determinants of savings in namibiaA time series analysis of the determinants of savings in namibia
A time series analysis of the determinants of savings in namibia
 
A therapy for physical and mental fitness of school children
A therapy for physical and mental fitness of school childrenA therapy for physical and mental fitness of school children
A therapy for physical and mental fitness of school children
 
A theory of efficiency for managing the marketing executives in nigerian banks
A theory of efficiency for managing the marketing executives in nigerian banksA theory of efficiency for managing the marketing executives in nigerian banks
A theory of efficiency for managing the marketing executives in nigerian banks
 
A systematic evaluation of link budget for
A systematic evaluation of link budget forA systematic evaluation of link budget for
A systematic evaluation of link budget for
 
A synthetic review of contraceptive supplies in punjab
A synthetic review of contraceptive supplies in punjabA synthetic review of contraceptive supplies in punjab
A synthetic review of contraceptive supplies in punjab
 
A synthesis of taylor’s and fayol’s management approaches for managing market...
A synthesis of taylor’s and fayol’s management approaches for managing market...A synthesis of taylor’s and fayol’s management approaches for managing market...
A synthesis of taylor’s and fayol’s management approaches for managing market...
 
A survey paper on sequence pattern mining with incremental
A survey paper on sequence pattern mining with incrementalA survey paper on sequence pattern mining with incremental
A survey paper on sequence pattern mining with incremental
 
A survey on live virtual machine migrations and its techniques
A survey on live virtual machine migrations and its techniquesA survey on live virtual machine migrations and its techniques
A survey on live virtual machine migrations and its techniques
 
A survey on data mining and analysis in hadoop and mongo db
A survey on data mining and analysis in hadoop and mongo dbA survey on data mining and analysis in hadoop and mongo db
A survey on data mining and analysis in hadoop and mongo db
 
A survey on challenges to the media cloud
A survey on challenges to the media cloudA survey on challenges to the media cloud
A survey on challenges to the media cloud
 
A survey of provenance leveraged
A survey of provenance leveragedA survey of provenance leveraged
A survey of provenance leveraged
 
A survey of private equity investments in kenya
A survey of private equity investments in kenyaA survey of private equity investments in kenya
A survey of private equity investments in kenya
 
A study to measures the financial health of
A study to measures the financial health ofA study to measures the financial health of
A study to measures the financial health of
 

Recently uploaded

Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 

Recently uploaded (20)

Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 

Complete security package for usb thumb drive

  • 1. Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 Complete Security Package for USB Thumb Drive Sinan Adnan Diwan 1,4, .Dr.Sundresan Perumal 2, Ammar J.Fatah 3* 1. Wasit University,College of Computer and Mathematics,Computer Science dept. Wasit,Republic of Iraq 2. Limkokwing University of creative technology,information technology department ,cyberjaya,Selangor,Malaysia 3.Science Gate,Virtual Research Center ,System security dept. 4. Limkokwing University of Creative Technology,Information Technology Department, Cyberjaya,Selangor,Malaysia 30 Abstract This paper is devoted to design and implement a complete security platform for USB flash disks due to the popularity of this device in exchanging data, it is a complete system security solution as it concerns the thumb drive due to the manipulation of I/O operation not the file system. USB flash disks have been the major threat for computer system beside the internet threats where viruses can spread from computer to computer or from computer to network. USB complete security system presented by this paper is composed of three essential elements: kernel filter driver which will be installed in USB device driver stack to intercept all exchanged packets and send it to encryption unit, kernel level encryption/decryption unit and configuration unit. In contrary to most USB security modules the system presented by this paper will store only the round number of the key generator with the encrypted data. Round number will be coded using MD5 algorithm to increase the immunity of attacking data stored in the flash disks. Keywords: USB protection, kernel driver, device stack, encryption/decryption, filter driver, MD5. 1. Introduction USB memory sticks can be found almost everywhere. Today, they can be seen as the replacement for floppy-disks, ZIP-drives and all that kind of media. A USB device is indeed a useful, economical way to transfer data. In fact, according to Gartner IT research and advisory company, there were roughly 222 million USB devices shipped in 2009. However, a recent study shows that though USB devices are a convenient means of transferring information, they can also serve as channels to transmit potential threats.[1] Sunnyvale (California, US) based security firm, Narus Inc. recently listed the 10 "cyber threat trends" for 2011 and beyond, claiming that as attacks through USB becomes inexpensive and data is circulated through them at various public and private locations, the probability of computer Trojans and other malicious software is increasing.[2] According to Panda’s report, 25% of worm based malware spreads through the USB drives. Even more, most of viruses are designed to spread via USB drives. Security Company confirms that cybercriminals are very persistent and put a lot of efforts to make user’s life impossible.[3] 25% of latest created malware are configured to enter the system through portable storage devices, usually USB drives. Luis Corrons, the technical director of PandaLabs, the research arm of Panda Security comments: „Much of the malware in circulation has been designed to distribute through these devices. Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user.“ [2] A recent Panda survey has shown that 27% attacks of worm based malware discovered last year used USB hardware to get in. Corrons warns about the real threat to smartphones, cameras and music players. “All these devices have memory cards or internal memories and therefore it is very easy for a cell phone to be carrying a virus.[4,3] Kaspersky Lab warns of a new type of malicious program, which currently gives up virus experts still riddle the Stuxnet Trojan. Alex Gostev, Virenanalyst bei Kaspersky Lab, nimmt in drei Blogbeiträgen die neue Windows-Zero-Day-Lücke genauer unter die Lupe. Alex Gostev, virus analyst at Kaspersky Lab, takes in three blog posts, the new Windows zero-day vulnerability more closely. [5] Der Trojaner Stuxnet, von Kaspersky Lab als Trojan-Dropper.Win32.Stuxnet identifiziert, infiziert USB-Sticks mittels Lnk-Dateien und verbreitet sich anschließend durch die mobilen Datenträger über die Autorun- Funktion von Windows. The Trojan Stuxnet, Kaspersky Lab as Trojan-Dropper.Win32.Stuxnet identified from infected USB sticks by Link files and then spread through the mobile devices through the auto-run feature of Windows.[7]
  • 2. Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 Upper filter driver Function driver Lower filter driver Bus driver Figure 1 : Layering of device objects & drivers in the Windows Driver Model 31 2. Windows Architecture and Device Stack Windows NT allows several driver layers to exist between an application and a piece of hardware. Thus drivers are grouped together in stacks that work together to completely process a request targeted at a particular device object.[5] The operating system uses a data structure known as an I/O Request Packet (IRP), to communicate with a kernel-mode device driver as it is presented in figure (1).[5] Windows NT uses a layered driver model, starting in Bus driver tile it ends in upper filter driver, to process I/O Requests Packet. In this model, drivers are organized into stacks. Each driver in a stack is responsible for processing the part of the request that it can handle, if any. If the request cannot be completed, information for the lower driver in the stack is set up and the request is passed along to that driver.[2,5] This layered driver model allows functionality to be dynamically added to a driver stack. It also allows each driver to specialize in a particular type of function and decouples it from having to know about other drivers.[2,5] IRP FiDO FDO FiDO PDO In the windows Driver Model, each hardware device has at least two device drivers. One of these drivers, which is the function driver (FDO), is which it appears to be thought as the device driver; it understands all the details about how to make the hardware work. It’s responsible for initiating I/O operations, for handling the interrupts what occur when those operations finish, and for providing a way for the end user to exercise any control over the device that might be appropriate. [1,4,5] 2.1 Functional driver Function driver, this type of drivers can be either class or mini drivers, but they always act as an interface between abstract I/O request and the low-level physical driver code, function driver knows how to interpret all requested operations from the application level and upper drivers in the device stack, and without this driver the physical device can't even operate normally. [5,6,7] 2.2 Filter Drivers A Filter Driver is a special type of layered driver. What sets a filter driver apart from the layered driver is that it is invisible. They attach themselves to any other driver and intercept requests directed at the lower driver's Device objects. It is developed primarily to allow the addition of new functionality beyond what is currently available. The filter driver may either use the services of the original target of the I/O request, or use the services of other kernel-mode drivers to provide value-added functionality.[4,5,8] Filter drivers are divided into two classes, upper and lower class filters, what is above the function driver is upper driver while what is below the function driver is lower driver. Upper filter drivers see IRPs before the function driver, and they have the chance to support additional features that the function driver doesn’t know about. Lower filter drivers see IRPs that the function driver is trying to send to the bus driver. [5]
  • 3. Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 IRP passed to Dispatch routine Device Upper Filter Function drivers Class Lower Filter Figure (2) shows the life cycle of a communication session between user mode windows application and the hardware level device. The IRP constructed by the I/O manager will encapsulated both requested operation (i.e., READ, WRITE) and the data to be sent to the device. [5] Filter driver will intercept all IRPs exchanged between windows application and the hardware device and it is up to the designer to decide either to manipulate the data within the IRP or just sent down the stack [3,5] Figure (3) shows how filter driver will direct all IRPs passed through to a special handling function (for example DispatchAny), this handling function will receive all IRPs sent by the application and the operating system to the hardware device (for example USB device ). 32 Applications Win32 subsystem I/Q Manager Class Upper Filter Hardware abstraction layer Hardware driver Device divers Device lower filter Win32 API calls User mode Kernel mode Figure 2 : Shows the communication scheme between the application and the hardware Hal Calls
  • 4. Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 extern "C" NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject Intercept ALL IRPs traffic sent across device driver stack and send it to DispatchAny routine Figure (4) shows a kernel level code segment that represents the filter driver handler function where all IRPs end to. It is the filter driver handler function to decide what to do with the received IRPs, it could be any processing (encryption/decryption, compression, or any other added functionality). Writing filter driver in the first place to modify the behavior of a device in some way. Therefore, it should have a dispatch functions that do something with some of the IRPs that are directed this way. Normally not all IRP types are to be processed so, many are to be passed down the stack.[1,3,5] 33 Punicode_STRING RegistryPath) { Int i; DriverObject->DriverExtension->AddDevice=Add for ( i= 0; i < arraysize (DriverObject->MajorFunction) ; ++i) DriverObject->MajorFunction[i]= DispatchAnv; DriverObject-> MajorFunction [ IRP_MJ_POWER] = DispatchPower; DriverObject->MajorFunction [IRP_MJ_POWER]= DispatchPnp; Return STATUS_SUCCESS; } Figure 3: Shows code segment responsible of intercepting and directing IRP traffic
  • 5. Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 Figure (4) shows DispatchAny() function created to receive all IRPs moving down the stack, it is up to the programmer to pass it down or to reject it as a filteration process. 3. The Proposed USB complete protection model The core idea in this paper is to secure both the USB device and the data stored in that device due to manipulation of power and PNP packets, where the entire communication sessions established between USB plug and play devices and the computer system are monitored and secured by specially designed filter driver. The security model presented by this paper is not to secure sensitive data stored in a USB device as an isolated offline procedure, in other words data would not be manipulated at the file system level due to the complications of the file system auditing capabilities which are crucially required at this level. Secure device driving is the ultimate objective of the model presented in this work, where USB devices' traffic is to be manipulated at the packet level before even assembling data file. Windows I/O manager communicates to the mounted hardware devices through its corresponding installed drivers (i.e., provided by the hardware manufacturer). It is the responsibility of the drivers to do the real communication with the hardware while I/O manager responsibility is only to relay IRPs to/from user level applications and device driver stack (i.e., device stack layered device drivers in a sequential manner). The work introduced by this paper is composed of many software modules to grant developers the ability to develop each component separately, the main components are: 1- USB lower filter driver : to capture USB traffic 2- Kernel level Encryption Unit: to encrypt/decrypt USB traffic Configuration unit: to configure the encryption algorithm and interact with kernel module. 34 .
  • 6. Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 USB protection model presented in this paper is using symmetrical stream cipher algorithm using system of three linear shift registers (LFSR) as figure (6) shows. Figure 6: shows the key generator used by USB protection system The proposed package is upgradable in term of the ability to change the encryption algorithm due to the isolation of operation module and the encryption module. At each encryption session the round of the key-generator will be registered and saved with the encrypted data in the USB device. This round number could be very useful for the attacker in his/her way to compromise the encryption algorithm, so, this paper also has deployed a security software to encode the round number before saving it with the encrypted data. It is the MD5 module that has been deployed as the figure (7) shows. 35
  • 7. Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 36 4. USB File Filter Driver A file system filter driver is a kernel driver that has the same architecture and components of all kernel drivers, the only difference is the processing components where filter driver adds value to or modifies the behavior of a file system which is represented by stream of packets moving up and down the device stack. A file system filter driver is a kernel-mode component that runs as part of the Microsoft Windows NT executive. indows operating systems treat all devices as a file to which write/read operations can be conducted. So, the file system filter driver can filter I/O operations for one or more
  • 8. Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.5, No.8, 2014 file systems or file system devices. Depending on the nature of the driver, filter can mean log, observe, modify, encrypt/decrypt, compress/decompress, or even prevent. Typical applications for file system filter drivers include antivirus utilities, encryption programs, and hierarchical storage management systems. In this paper filter driver will be used to add security to the file system by encrypting file system send by applications which is encapsulated as stream of IRPs sent by I/O manager. 5. Discussion All hardware devices visibility is done through the device driver, without a driver it is impossible to communicate the device. In windows many kernels are contacting the device for example I/O manager, PNP manager and Power manager each of which has its own packet and interpretation, the common thing among those kernels is their packets have to pass through device driver, so, any manipulation to entire traffic of IRPs would not affect only the file system or power manipulation but it will affect all system behavior. The generated information of flash disk will have a great immunity against wide range of viruses due to the fact that viruses have to interpret data before attacking it, otherwise viruses will not be activated, this is the style used be Trojan viruses and other kind. As it concerns the spyware it has embed itself into the device stack at the authorized machine, and this issue has been resolved by many tapping proof security modules in windows 7. For the flash disk loaded with data generated by this system, the spyware has nothing to get on any other machines because the flash disk can't be read, so, how can the spyware intervene data exchanged with the un authorized system. 6. Conclusions 1- USB devices can be manipulated easily by filter driver without being noticed by traditional anti-virus, this paper has installed USB filter drive and has manipulated the traffic exchanged with the USB device without even a notice from the anti-virus installed on the test machine. 2- USB security system can be guaranteed for the USB device when an attacker tries to get the information on a different machine, so this model presented by this paper can secure the USB device mobility but it can't protect it from other intrusion techniques on the same machine like installing upper level filter driver where information can be captured easily. 7. References 1- Krs: http://www.krs.ca/2011/01/17/malware-virus-now-targets-usb-devices/ 2- Sunny: Sunnyvale (California, US) based security firm, threat report, Narus Inc. 2011 3- Microsoft Division, “Microsoft Windows 2000 Driver Design Guide”, Microsoft press,2000 4- Kasper001: www.kaspersky.com/de/news?id=207566365 5- Art Baker and Jerry Lozano, “The Windows 2000 Device Driver Book”, second edition , prentice-Hall, 2001 6- Andrew S. Tanenbaum, “Modern Operating Systems”, second edition , prentice-Hall 2001. 7- Charis Cant, “writing Windows WDM device drivers”, Berkeley, 1999 8- Walter Oney, “Programming the Microsoft Windows Driver Moderl”, second edition ,2003 37
  • 9. The IISTE is a pioneer in the Open-Access hosting service and academic event management. The aim of the firm is Accelerating Global Knowledge Sharing. More information about the firm can be found on the homepage: http://www.iiste.org CALL FOR JOURNAL PAPERS There are more than 30 peer-reviewed academic journals hosted under the hosting platform. Prospective authors of journals can find the submission instruction on the following page: http://www.iiste.org/journals/ All the journals articles are available online to the readers all over the world without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself. Paper version of the journals is also available upon request of readers and authors. MORE RESOURCES Book publication information: http://www.iiste.org/book/ IISTE Knowledge Sharing Partners EBSCO, Index Copernicus, Ulrich's Periodicals Directory, JournalTOCS, PKP Open Archives Harvester, Bielefeld Academic Search Engine, Elektronische Zeitschriftenbibliothek EZB, Open J-Gate, OCLC WorldCat, Universe Digtial Library , NewJour, Google Scholar