Making USB drives secure
Memory Experts International has the key
Chris Mellor
May 12, 06
Recently an Intelligence
Services officer in Holland mislaid a portable USB security device. National
security was compromised. But it is so easy, isn't it, to lose thumb drives.
Another example: the Los
Angeles Times reported that a flash drive was on sale for $40 outside the Bagram airbase in Afghanistan. It apparently held
details of Afghan spies informing on the Taliban and Al Qaeda. Once again the
USB interface becomes an open portal to data loss.
The USB port and USB drives
have become symbols of just how easy it can be to lose data. At the same time
the need to transport data securely is always present and portable USB drives -
flash or hard disk-based - are so very convenient for this.
How can you protect data
accessible via a USB port? One way is to add application code, a processor and
dedicated memory to a portable USB device and so build a fortress around it.
This fortress can be used to protect the data within and to verify the identity
of the portable device carrier. By this means you can both prevent data loss if
the portable device is lost and also verify that the device carrier is
trustworthy to use your network.
Memory Experts International, an international business
with a London office, has built its Stealth MXP range of flash and Outbacker
MXP hard drive-based portable security products to achieve both aims.
The products
MXI's Stealth MXP products combines a 32-bit on-board
processor, MXI firmware and file system, biometric reader, dedicated memory and
hardware-based encryption to turn a USB drive into a data fortress. The carrier
is verified three ways, so-called three factor authentication, by having his or
her biometric and password credentials checked and by owning the device.
When the Stealth MXP is
plugged into a host computer's USB port this means that the carrier has to have
the device, factor 1, have a fingerprint read by the device, factor 2, and, and
provide a password, factor 3, before any data files can be found and accessed
on the device.
In effect, the Stealth MXP
device is a state-of-the-art portable security token. There are several
cryptographic services available: including random number generation; key
generation with internal or external entropy; AES symmetric
encryption/decryption; RSA asymmetric signing verification, encryption and
decryption; one-time password; and secure hash algorithms (SHA-1 and SHA-2).
The flash memory-based
Stealth MXP has data capacities from 128MB to 2GB. The Outbacker MXP uses a 1.8
inch hard drive and its capacities range of 20GB, 40GB or 60GB. A 2GB Stealth
MXP costs £323 and a 20GB Outbacker MXP costs £300.
Use
They are designed to be used by military and government agencies and Global
5000 businesses with either a need to securely verify the identity of traveling
officers and so allow them access to a network, or to securely transport highly
sensitive data such that if the device is lost or stolen the data is completely
out-of-reach.
The device can replace smart
cards, security tokens and traditional USB drives. It is a single, secure
container that can be used both to verify identities and transport encrypted
data.
There can be multiple digital
identities on the device. The carrier could plug it into their
own PC in their organization office and have full access to all the
resources on the network. When traveling and entering the network from outside
then the device could have a different identity used which allows restricted
access so as to reduce any vulnerability to external network access further.
For organizations that need to deploy hundreds if not thousands
of Stealth or Outbacker MXP products the Windows-based management suite allows
an administrator to add users quickly and easily with background tasks, such as
registering the device's assignation, carried out automatically. It is
straightforward to generate reports of what devices are in circulation and to
whom they have been issued.
This management facility
makes these products well-suited to enterprise, security service and military
use. There is a white paper describing identity verification concepts
available. We will be producing a product review of the hard drive-based
Outbacker MXP shortly.
Techworld