USB Firewall for Direct Connect USB Cyber Warfare Protection

Malware spreading from unprotected USB ports has been increasing for several years, resulting in a complete ban on using USB external devices on Army computers. As administrators have locked down auto-execute on Windows and other OSes, attackers have changed to spoofing hardware components, opening multiple devices (allowable under USB specs), and even exploiting holes in kernel drivers be sending specially crafted packets to the OS. Most systems provide no protection on the USB ports, assuming that users will not attack their own computer. Cybernet proposes to design and implement a low-cost USB hardware firewall, which will prevent a device from masquerading as undesired device types, and which will validate the USB connection and packets, providing another layer of assurance against malformed packet attacks. On device storage can provide a log of firewall activity, and help in forensic analysis of unknown or untrusted devices. The result of a Phase I effort will be a prototype demonstrating USB passthrough and monitoring for a single device class and blocking of one device class. The result of Phase II will be a TRL 5 device and a production plan.