SBIR-STTR Award

This Small Business Innovation Research (SBIR) Phase I project will address the rapidly growing threats to endpoint security from attacks and data loss over Universal Serial Bus (USB). At present, virtually all USB security measures are located as software on the host or as a secured physical device. Neither of these approaches is truly capable of addressing the vulnerability as a whole - software solutions can be bypassed and a physical peripheral device cannot secure the data that is transmitted on the bus. The proposed technology is located external to the host, so it is capable of securing the entire bus. The specific technical objectives include the construction of a security device capable of stopping representative attacks in the USB threat model that are not solved by existing solutions. Such a device would enable a breakthrough improvement in the field of USB cybersecurity. The anticipated results for proposed research are to demonstrate that such a device can stop attacks and data loss without introducing prohibitive overhead. The broader impact/commercial potential of this project is understood by recognizing that it represents a disruptive change to USB security. USB security has become critical for many organizations, especially healthcare, financial, and defense institutions. The number of data loss incidents over USB has exploded with the availability of smart devices and tablets. USB attacks compromised Predator drones in 2011 using USB drives, and the Military has implemented USB bans, degrading productivity and increasing costs. Despite USB bans, attacks and data loss over USB continue due to workarounds and limitations of current solutions. The proposed technology will provide unprecedented levels of security to USB and a framework to build future security infrastructure. To stimulate continued innovations, the platform will be opened to the greater scientific and commercial community to develop the next generation of algorithms to stop attacks and data loss over USB. In addition, the device provides unparalleled access to USB data with a simple interface, so it can enable students and professionals to rapidly ramp up their understanding of USB without the currently necessary prerequisites of expensive hardware and proprietary software. The device can ultimately be integrated into computers, which would impact the security of every computer

This Small Business Innovation Research (SBIR) Phase II project will address the rapidly growing threats to endpoint security from attacks and data loss over USB. At present, virtually all USB security measures are located as software on the host or as a secured physical device. Neither of these approaches is truly capable of addressing the vulnerability as a whole - software solutions can be bypassed and a physical peripheral device cannot secure the data that is transmitted on the bus. The proposed technology is located next to the host, so it is capable of securing the entire bus. Our specific technical objectives include the construction of a security device capable of stopping representative attacks in the USB Threat Model that are not solved by existing solutions. Such a device would enable a disruptive improvement in the field of USB cybersecurity. The anticipated results for proposed project will be the development of the product for deployment to customers.

The broader impact/commercial potential of this project would be a disruptive change to USB security. USB security has become critical for many organizations with secure networks, especially healthcare, financial, and defense institutions. The number of data loss incidents over USB has exploded with the availability of smart devices and tablets. USB attacks compromised Predator drones in 2011 using USB drives, and the Military has implemented USB bans, degrading productivity and increasing costs. Despite USB bans, attacks and data loss over USB continue. The proposed device is capable of providing unprecedented levels of security to USB and a framework to build future security infrastructure. To stimulate continued innovations in security and mobile devices markets, we plan to open our platform to the greater scientific and commercial community to develop the next generation of algorithms to stop attacks and data loss over USB. Since our device provides access to USB data with an API, it can enable students and professionals to rapidly ramp up their understanding of USB without the need of expensive hardware and proprietary software. Our device can be integrated inside PCs and smart devices, which would impact the security of every computer, smart device, networks and the "cloud" ----------The objective of this effort is to perform tasks associated with development and maturation of Universal Serial Bus (USB) port security technology for securing Air Force systems from attack and data loss over USB. The proposed demonstration promises significant improvements in USB port security. Improved hardware and software will be needed to address the current Air Force IT security gap related to use of the USB port.

Benefit:
Attacks and data loss over USB represent a current Air Force IT security gap. The Air Force recognized the need to develop innovative tools and solutions to address attacks and data losses over USB. The USB port security technology holds the promise of fulfilling the identified technology needs.