usbk overview ver:1.0, 8 february 2011. usb sticks 350 million usb sticks are in use worldwide 155...
Post on 28-Jan-2016
216 Views
Preview:
TRANSCRIPT
USBKOverview
Ver:1.0, 8 February 2011
USB Sticks
350 million USBSticks are in useworldwide
• 155 million USB sticks were sold in 2008 and sales reached to 174 million in 2009 *
* Gartner Inc. 2009 research report
Ver:1.0, 8 February 2011
USB Sticks• Compatibility on most platform
the widespread usage of them for both transporting and storing data
have resulted in,
• Storing vast amount of data• Ease of use
• Mobility
• Physically small size
Ver:1.0, 8 February 2011
Popularity at work
• 86% of enterprisesuse USB Sticks to store and exchange data
• Rate of carrying confidential company data on USB Sticks is %51
Ver:1.0, 8 February 2011
Risks exposed on USB Sticks
TheftTheft LossLoss Disclosure of Sensitive DataDisclosure of
Sensitive Data
Data stored on unsecure, standard USB sticks means that data is constantly at risk for falling into wrong hands
Res
ult
Res
ult
Ver:1.0, 8 February 2011
Reality with Numbers *
Store confidential data on USB Sticks
Not reporting the lost devices immediately
*Ponemon Institute 2009
Lost with data
Not reported
Yes
Yes
Ver:1.0, 8 February 2011
ISO/IEC 27001
For ISO/IEC 27001 certified companies, data security in removable media is not only a corporation option, it is a must
Ver:1.0, 8 February 2011
Solution
Security is possible without giving up “ mobility” benefit.
Well-known and most popular way isencryption of data with strong algorithm
Ver:1.0, 8 February 2011
AES (Advanced Encryption Standard)
AES is the first publicly accessible and open encryption algorithm approved by the NSA* for top secret information
* NSA: National Security Agency
Currently, it is typically implemented in both software- based and hardware-based security solutions.
Ver:1.0, 8 February 2011
Software programs employing AES encryption
Software-based Solutions
Ver:1.0, 8 February 2011
Risk with Software-based Solutions
Risk Description
No ease of Plug & Play facility
Driver installation on the host PC required, potentially a security risk
Leaves “footprint” on computer
Encryption is dependent on host PC which is leaving behind software footprints
Difficult to prevent “Brute Force Attack”
Brute force attacks guess the password or the encryption key. Software implementations can not thwart these attacks efficiently since they must use the host’s memory to store intermediate results, including the number of login/decryption attempts counter
Difficult to prevent “Parallel Attack”
A parallel attack is a brute force attack variant in which the attacker copies the encrypted data from the stolen USB stick, shares the data with as many computers as possible that are under his/her control, and then puts them to work in parallel to guess the password offline and unlock the encrypted data. By nature and design, software implementations can not prevent the attacker from easily copying the encrypted file from the USB stick and initiating a parallel offline attack.
Ver:1.0, 3 December 2010
DisadvantageDisadvantageAdvantageAdvantage
Needs software installation Depends on Operating
System and its security Open and Easy to Attacks
(Brute Force, Parallel) Weak, uses common
memory or RAM to encryption keys
Needs software installation Depends on Operating
System and its security Open and Easy to Attacks
(Brute Force, Parallel) Weak, uses common
memory or RAM to encryption keys
“Usage of existing USB stick” provides “low-cost” solution
“Usage of existing USB stick” provides “low-cost” solution
• At first this may look like a convenient and low-cost way. But, this solution is flawed and will be expensive in the long run because of its vulnerability!R
esu
ltR
esu
ltSoftware-based Solutions
Ver:1.0, 8 February 2011
Secure USB Flash Drive solutions with AES encryption
Hardware-based Solutions
Ver:1.0, 8 February 2011
Hardware-based is more secure
Benefit Description
Ease of Use ( plug&play)
It does not require driver installation, nor any other type of software installation on the host PC
No “footprint” No need of driver or software installation keeps the encryption independent of the PC while not leaving behind footprints.
Encryption keys are securely stored
Not using RAM or other common memory space to store encryption keys, and by the fact that the keys never leave the hardware
Possible to prevent “Brute Force Attack”
Access control and encryption are implemented by a dedicated chip located in hardware. When hackers run a brute force program on the host computer, this chip counts the number of attempts and destroy encryption keys after a predefined limit is reached.
Ver:1.0, 8 February 2011
Price ComparisonCapacity Standard USB
Stick (Unit Price)
AES-Encrypted Secure USB Sticks
(Unit Price)
2 GB 9 USD 38 USD
4 GB 15 USD 40 USD
8 GB 24 USD 49 USD
16 GB 50 USD 76 USD
32 GB 75 USD 134 USD
64 GB 140 USD 270 USD
* Patriot Bolt is referans for prices
The price difference is so high when compared. Encrypted USB sticks are more expensive than standard ones.
Ver:1.0, 8 February 2011
Hardware-based SolutionsDisadvantageDisadvantageAdvantageAdvantage
Standard Capacity. Sold in 2GB,4GB,8GB etc. limited capacity
Expensive. Price difference is so high when compared with price of standard USB sticks.
Standard Capacity. Sold in 2GB,4GB,8GB etc. limited capacity
Expensive. Price difference is so high when compared with price of standard USB sticks.
Ease of use (Plug & Play) Encryption keys are stored in a chip
on hardware and never exported to host PC
Strength to attacks, possible to prevent
More secure than software-based
Ease of use (Plug & Play) Encryption keys are stored in a chip
on hardware and never exported to host PC
Strength to attacks, possible to prevent
More secure than software-based
• Secure but expensive !
Res
ult
Res
ult
Ver:1.0, 8 February 2011
There is always a better way!
Ver:1.0, 8 February 2011
Difference
Hardware-based Security
Using low-cost, standard USB
Sticks
The advantages of both solutions are gathered
Ver:1.0, 8 February 2011
Encryption Device featuring two USB ports, which provides encrypted link between host PC and peripheral USB Sticks / External Harddisks
What is ?
Ver:1.0, 8 February 2011
On-the-fly Encryption
Original Data
(Plain Text) Encrypted Data
AES Key
Host PCUSB Stick / External Harddisk
Ver:1.0, 8 February 2011
Function
• turn standard USB sticks and even external harddisks into portable safe• secure transporting data with AES encryption strength
%100 Security with AES-128bit%100 Security
with AES-128bit
Ver:1.0, 3 December 2010
It is a unique device as you can purchase today, that offers 128-bit AES hardware-based encryption, but without any internal storage area
is not an encrypted USB Stick!
Ver:1.0, 8 February 2011
Data Stored in USB Disks
USB Sticks / External Harddisks are used as data storage area
Host PCUSB Stick / External Harddisk
Ver:1.0, 8 February 2011
Secure but limited storage capacity
- Unlimited Capacity
16GB
USB Stick
32GB
USB Stick
Secure and “in any capacity”
USB External Harddisk
Ver:1.0, 8 February 2011
1- ∞ UsageMore than one USB Stick / External harddisk can be used with the same USBK
Host PC
Your USB stickAnother oneOther one
Ver:1.0, 8 February 2011
Cost Effective
Encryption Cost per GByte reaches to 0$
As not limited in anyway,
Ver:1.0, 8 February 2011
128-bit AES Hardware-based Encryption%100 of data is protected by hardware- based encryption
Encrypted Data
Host PCUSB Stick / External Harddisk
Original Data
(plain text)
Ver:1.0, 8 February 2011
Most secure AES mode -CBC mode• Most solutions in market use ECB (Electronic Code Book) mode.It encrypts the blocks to look exactly the same.
• uses CBC (Cipher Block Chaining), the most secure mode and is preferred by both NIST and NSA
Original Data ECB mode CBC mode
Ver:1.0, 8 February 2011
User ID Verification
Password:
User password is used to prevent unauthorized access
********
Host PCUSB Stick / External Harddisk
Ver:1.0, 8 February 2011
Secure
Password:******** Wrong Password
AES keyPassword
After 3 wrong password attempts, completely erases AES keys and user password
Host PCUSB Stick / External Harddisk
Ver:1.0, 3 December 2010
Easy to Use No need to install driver or software on PC, it runs automatically (Auto-Run property)
Ver:1.0, 8 February 2011
Graphic User Inteface (GUI)Management Software deployed on USBK supplies GUI (Graphic User Interface) for encryption keys and password
Ver:1.0, 3 December 2010
Multiple Key Option * Customize your privacy policy by creating different encryption keys for your work and personal data
* Available on model A103 and can be created up to 3 different encryption keys
Host PC
Key1work
workKey 2
Ver:1.0, 8 February 2011
Oscilloscope
Independent of Operating SystemDue to “Auto-Activation” property, possible to use on test & measurment equipments such as oscilloscope, EKG, etc.
Host PC
Ver:1.0, 8 February 2011
Technical SpecificationsSecurity Features
Encryption Algorithm 128 bit-AES (Advanced Encryption Standard)
Encryption Method Hardware- based encryption
AES Mode CBC (Cipher Block Chaining) mode
AES Key User initiated or random key generator
Number of AES keys 1 (for A101 model)3 (for A103 model)
User Authentication Password (min 4 –max 16 characters)
Failed Password Procedure
Return back to factory settings after 3 wrong password attempts
System & Peripheral Features
USB USB 2.0 High Speed (USB 1.1 backward support) Plug&Play
Driver & Software Requirements
No need to install driver & Pop-up GUI for Windows (.net framework dependent)
Ver:1.0, 8 February 2011
Summary with pictures
Ver:1.0, 8 February 2011
Ver:1.0, 8 February 2011
top related