SBIR Phase I: GigaShield USB Security

Period of Performance: 01/01/2012 - 12/31/2012

$150K

Phase 1 SBIR

Recipient Firm

Gigashield Incorporated
5439 Edgehollow Place
Dallas, TX 75287
Principal Investigator, Firm POC

Abstract

This Small Business Innovation Research (SBIR) Phase I project will address the rapidly growing threats to endpoint security from attacks and data loss over Universal Serial Bus (USB). At present, virtually all USB security measures are located as software on the host or as a secured physical device. Neither of these approaches is truly capable of addressing the vulnerability as a whole - software solutions can be bypassed and a physical peripheral device cannot secure the data that is transmitted on the bus. The proposed technology is located external to the host, so it is capable of securing the entire bus. The specific technical objectives include the construction of a security device capable of stopping representative attacks in the USB threat model that are not solved by existing solutions. Such a device would enable a breakthrough improvement in the field of USB cybersecurity. The anticipated results for proposed research are to demonstrate that such a device can stop attacks and data loss without introducing prohibitive overhead. The broader impact/commercial potential of this project is understood by recognizing that it represents a disruptive change to USB security. USB security has become critical for many organizations, especially healthcare, financial, and defense institutions. The number of data loss incidents over USB has exploded with the availability of smart devices and tablets. USB attacks compromised Predator drones in 2011 using USB drives, and the Military has implemented USB bans, degrading productivity and increasing costs. Despite USB bans, attacks and data loss over USB continue due to workarounds and limitations of current solutions. The proposed technology will provide unprecedented levels of security to USB and a framework to build future security infrastructure. To stimulate continued innovations, the platform will be opened to the greater scientific and commercial community to develop the next generation of algorithms to stop attacks and data loss over USB. In addition, the device provides unparalleled access to USB data with a simple interface, so it can enable students and professionals to rapidly ramp up their understanding of USB without the currently necessary prerequisites of expensive hardware and proprietary software. The device can ultimately be integrated into computers, which would impact the security of every computer.