Saila: Human Interface Device (HID) Injection Protection with Smart Phone based Passwordless Security

The necessity for data protection is growing rapidly due to the increase in different kinds of attacks on information security systems. Standard computers and data processing machines are designed to be user-friendly, allowing human interaction through input devices like keyboards, mice, pointing de...

Full description

Saved in:
Bibliographic Details
Main Authors: Ghosh, Anisha, Mitra, Aditya, Sibi Chakkaravarathy, S, Devi Priya, V S, Anitha, S, Babu, Rakesh Thoppaen Suresh
Format: Conference Proceeding
Language:English
Subjects:
Authentication
Computers
FIDO2
HID Injection
HID injection prevention
Human Interface Device
Information security
Input devices
Keyboards
Mice
Object recognition
Passwordless Authentication
Universal Serial Bus
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 127
container_issue
container_start_page 122
container_title
container_volume
creator Ghosh, Anisha
Mitra, Aditya
Sibi Chakkaravarathy, S
Devi Priya, V S
Anitha, S
Babu, Rakesh Thoppaen Suresh
description The necessity for data protection is growing rapidly due to the increase in different kinds of attacks on information security systems. Standard computers and data processing machines are designed to be user-friendly, allowing human interaction through input devices like keyboards, mice, pointing devices, joysticks, game controllers, and more, collectively known as Human Interface Devices (HID). Malicious actors exploit these components to design attacks such as HID Injection. It entails plugging an accessible device-such as a USB stick-into the computer. The USB stick emulates a HID device, generally a keyboard, and enters malicious commands or scripts as if the user is manually typing it. This work presents an approach, Saila, that analyses and computes the configurations of peripheral devices that are attached, enabling it to automatically identify malicious USB. We employ FIDO2 specifications to evaluate the comparability between registered hardware and potentially dangerous hardware connected to the system. Saila has been tested using a variety of HID injection tools and has been observed that it disconnects the USB port and stops the attacker from moving forward if the evaluation is unsuccessful.
doi_str_mv 10.1109/ICDCSW63686.2024.00023
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_10660705</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10660705</ieee_id><sourcerecordid>10660705</sourcerecordid><originalsourceid>FETCH-LOGICAL-i106t-4bda1e26850b663a60d595333586761d930e8ee664d4abbfeaec22ea12b4c8843</originalsourceid><addsrcrecordid>eNotjs1Kw0AURkdBsNa-gcgsdZF65-8m405StYGChSguyyS5pVPaRDJTS9_egF2dw7c4fIzdC5gKAfapyGd5-Y0KM5xKkHoKAFJdsIlNbaYMKKNToS7ZSColE4OI1-wmhC2AsNbqEaPS-Z175vPD3rW8aCP1a1cTn9GvH_AwL2aPw7ylOvqu5cu-i2c9-rjh5d71kS83XUu8coEavnQhHLu-2VEIvKT60Pt4umVXa7cLNDlzzL7eXj_zebL4eC_yl0XiBWBMdNU4QRIzAxWicgiNsUYpZTJMUTRWAWVEiLrRrqrW5KiWkpyQla6zTKsxu_vveiJa_fR-uHdaDW2EFIz6Ay1UV38</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Saila: Human Interface Device (HID) Injection Protection with Smart Phone based Passwordless Security</title><source>IEEE Xplore All Conference Series</source><creator>Ghosh, Anisha ; Mitra, Aditya ; Sibi Chakkaravarathy, S ; Devi Priya, V S ; Anitha, S ; Babu, Rakesh Thoppaen Suresh</creator><creatorcontrib>Ghosh, Anisha ; Mitra, Aditya ; Sibi Chakkaravarathy, S ; Devi Priya, V S ; Anitha, S ; Babu, Rakesh Thoppaen Suresh</creatorcontrib><description>The necessity for data protection is growing rapidly due to the increase in different kinds of attacks on information security systems. Standard computers and data processing machines are designed to be user-friendly, allowing human interaction through input devices like keyboards, mice, pointing devices, joysticks, game controllers, and more, collectively known as Human Interface Devices (HID). Malicious actors exploit these components to design attacks such as HID Injection. It entails plugging an accessible device-such as a USB stick-into the computer. The USB stick emulates a HID device, generally a keyboard, and enters malicious commands or scripts as if the user is manually typing it. This work presents an approach, Saila, that analyses and computes the configurations of peripheral devices that are attached, enabling it to automatically identify malicious USB. We employ FIDO2 specifications to evaluate the comparability between registered hardware and potentially dangerous hardware connected to the system. Saila has been tested using a variety of HID injection tools and has been observed that it disconnects the USB port and stops the attacker from moving forward if the evaluation is unsuccessful.</description><identifier>EISSN: 2332-5666</identifier><identifier>EISBN: 9798350354713</identifier><identifier>DOI: 10.1109/ICDCSW63686.2024.00023</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Authentication ; Computers ; FIDO2 ; HID Injection ; HID injection prevention ; Human Interface Device ; Information security ; Input devices ; Keyboards ; Mice ; Object recognition ; Passwordless Authentication ; Universal Serial Bus</subject><ispartof>2024 IEEE 44th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2024, p.122-127</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10660705$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,27924,54554,54931</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10660705$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Ghosh, Anisha</creatorcontrib><creatorcontrib>Mitra, Aditya</creatorcontrib><creatorcontrib>Sibi Chakkaravarathy, S</creatorcontrib><creatorcontrib>Devi Priya, V S</creatorcontrib><creatorcontrib>Anitha, S</creatorcontrib><creatorcontrib>Babu, Rakesh Thoppaen Suresh</creatorcontrib><title>Saila: Human Interface Device (HID) Injection Protection with Smart Phone based Passwordless Security</title><title>2024 IEEE 44th International Conference on Distributed Computing Systems Workshops (ICDCSW)</title><addtitle>ICDCSW</addtitle><description>The necessity for data protection is growing rapidly due to the increase in different kinds of attacks on information security systems. Standard computers and data processing machines are designed to be user-friendly, allowing human interaction through input devices like keyboards, mice, pointing devices, joysticks, game controllers, and more, collectively known as Human Interface Devices (HID). Malicious actors exploit these components to design attacks such as HID Injection. It entails plugging an accessible device-such as a USB stick-into the computer. The USB stick emulates a HID device, generally a keyboard, and enters malicious commands or scripts as if the user is manually typing it. This work presents an approach, Saila, that analyses and computes the configurations of peripheral devices that are attached, enabling it to automatically identify malicious USB. We employ FIDO2 specifications to evaluate the comparability between registered hardware and potentially dangerous hardware connected to the system. Saila has been tested using a variety of HID injection tools and has been observed that it disconnects the USB port and stops the attacker from moving forward if the evaluation is unsuccessful.</description><subject>Authentication</subject><subject>Computers</subject><subject>FIDO2</subject><subject>HID Injection</subject><subject>HID injection prevention</subject><subject>Human Interface Device</subject><subject>Information security</subject><subject>Input devices</subject><subject>Keyboards</subject><subject>Mice</subject><subject>Object recognition</subject><subject>Passwordless Authentication</subject><subject>Universal Serial Bus</subject><issn>2332-5666</issn><isbn>9798350354713</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2024</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjs1Kw0AURkdBsNa-gcgsdZF65-8m405StYGChSguyyS5pVPaRDJTS9_egF2dw7c4fIzdC5gKAfapyGd5-Y0KM5xKkHoKAFJdsIlNbaYMKKNToS7ZSColE4OI1-wmhC2AsNbqEaPS-Z175vPD3rW8aCP1a1cTn9GvH_AwL2aPw7ylOvqu5cu-i2c9-rjh5d71kS83XUu8coEavnQhHLu-2VEIvKT60Pt4umVXa7cLNDlzzL7eXj_zebL4eC_yl0XiBWBMdNU4QRIzAxWicgiNsUYpZTJMUTRWAWVEiLrRrqrW5KiWkpyQla6zTKsxu_vveiJa_fR-uHdaDW2EFIz6Ay1UV38</recordid><startdate>20240723</startdate><enddate>20240723</enddate><creator>Ghosh, Anisha</creator><creator>Mitra, Aditya</creator><creator>Sibi Chakkaravarathy, S</creator><creator>Devi Priya, V S</creator><creator>Anitha, S</creator><creator>Babu, Rakesh Thoppaen Suresh</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>20240723</creationdate><title>Saila: Human Interface Device (HID) Injection Protection with Smart Phone based Passwordless Security</title><author>Ghosh, Anisha ; Mitra, Aditya ; Sibi Chakkaravarathy, S ; Devi Priya, V S ; Anitha, S ; Babu, Rakesh Thoppaen Suresh</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i106t-4bda1e26850b663a60d595333586761d930e8ee664d4abbfeaec22ea12b4c8843</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Authentication</topic><topic>Computers</topic><topic>FIDO2</topic><topic>HID Injection</topic><topic>HID injection prevention</topic><topic>Human Interface Device</topic><topic>Information security</topic><topic>Input devices</topic><topic>Keyboards</topic><topic>Mice</topic><topic>Object recognition</topic><topic>Passwordless Authentication</topic><topic>Universal Serial Bus</topic><toplevel>online_resources</toplevel><creatorcontrib>Ghosh, Anisha</creatorcontrib><creatorcontrib>Mitra, Aditya</creatorcontrib><creatorcontrib>Sibi Chakkaravarathy, S</creatorcontrib><creatorcontrib>Devi Priya, V S</creatorcontrib><creatorcontrib>Anitha, S</creatorcontrib><creatorcontrib>Babu, Rakesh Thoppaen Suresh</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Ghosh, Anisha</au><au>Mitra, Aditya</au><au>Sibi Chakkaravarathy, S</au><au>Devi Priya, V S</au><au>Anitha, S</au><au>Babu, Rakesh Thoppaen Suresh</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Saila: Human Interface Device (HID) Injection Protection with Smart Phone based Passwordless Security</atitle><btitle>2024 IEEE 44th International Conference on Distributed Computing Systems Workshops (ICDCSW)</btitle><stitle>ICDCSW</stitle><date>2024-07-23</date><risdate>2024</risdate><spage>122</spage><epage>127</epage><pages>122-127</pages><eissn>2332-5666</eissn><eisbn>9798350354713</eisbn><coden>IEEPAD</coden><abstract>The necessity for data protection is growing rapidly due to the increase in different kinds of attacks on information security systems. Standard computers and data processing machines are designed to be user-friendly, allowing human interaction through input devices like keyboards, mice, pointing devices, joysticks, game controllers, and more, collectively known as Human Interface Devices (HID). Malicious actors exploit these components to design attacks such as HID Injection. It entails plugging an accessible device-such as a USB stick-into the computer. The USB stick emulates a HID device, generally a keyboard, and enters malicious commands or scripts as if the user is manually typing it. This work presents an approach, Saila, that analyses and computes the configurations of peripheral devices that are attached, enabling it to automatically identify malicious USB. We employ FIDO2 specifications to evaluate the comparability between registered hardware and potentially dangerous hardware connected to the system. Saila has been tested using a variety of HID injection tools and has been observed that it disconnects the USB port and stops the attacker from moving forward if the evaluation is unsuccessful.</abstract><pub>IEEE</pub><doi>10.1109/ICDCSW63686.2024.00023</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2332-5666
ispartof 2024 IEEE 44th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2024, p.122-127
issn 2332-5666
language eng
recordid cdi_ieee_primary_10660705
source IEEE Xplore All Conference Series
subjects Authentication
Computers
FIDO2
HID Injection
HID injection prevention
Human Interface Device
Information security
Input devices
Keyboards
Mice
Object recognition
Passwordless Authentication
Universal Serial Bus
title Saila: Human Interface Device (HID) Injection Protection with Smart Phone based Passwordless Security
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T17%3A48%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Saila:%20Human%20Interface%20Device%20(HID)%20Injection%20Protection%20with%20Smart%20Phone%20based%20Passwordless%20Security&rft.btitle=2024%20IEEE%2044th%20International%20Conference%20on%20Distributed%20Computing%20Systems%20Workshops%20(ICDCSW)&rft.au=Ghosh,%20Anisha&rft.date=2024-07-23&rft.spage=122&rft.epage=127&rft.pages=122-127&rft.eissn=2332-5666&rft.coden=IEEPAD&rft_id=info:doi/10.1109/ICDCSW63686.2024.00023&rft.eisbn=9798350354713&rft_dat=%3Cieee_CHZPO%3E10660705%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i106t-4bda1e26850b663a60d595333586761d930e8ee664d4abbfeaec22ea12b4c8843%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10660705&rfr_iscdi=true