Team May07-10
April 24, 2007
Introduction
Project Team Information

Team Members






Jason Erbskorn
Tim Polehna
Aaron Sartor
Aaron Thoeming
Jared Wachter
Advisor
 Dr. Thomas Daniels

Clients
 Dr. John W. Lamont
 Ralph Patterson III
Introduction
Presentation Outline

Introduction
 Jason Erbskorn

Design Overview
 Jared Watcher

Project Activities
 Aaron Thoeming
 Tim Polehna
 Aaron Sartor

Resources and Schedules
 Aaron Sartor

Closing Materials
 Jason Erbskorn
Introduction
What Are We Designing?
+
USB Flash Drive
 Transparent Anti-Virus

Introduction
Selected Definitions

Foreign computer – A computing machine
that the user does not own and of which the
security status is unknown

Home computer – A computing machine
that the user owns, operates, and of which
the security status is generally known
Project Overview
Project Requirements
 USB
storage device
 Upgradeable firmware
 Block viral transmissions to the host
computer
 Protect system software integrity
 Inform the user of malicious attacks
Project Overview
Operating Environment
 Indoor
environment
 0ºC to 70ºC ambient temperature
 10% to 90% relative humidity
Project Overview
Intended Users
 Own
a personal computer
 Want to use a portable USB storage
device on foreign computers
 Desire to keep home computers
and/or network virus free
Project Overview
Assumptions
 Home
computer
 Available USB 1.1/2.0 port
 Microsoft Windows 2000/XP
 USB Portable Firewall utility installed
 Foreign
computer
 Available USB 1.1/2.0 port
Project Overview
Limitations
 Virus detection
 Cannot detect all malicious attacks
 USB 1.1 protocol
 12Mb/s data rate
 2.5W max power draw
 Device interface to host
 Budget
 $150 maximum plus donations
Project Overview
Design Constraints

Device software
 Linux 2.6.20
 Clam Antivirus 0.90.2
 GNUPG 1.4.7

GUI host software
 Windows 2000/XP
 .NET 2.0 Framework
Gumstix USB powered hardware
Size of flash memory MP3 player
 1GB flash memory storage


Project Overview
Primary Deliverable

USB Portable Firewall Overall System
Project Overview
Other Deliverables

Software Utility
 Updates device firmware image
 Information on malicious attack prevention

Documentation
 Project plan
 End-product design report
 Project poster
 Final report
 User Manual
 Website
Project Activities
Present Accomplishments

Completed
 Project documentation
 Hardware assembly
 Software utility
 Build image

Incomplete
 Scanning algorithm
 Kernel integration
 Testing
Project Activities
Approaches Considered

GUI Software Utility
 C, C++, Java programming language

Scanning Algorithm
 Read/Write, File Transfer Protocol

Hardware
 ConnectCore 9U, TS-7400

Anti-virus System
 Open Anti-Virus, Norton AV

Kernel Integration
 Direct placement into driver
Project Activities
Motherboard






400MHz Intel XScale PXA225 microprocessor
16MB onboard flash memory
64MB 100MHz onboard SDRAM
Expansion board support
RS-MMC flash media support
1W power requirement
Project Activities
Expansion Boards

Implementation



Type A male USB port
USB 1.1 standard
USB power delivery

Development



RS-232 serial port
Two expansion connectors
DC power delivery
Project Activities
Component Assembly
Project Activities
Final Hardware Implementation
Project Activities
Software Build Image

Buildroot environment
 Micro C library based system
○ Stripped down to bare minimum
 Designed for gumstix hardware

x86  ARM cross-compile toolchain
 Linux 2.6.20
 ClamAV 0.9.2
 GnuPG 1.4.7
Project Activities
USB Communication


Any Host PC
PXA255 base driver
USB Gadget layer
Windows OS
Standard
USB Storage
Driver
Storage
Controller
USB Host
Interface
USB Firewall
Driver &
Software
USB Device
Interface
 File Backed Storage

USB Mass Storage Class
Host PC
Storage Device
 Native OS support

Driver  Scanner
 /proc interface
USB Portable Firewall
FAT32
Storage
Project Activities
Start-Up Procedure
Kernel loads
 Boot script executed

 Device not available
until script finishes
 Software updates
occur at boot time
 Visual confirmation
that device has
finished booting
Start-Up
Does New File in
Update Directory Exist?
Yes
Check update file
signature
No
Is file signature
valid?
No
Send USB Generic
Storage Volume
Control Message
Yes
Replace existing
definitions with the
decrypted
Project Activities
Scanning System - Transfer to Device


Updates FAT indexing array for virus scanning
System software inherently protected by Gadget API
USB
Command
Decoding
LBA#
LbaToCluster()
Cluster#
ClusterNum <
RootDirNum
Yes
UpdateClusterArray()
No
MakeDirty()
USB
Command
Processing
Project Activities
Scanning System - Transfer to Host

Scan entire file before sending the pieces of it
 Intercept file system requests to read blocks of data
 Report transfer error to host if virus found
USB
Command
Decoding
LBA#
LbaToCluster()
Cluster#
No
IsDirty()
FirstCluster#
Yes
ScanFile()
GetFileInfo()
USB
Command
Processing
SendTxFailure()
MarkClean()
Project Activities
Functional Alerts
Yellow LED – Transfer Activity
 Green LED – Device Ready

Startup
LED’s OFF
Mount
Unmount
Ready
LED’s OFF
Green LED ON
Transfer Command Received
Transferring
Yellow LED Flash
Shutdown
File Transfered
Project Activities
Override System
Red LED – Override Indicator
 Single switch logic

 Enables/disables scanning system
Red LED Off
Switch Off
Switch On
Red LED On
Project Activities
GUI – Overview

Designed in C# language
 .NET Framework 2.0



Used on home computer
Displays detected infected
files information
Anti-virus definition updating
Project Activities
GUI – Infected Files / Virus Information
 Reads
from log file on device
 Infected file
 Name
 Size
 Modification date
 Virus
information
 Name of virus
 Type of virus
 Action taken
Project Activities
GUI – Device Updating
User downloads new update image
 User specifies path of downloaded file
 Utility transfers file to device
 Device loads new software on next boot

Project Activities
Verification and Validation
 Device
performance
 Board Power-On Self Test (POST)
 USB device-host connection test
 Virus detection test
 Override function test
 Firmware update test
 Faculty
advisor test validation
Resources and Schedules
Personnel Hour Requirements
Team Member
Task
Total
1
2
3
4
5
6
7
8
Jason Erbskorn
5
14
38
57
15
12
15
55
211
Tim Polehna
5
19
42
62
18
8
10
45
209
Aaron Sartor
5
9
31
55
17
15
14
57
203
Aaron Thoeming
6
13
29
42
23
23
12
48
196
Jared Wachter
6
13
39
61
17
14
12
42
204
27
81
179
277
90
72
63
247
1023
Total
Resources and Schedules
Financial Requirements
Item
W/O Labor
With Labor
a. Basix 400xm Motherboard
$130.00
$130.00
b. Serial Cable
$12.00
$12.00
c. AC Power Adapter
$10.00
$10.00
d. MMC RS 1GB Flash Card
$60.00
$60.00
Donated
Donated
f. Thumbstix Base Board
$28.00
$28.00
g. Tweener Board
$20.00
$20.00
h. Screws and Spacers kit
$4.00
$4.00
i. Miscellaneous Parts
$20.00
$20.00
$284.00
$284.00
Parts & Materials
e. Project Poster & Printing
Subtotal
Resources and Schedules
Financial Requirements (contd.)
Service Usage & Work
W/O Labor
With Labor
Donated
Donated
$65.00
$65.00
$65.00
$65.00
a. Jason Erbskorn
$0.00
$3,165.00
b. Tim Polehna
$0.00
$3,135.00
c. Aaron Sartor
$0.00
$3,045.00
d. Aaron Thoeming
$0.00
$2,940.00
e. Jared Wachter
$0.00
$3,060.00
$0.00
$15,345.00
$349.00
$15,694.00
a. Development PC usage
b. Poster and Reports
Subtotal
Labor at $15/Hour
Subtotal
Total
Resources and Schedules
Schedule of Work
Resources and Schedules
Deliverables Schedule

Final dates on tasks represent deliverable due dates
Closing Materials
Project Evaluation
Project Aspect
Project Definition
Rating
100%
Technology Research & Selection 100%
Hardware Design
100%
Build Image Design
100%
Scanning System Design
75%
GUI Utility Software Design
100%
Design Integration
33%
Verification & Validation
50%
Production Documentation
100%
Closing Materials
Commercialization

Demand for secure computing
 U3 technology by Kingston and SanDisk

Current advantages
 Independence from host machine

Current shortcomings
 Needs major refinement to be market viable
○ Better appearance and portability
○ More robust software and hardware
 Needs cost reduction to compete in market
Closing Materials
Additional Work

Software
 Write dedicated USB Gadget driver
 Research more effective scanning method
 Better integration with ClamAV

Hardware
 Larger storage space
 More attractive case design
 Custom hardware platform
 Cheaper hardware components
Closing Materials
Lessons Learned

Project is very large in size
 Requires stages for optimum completion
 Good research base provided by this project
Hardware solution was time consuming
 Cross compiling is very difficult
 Scanning during write is difficult
 Direct integration into Linux kernel difficult

Closing Materials
Risk Management

Anticipated Risks
 Limited hardware development time
 Lack of open-source documentation
 Malfunction of software dependencies

Encountered Risks
 Major problems during kernel integration
 Multiple cross-compilation failures
 USB doesn’t write data blocks concurrently
Closing Materials
Closing Summary


Malicious software pervades computer networks
Portable USB storage devices
 Not immune to malicious software
 May contribute to spread of malicious software

USB Portable Firewall
 Contains 1GB portable flash storage
 Reduces transfer of malicious software
 Alerts the user of virus infection and transfer
 Comes with updatable software
 Powered by USB power on the host computer
Closing Materials
Question and Answer