Authorizing USB Storage Devices

To learn more about the Linux kernel, I decided to modify the Linux USB storage driver as a project for an operating systems class. The modified kernel module checks the serial number on a USB storage device, and only allows authorized devices to be connected.

Click on an image to enlarge.

Only authorized USB storage devices are allowed to connect. This means that sensitive data cannot be copied out to arbitrary flash drives or external hard drives. It can also prevent malicious data from getting onto secure machines from unknown sources.

I downloaded version 3.12.0 of the Linux kernel source code. All modifications were done in drivers/usb/storage. I installed the kernel on my system (Ubuntu 13.04), and used the insmode and rmmod commands to load/unload the modified driver. Also, the printk function came in handy to log output from the kernel code, viewable with the dmesg command.

The original plan was to read a file containing valid serial numbers in the get_device_info function of the usb.c file. However, as I learned, it is bad to read files at the kernel level. Thus, I instead used module parameters (passed with the insmod command) to give the module a list of authorized serial numbers. If a device was inserted that did not have a valid serial number, the get_device_info function would return -ENODEV, causing the clean-up routine to get executed, and the device never connected.

The serial numbers were kept in a file (a script was used to pass them in as parameters to the module as it was loaded). To make sure the serial numbers could not be compromised and copied onto an unauthorized USB device, they were encrypted using a SHA1 hash. The kernel code then encrypted the serial number of the device which was plugged in, and compared the hashes instead of the raw values.

I tested the modified module with four devices: two USB flash drives, at 4GB and 8GB, and two external hard drives, at 500GB and 1TB. The module successfully rejected all unauthorized devices, while letting all valid devices connect normally with no performance loss.

As possible future work for this project, it would be great to have the modified driver be loaded at system boot. I would also like to test the implementation with USB 3.0 devices. Finally, it would be nice to use this idea to prevent any unauthorized wireless devices from gaining access to the system.

Back to Top