Making USB drives secure
Memory Experts International has the key
Chris Mellor May 12, 06
Recently an Intelligence Services officer in Holland mislaid a portable USB security device. National security was compromised. But it is so easy, isn't it, to lose thumb drives. Another example: the Los Angeles Times reported that a flash drive was on sale for $40 outside the Bagram airbase in Afghanistan. It apparently held details of Afghan spies informing on the Taliban and Al Qaeda. Once again the USB interface becomes an open portal to data loss.
The USB port and USB drives have become symbols of just how easy it can be to lose data. At the same time the need to transport data securely is always present and portable USB drives - flash or hard disk-based - are so very convenient for this.
How can you protect data accessible via a USB port? One way is to add application code, a processor and dedicated memory to a portable USB device and so build a fortress around it. This fortress can be used to protect the data within and to verify the identity of the portable device carrier. By this means you can both prevent data loss if the portable device is lost and also verify that the device carrier is trustworthy to use your network.
, an international business with a London office, has built its Stealth MXP range of flash and Outbacker MXP hard drive-based portable security products to achieve both aims.
MXI's Stealth MXP products combines a 32-bit on-board processor, MXI firmware and file system, biometric reader, dedicated memory and hardware-based encryption to turn a USB drive into a data fortress. The carrier is verified three ways, so-called three factor authentication, by having his or her biometric and password credentials checked and by owning the device.
When the Stealth MXP is plugged into a host computer's USB port this means that the carrier has to have the device, factor 1, have a fingerprint read by the device, factor 2, and, and provide a password, factor 3, before any data files can be found and accessed on the device.
In effect, the Stealth MXP device is a state-of-the-art portable security token. There are several cryptographic services available: including random number generation; key generation with internal or external entropy; AES symmetric encryption/decryption; RSA asymmetric signing verification, encryption and decryption; one-time password; and secure hash algorithms (SHA-1 and SHA-2).
The flash memory-based Stealth MXP has data capacities from 128MB to 2GB. The Outbacker MXP uses a 1.8 inch hard drive and its capacities range of 20GB, 40GB or 60GB. A 2GB Stealth MXP costs £323 and a 20GB Outbacker MXP costs £300.
They are designed to be used by military and government agencies and Global 5000 businesses with either a need to securely verify the identity of traveling officers and so allow them access to a network, or to securely transport highly sensitive data such that if the device is lost or stolen the data is completely out-of-reach.
The device can replace smart cards, security tokens and traditional USB drives. It is a single, secure container that can be used both to verify identities and transport encrypted data.
There can be multiple digital identities on the device. The carrier could plug it into their own PC in their organization office and have full access to all the resources on the network. When traveling and entering the network from outside then the device could have a different identity used which allows restricted access so as to reduce any vulnerability to external network access further.
For organizations that need to deploy hundreds if not thousands of Stealth or Outbacker MXP products the Windows-based management suite allows an administrator to add users quickly and easily with background tasks, such as registering the device's assignation, carried out automatically. It is straightforward to generate reports of what devices are in circulation and to whom they have been issued.
This management facility makes these products well-suited to enterprise, security service and military use. There is a describing identity verification concepts available. We will be producing a product review of the hard drive-based Outbacker MXP shortly.