2016 2016: Daniel Noyes: Research in cyber security of USB devices

Daniel Noyes
Daniel was one of 15 New England students selected to present at the cyber security conference
2016 2016: Daniel Noyes: Research in cyber security of USB devices
Daniel Noyes: Research in cyber security of USB devices

Engineering graduate student Daniel Noyes '15, MS '16 was one of two winners at the Advanced Cyber Security Center's New England conference.

Daniel Noyes, a graduate student in electrical and computer engineering, has focused his research on the security of the USB (Universal Serial Bus), one of the most commonly used standards in the computing industry.

In the fall, he was named one of two winners at the Advanced Cyber Security Center’s (ACSC) New England cyber security conference. Daniel was one of 5 UMassD students who were selected to present at the conference. Overall, 15 students from New England colleges and universities took part in the competition.

Daniel presented on USB security and its vulnerabilities to passive and active cyber-attacks. His advisors on the presentation were electrical and computer engineering professors Dr. Hong Liu and Dr. Paul Fortier.

"My interest in USB security originated almost a year ago in Dr. Liu’s Network Security course,” said Daniel, who earned two bachelor's degrees, in computer engineering and electrical engineering, from UMassD's College of Engineering in May 2015.

"This course helped spark my interest in secure communication as well as embedded security. It dawned on me how a communication standard like the USB lacks security."

Ensuring USB security

The Universal Serial Bus (USB)‌ is one of the most commonly used devices in the computer industry today. Through the use of a common connection, USB allows numerous peripheral devices the ability to communicate with each other. The use of this technology spans from printers and storage media to user input devices, such as distributed power sources for cell phones.

"Because these devices are abundant in our everyday lives, ensuring security is essential," Daniel said.

"I think consumers right now know little about how secure the products they use are. But that is slowly changing, and soon consumers will have adequate knowledge to protect themselves as well as the products they use. We see more and more companies offering protection for consumers."

USB devices have the potential to become gateways for malicious software, Daniel noted. Due to these widespread insecurities, methods to protect critical devices are vital. The lack of security in current technology and lack of knowledge by consumers can lead to malicious software and/or individuals obtaining data via unsecure USB lines or other commonly used devices such as printers.


Sniffing out an attack

Daniel’s project aims to analyze the USB protocol regarding vulnerabilities in addition to experimenting with security measurements to protect the USB from both passive and active cyber-attacks. The project looks at various security scenarios and provides a basis to show the potential threat of any information communication using the USB.

Through two experiments, Daniel detailed how ever-expanding technology is creating new frontiers in the encryption security field. Daniel’s first experiment outlined a sniffer attack, a common cyber-attack of software or device that can read, monitor, and capture data. Without encryption, a "sniffer" provides a full view of the data. 

Daniel’s second experiment demonstrated the benefits of additional security overlays through encryption of the USB device. If a user was able to utilize this additional layer of protection, even if an attack was attempted, the malicious software or individual would not be able to collect any sensitive data.

Daniel’s project also outlined the ability of a malicious device to collect data simply through a user’s keyboard input.