Securing promiscuous use of untrusted usb thumb drives in industrial control systems

Industrial Control Systems (ICS) are sensible targets for high profile attackers and advanced persistent threats, which are known to exploit USB thumb drives as an effective spreading vector. In ICSes, these devices are widely used to transfer files among disconnected systems and represent a serious security risks, since, they may be promiscuously used in both critical and regular systems. We show a method that adopts cryptographic techniques to inhibit critical machines from reading possibly malicious files coming from regular machines on untrusted USB thumb drives. Our approach exposes limited attack surface for any malware, even those based on zero-days. We do not require users to change the way they use removable storage devices, or to authenticate. Our approach can be adopted for disconnected machines and does not need complex key management. We describe the architecture of our solution and provide a thorough analysis of the security of our approach in the ICS context