1 / 41

USB Portable Firewall

Group May07-10 November 27, 2006. USB Portable Firewall. Project Team Information. Team Members Jason Erbskorn, EE Tim Polehna, EE/CprE Aaron Sartor, CprE Aaron Thoeming, EE Jared Wachter, EE/CprE Advisor Dr. Thomas Daniels Clients Dr. John W. Lamont Ralph Patterson III.

yehuda
Download Presentation

USB Portable Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Group May07-10 November 27, 2006 USB Portable Firewall

  2. Project Team Information • Team Members • Jason Erbskorn, EE • Tim Polehna, EE/CprE • Aaron Sartor, CprE • Aaron Thoeming, EE • Jared Wachter, EE/CprE • Advisor • Dr. Thomas Daniels • Clients • Dr. John W. Lamont • Ralph Patterson III

  3. Selected Definitions • Foreign computer – A computing machine that the user does not own and of which the security status is unknown • Home computer – A computing machine that the user owns, operates, and of which the security status is generally known

  4. Selected Definitions (contd.) • Malicious software – Any type of software whose intent is to harm computer systems, networks, and computer user data • USB storage – Memory, typically internal to a portable device, accessible by a computer using a USB Interface • Virus definitions – Database used by anti-virus software to detect malicious software

  5. Problem Statement • Create a portable USB storage device that meets the following requirements: • Has 1GB of portable flash storage • Blocks viral transmissions to and from the host computer • Blocks writes to the boot sector of the USB storage • Informs the user of actions taken against malicious attacks

  6. Operating Environment • Designed for Commercial Conditions • Environment: Indoors • Temperature: 0ºC to 70ºC • Relative humidity: 10% to 90%

  7. Intended User(s) • Owns one or more personal computers • Wants to use a portable USB storage device on foreign machines • Desires to keep home computers/network virus free

  8. Intended Use(s) • Contains 1GB of portable flash storage • Blocks viral transmissions to and from the host computer • Blocks writes to the boot sector of the USB storage device • Informs the user of actions taken against malicious attacks

  9. Assumptions • Home computer • Available USB 1.1/2.0 port • Microsoft Windows 2000/XP • USB Portable Firewall utility software installed • Foreign computer • Available USB 1.1/2.0 port • Microsoft Windows 2000/XP operating system

  10. Limitations • Virus detection • Cannot detect all possible malicious attacks. • Data rate • USB 1.1 (12 Mb/s) • Power • 2.5W maximum • USB interface • Need hardware with USB device controller • Budget • $150 maximum

  11. Expected End Product • 1GB of internal portable flash storage • Blocks viral transmissions to and from the host computer • Blocks writes to the boot sector of the portable USB storage

  12. Other Deliverables • Included CD-ROM • Update the anti-virus algorithms and definitions • Inform the user of actions taken against malicious attacks • Documentation • Project plan • End-product design report • Project poster • Final report

  13. Design Objectives • Select pre-built motherboard based on the following necessities: • USB device controller • Flash memory controller • Linux operating system • One USB port capable of data transfer and power distribution • $150 or less price • Relatively small size

  14. Design Objectives (contd.) • Design a case to hold the pre-built motherboard. • Develop utility software to do the following: • Allow the firmware image to be updated • Show details on prevented attacks

  15. Design Objectives (contd.) • Develop system software • Files are scanned for viruses during transfer: • Host computer  USB Portable Firewall • USB Portable Firewall  host computer • Infected files will not be transferred, notifying the user with a transfer error. • The end product shall not prevent files found to be uninfected from being transferred: • Host computer  USB Portable Firewall • USB Portable Firewall  host computer

  16. Design Constraints • Device operating system • Linux 2.6 • Host operating system • Windows 2000/XP • Power • One USB port only • Size • Commercial flash memory MP3 player • Storage • 1GB flash memory

  17. Design Approach • Operating system considerations • Linux 2.6 • Windows CE 5.0 • FreeDOS 1.0 • Linux 2.6 selected • Small size • Open source • Contains USB gadget interface

  18. Design Approach (contd.) • Antivirus software considerations • Open Antivirus • Clam AV • Norton Antivirus • Clam AV selected • Open source (free) • Regularly updated • Easy to use programming library

  19. Design Approach (contd.) • GUI programming language considerations • C++ • C# • Java • C# selected • Visual Studio IDE • Easy implementation difficulty • Team member experience

  20. Design Approach (contd.) Table 1: Possible Motherboards Comparison

  21. Design Approach (contd.) • Gumstix Basix 400xm Selected • 400MHz Intel XScale PXA225 microprocessor • 16MB of onboard flash memory • 64MB 100MHz onboard SDRAM • 60 pin Hirose I/O connector • MMC adapter for MMC flash media cards

  22. Design Approach (contd.) • Test design • Board Power-On • USB Device-Host Connection • Virus Detection • Override Function • Firmware Update

  23. Expansion Boards • 60 pin Hirose I/O connector • Type A Male USB Port • Capable of power distribution • USB 1.1 Standard • Two 60 pin Hirose I/O connectors • Input Power Port • RS-232 Serial Port

  24. Hardware Configuration for Initial Software Setup

  25. Final Hardware Implementation

  26. Typical Power Hardware Power Ratings Table 2: Typical Power Specifications of motherboards operating at 4.5V, Courtesy of Gumstix Corporation

  27. Basix 400xm + Thumbstix

  28. GPIO Connections

  29. Device SoftwareCommunication • Basic driver interaction • Device communication through software package SDK’s and API’s • Linux driver created using the Linux USB Gadget API • Windows driver not implemented due to generic mass storage drivers built-in to Win98SE/2K/XP/2003

  30. Device SoftwareSoftware Start-Up • Standard kernel boot process • Device won’t be available until the boot process is finished • User will be able to visually see that the device has finished booting • Scanning for software updates will occur at boot

  31. Device SoftwareSoftware Updating • During boot we verify the existence of a compressed file with a specific name • The compressed file has to have a signature using a method that we have not determined at this time • The compressed file contains a disk image of the entire software environment

  32. Device SoftwareData Transmission - Transfer to Device • The host computer’s interface to the device will be the same as a standard storage device • To stop transmission of a file, the device will simply report a transfer error to the host • On-the-fly scanning through a FIFO buffer

  33. Device SoftwareData Transmission - Transfer to Host • Same on-the-fly scanning as previously mentioned • Stopping transmission of files and error message sent to host when a threat is identified

  34. Device SoftwareUser Alerts • Three LED’s – Red and bi-color Yellow/Green • Red is for errors and warnings • Yellow is for booting • Green is for ready-to-transfer and activity

  35. Device SoftwareUser Alerts (Continued) • Single Button Press logic • Single press clears threat found indicator • Press and hold enables and disables the bypass for the scanning system (for a single file) • During normal operation, the red LED should not come on

  36. User Software and GUI • Purpose • Displays viruses detected by USB Firewall to user • Updates ClamAV virus definitions • Resides on home computer

  37. GUI Screenshot • Simple, easy to use • Three main sections: • Infected Files • Virus Information • Update Software

  38. List of Viruses • Read from log file on device • virlog.txt • Data read: • Size, modification date of file • Name of virus caught • Type of virus • Action taken

  39. Product Updating • User downloads new image from website • User specifies path of file • File transferred over USB protocol to USB Firewall device • USB Firewall loads new software on reboot

  40. Closing • Malicious software pervades computer networks • Portable USB storage devices • Are not immune to malicious software • May contribute to the spread of malicious software • The USB Portable Firewall will: • Reduce transfer of malicious software • Contain 1GB portable flash storage • Alert the user of virus infection and transfer • Have upgradeable software • Be powered by USB power on the host computer

  41. Completed Design Rubric for USB Firewall

More Related