{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:02:02Z","timestamp":1777806122560,"version":"3.51.4"},"reference-count":45,"publisher":"SAGE Publications","issue":"1","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2021,2,3]]},"abstract":"<jats:p>Industrial Control Systems (ICS) are sensible targets for high profile attackers and advanced persistent threats, which are known to exploit USB thumb drives as an effective spreading vector. In ICSes, thumb drives are widely used to transfer files among disconnected systems and represent a serious security risks, since, they may be promiscuously used in both critical and regular systems. The threats come both from malware hidden in files stored in the thumb drives and from BadUSB attacks. BadUSB leverages the modification of firmware of USB devices in order to mimic the behaviour of a keyboard and send malicious commands to the host.<\/jats:p>\n                  <jats:p>We present a solution that allows a promiscuous use of USB thumbs drives while protecting critical machines from malware, that spreads by regular file infection or by firmware infection. The main component of the architecture we propose is an hardware, called USBCaptchaIn, intended to be in the middle between critical machines and connected USB devices. We do not require users to change the way they use thumb drives. To avoid human-errors, we do not require users to take any decision. The proposed approach is highly compatible with already deployed products of a ICS environment and proactively blocks malware before they reach their targets. We describe our solution, provide a thorough analysis of the security of our approach in the ICS context, and report the informal feedback of some experts regarding our first prototypes.<\/jats:p>","DOI":"10.3233\/jcs-191404","type":"journal-article","created":{"date-parts":[[2020,12,8]],"date-time":"2020-12-08T23:29:39Z","timestamp":1607470179000},"page":"51-76","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":4,"title":["USBCaptchaIn: Preventing (un)conventional attacks from promiscuously used USB devices in industrial control systems"],"prefix":"10.1177","volume":"29","author":[{"given":"Federico","family":"Griscioli","sequence":"first","affiliation":[{"name":"Sezione di Informatica e Automazione, Dipartimento di Ingegneria, Universit\u00e0 degli Studi Roma Tre, Via della Vasca Navale 79, 00146 Roma, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maurizio","family":"Pizzonia","sequence":"additional","affiliation":[{"name":"Sezione di Informatica e Automazione, Dipartimento di Ingegneria, Universit\u00e0 degli Studi Roma Tre, Via della Vasca Navale 79, 00146 Roma, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2020,12,7]]},"reference":[{"key":"ref001","doi-asserted-by":"publisher","DOI":"10.1109\/MC.1983.1654439"},{"key":"ref002","unstructured":"beagleboard.org. BeagleBone Black, https:\/\/beagleboard.org\/black [Online; accessed 27-July-2016]."},{"key":"ref003","unstructured":"K.J.\u00a0Biba, Integrity considerations for secure computer systems, Technical report, DTIC Document, 1977."},{"key":"ref004","unstructured":"Bitlocker drive encryption overview, On-line, http:\/\/windows.microsoft.com\/en-US\/windows-vista\/BitLocker-Drive-Encryption-Overview."},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"A.\u00a0Cirillo, A.\u00a0Mauro, D.\u00a0Pennino, M.\u00a0Pizzonia, A.\u00a0Vitaletti and M.\u00a0Zecchini, Decentralized Robinson list, in: Proceedings of the 3rd Workshop on Cryptocurrencies and Blockchains for Distributed Systems, Association for Computing Machinery, New York, NY, USA, 2020. To appear.","DOI":"10.1145\/3410699.3413790"},{"key":"ref006","doi-asserted-by":"crossref","unstructured":"G.\u00a0Del Monte, D.\u00a0Pennino and M.\u00a0Pizzonia, Scaling blockchains without giving up decentralization and security, in: Proceedings of the 3rd Workshop on Cryptocurrencies and Blockchains for Distributed Systems, Association for Computing Machinery, New York, NY, USA, 2020. To appear.","DOI":"10.1145\/3410699.3413800"},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2003-11302"},{"key":"ref008","doi-asserted-by":"crossref","unstructured":"G.\u00a0Di Battista and B.\u00a0Palazzi, Authenticated relational tables and authenticated skip lists, in: Data and Applications Security XXI, Springer, 2007, pp.\u00a031\u201346.","DOI":"10.1007\/978-3-540-73538-0_3"},{"key":"ref009","unstructured":"A.\u00a0Di Pinto, Y.\u00a0Dragoni and A.\u00a0Carcano, Triton: The first ics cyber attack on safety instrument systems, in: Proc. Black Hat USA, 2018, pp.\u00a01\u201326."},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"T.\u00a0Dierks and E.\u00a0Rescorla, The transport layer security (tls) protocol version 1.2, Technical report, 2008.","DOI":"10.17487\/rfc5246"},{"key":"ref011","unstructured":"Dokany. Dokan \u2013 User mode filesystem for Windows OS, On-line, http:\/\/fuse.sourceforge.net\/ [Accessed 24-November-2015]."},{"key":"ref012","unstructured":"Fuse. Fuse \u2013 Filesystem in userspace, On-line, http:\/\/fuse.sourceforge.net\/."},{"key":"ref013","unstructured":"M.T.\u00a0Goodrich and R.\u00a0Tamassia, Efficient authenticated dictionaries with skip lists and commutative hashing,\n                      US Patent App\n                      , 10(416,015), 2000."},{"key":"ref014","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2016.7907002"},{"key":"ref015","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2016.7907004"},{"key":"ref016","unstructured":"P.\u00a0Hunt, M.\u00a0Konar, F.P.\u00a0Junqueira and B.R.\u00a0Zookeeper, Wait-free coordination for Internet-scale systems, in: USENIX Annual Technical Conference, Vol.\u00a08, Boston, MA, USA, 2010."},{"key":"ref017","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2017.1329461"},{"key":"ref018","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Lee, H.\u00a0Lee, K.\u00a0Lee and K.\u00a0Yim, Cognitive countermeasures against bad USB, in: International Conference on Broadband and Wireless Computing, Communication and Applications, Springer, 2016, pp.\u00a0377\u2013386.","DOI":"10.1007\/978-3-319-49106-6_36"},{"key":"ref019","unstructured":"T.G.\u00a0Lewis, Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, John Wiley & Sons, 2014."},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"J.\u00a0Li, M.N.\u00a0Krohn, D.\u00a0Mazi\u00e8res and D.\u00a0Shasha, Secure untrusted data repository (SUNDR), in: OSDI, Vol.\u00a04, 2004, p.\u00a09.","DOI":"10.21236\/ADA445862"},{"key":"ref021","unstructured":"libusb: A cross-platform user library to access USB devices, http:\/\/libusb.info\/ [Online; accessed 28-July-2016]."},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1109\/WF-IoT.2016.7845512"},{"key":"ref023","unstructured":"B.\u00a0Matteo, D.\u00a0Pennino and M.\u00a0Pizzonia, Blockchains meet distributed hash tables: Decoupling validation from state storage, in: Distributed Ledger Technology Workshop (DLT 2019), P.\u00a0Mori, M.\u00a0Bartoletti and S.\u00a0Bistarelli, eds, Vol.\u00a02334, 2019, pp.\u00a043\u201355."},{"key":"ref024","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48184-2_32"},{"key":"ref025","doi-asserted-by":"publisher","DOI":"10.1504\/IJCIS.2017.088233"},{"key":"ref026","doi-asserted-by":"publisher","DOI":"10.1007\/11596370_5"},{"key":"ref027","doi-asserted-by":"crossref","unstructured":"H.\u00a0Mohammadmoradi and O.\u00a0Gnawali, Making whitelisting-based defense work against BadUSB, in: Proceedings of the 2nd International Conference on Smart Digital Environment, ACM, 2018, pp.\u00a0127\u2013134.","DOI":"10.1145\/3289100.3289121"},{"key":"ref028","unstructured":"C.\u00a0Mulliner and E.R.W.\u00a0Weippl, USBlock: Blocking USB-based keypress injection attacks, in: Data and Applications Security and Privacy XXXII: 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Bergamo, Italy, July 16\u201318, 2018, Proceedings, Vol.\u00a010980, Springer, 2018, p.\u00a0278."},{"key":"ref029","unstructured":"National Security Agency, SELinux, On-line, http:\/\/www.nsa.gov\/selinux\/."},{"key":"ref030","doi-asserted-by":"crossref","unstructured":"S.\u00a0Neuner, A.G.\u00a0Voyiatzis, S.\u00a0Fotopoulos, C.\u00a0Mulliner and E.R.W.\u00a0Usblock, Blocking usb-based keypress injection attacks, in: IFIP Annual Conference on Data and Applications Security and Privacy, Springer, 2018, pp.\u00a0278\u2013295.","DOI":"10.1007\/978-3-319-95729-6_18"},{"key":"ref031","unstructured":"K.\u00a0Nohl and J.\u00a0Lell, BadUSB \u2013 On accessories that turn evil, https:\/\/www.blackhat.com\/us-14\/briefings.html#Nohl [Online; accessed 27-July-2016]."},{"key":"ref032","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13739-6_12"},{"key":"ref033","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2957346"},{"key":"ref034","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.05.018"},{"key":"ref035","doi-asserted-by":"crossref","unstructured":"D.\u00a0Pennino, M.\u00a0Pizzonia, A.\u00a0Vitaletti and M.\u00a0Zecchini, Binding of endpoints to identifiers by on-chain proofs, in: Proceedings of 1st Workshop on Blockchain Theory and Applications (BRAIN 2020), 2020. To appear.","DOI":"10.1109\/ISCC50000.2020.9219594"},{"key":"ref036","doi-asserted-by":"crossref","unstructured":"S.\u00a0Rautmare, Scada system security: Challenges and recommendations, in: India Conference (INDICON), 2011 Annual IEEE, IEEE, 2011, pp.\u00a01\u20134.","DOI":"10.1109\/INDCON.2011.6139567"},{"key":"ref037","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-25937-4_24"},{"key":"ref038","unstructured":"M.\u00a0Russinovich and D.A.\u00a0Solomon, Windows Internals: Including Windows Server 2008 and Windows Vista, Microsoft Press, 2009."},{"key":"ref039","unstructured":"IRONKEY\n                      TM\n                      . Secure USB Devices: Protect Against BadUSB Malware, http:\/\/www.ironkey.com\/en-US\/solutions\/protect-against-badusb.html [Online; accessed 27-July-2016]."},{"key":"ref040","unstructured":"Secure USB drive review, On-line, http:\/\/secure-usb-drive-review.toptenreviews.com\/."},{"key":"ref041","unstructured":"D.\u00a0Spill, USBProxy, https:\/\/github.com\/dominicgs\/USBProxy [Online; accessed 27-July-2016]."},{"key":"ref042","doi-asserted-by":"crossref","unstructured":"E.\u00a0Stefanov, M.\u00a0van Dijk, A.\u00a0Juels and A.\u00a0Oprea, Iris: A scalable cloud file system with efficient integrity checks, in: Proceedings of the 28th Annual Computer Security Applications Conference, ACM, 2012, pp.\u00a0229\u2013238.","DOI":"10.1145\/2420950.2420985"},{"key":"ref043","unstructured":"K.\u00a0Stouffer, J.\u00a0Falco and K.\u00a0Scarfone, Guide to industrial control systems (ICS) security,\n                      NIST Special Publication\n                      800\u201382, 2011."},{"key":"ref044","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818040"},{"key":"ref045","unstructured":"Trusted Computing Group, TPM 1.2 main specification, 2011, https:\/\/trustedcomputinggroup.org\/resource\/tpm-main-specification [On-line 2020-07-14]."}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191404","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-191404","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191404","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:25Z","timestamp":1777495525000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-191404"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":45,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,2,3]]}},"alternative-id":["10.3233\/JCS-191404"],"URL":"https:\/\/doi.org\/10.3233\/jcs-191404","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,12,7]]}}}