WhiteN USB Threats Neutralizer

Filtering of USB devices by class and whitelisting

WhiteN® possesses a minimalistic USB stack, with only three device classes being supported:

  • HID, Human Interface Device (e.g. keyboard)
  • CCID, Chip/Smart Card Interface Device (e.g. smartcard reader)
  • MSC, Mass Storage Class (e.g. USB flash drive)

In addition, the whitelist mechanisms implemented at the core of the USB stack authorize only certain, pre-identified USB devices (e.g. one single keyboard, one single mouse…).

Consequently, any USB device that has not been explicitly authorized will be blocked (e.g. a network interface device or a webcam, which the operator is not authorized to use).

Furthermore the sensitive parametering capability of WhiteN® makes it possible to implement advanced heuristics, such as the automatic blocking of a second keyboard or the explicit authorization by the user of each peripheral device detected.

  • Refusal of access & installation of unrecognized peripheral equipment
  • Protection against attacks by keyboard emulation or peripheral device usurpation through malware (e.g. BadUSB)

WhiteN, neutralisation of USB threats | Fonctional Schema

Safety & format checks

WhiteN® checks the removable device for viruses and other malware and also the conformity of the files that it contains (e.g. to detect the modification of a .pdf extension to .txt).

Any malicious or non-authorized content is immediately quarantined.

Confinement of the peripheral environment

Even if an attacker succeeds in stealing the identity of an authorized equipment user, the scope of harm that can be caused is severely restricted by the partitioning mechanisms used by WhiteN®.

The architecture of WhiteN® is able to perform a strict separation of roles and in addition it isolates user environments from administrator environments. A malicious peripheral device would have no more rights than the authorized user and would be unable to gain access to other privileges or to break through partitions to other environments.