USBK Overview Ver:1.0, 8 February 2011
USB Sticks 350 million USB Sticks are in use worldwide 155 million USB sticks were sold in 2008 and sales reached to 174 million in 2009 * * Gartner Inc research report Ver:1.0, 8 February 2011
USB Sticks Compatibility on most platform the widespread usage of them for both transporting and storing data have resulted in, Storing vast amount of data Ease of use Mobility Physically small size Ver:1.0, 8 February 2011
Popularity at work 86% of enterprises use USB Sticks to store and exchange data Rate of carrying confidential company data on USB Sticks is %51 Ver:1.0, 8 February 2011
Risks exposed on USB Sticks Theft Loss Disclosure of Sensitive Data Data stored on unsecure, standard USB sticks means that data is constantly at risk for falling into wrong hands Result Ver:1.0, 8 February 2011
Reality with Numbers * Store confidential data on USB Sticks Not reporting the lost devices immediately * Ponemon Institute 2009 Lost with data Not reported Yes Ver:1.0, 8 February 2011
ISO/IEC For ISO/IEC certified companies, data security in removable media is not only a corporation option, it is a must Ver:1.0, 8 February 2011
Solution Security is possible without giving up “ mobility” benefit. Well-known and most popular way is encryption of data with strong algorithm Ver:1.0, 8 February 2011
AES ( Advanced Encryption Standard ) AES is the first publicly accessible and open encryption algorithm approved by the NSA* for top secret information * NSA: National Security Agency Currently, it is typically implemented in both software- based and hardware-based security solutions. Ver:1.0, 8 February 2011
Software programs employing AES encryption Software-based Solutions Ver:1.0, 8 February 2011
Risk with Software-based Solutions RiskDescription No ease of Plug & Play facility Driver installation on the host PC required, potentially a security risk Leaves “footprint” on computer Encryption is dependent on host PC which is leaving behind software footprints Difficult to prevent “Brute Force Attack” Brute force attacks guess the password or the encryption key. Software implementations can not thwart these attacks efficiently since they must use the host’s memory to store intermediate results, including the number of login/decryption attempts counter Difficult to prevent “Parallel Attack” A parallel attack is a brute force attack variant in which the attacker copies the encrypted data from the stolen USB stick, shares the data with as many computers as possible that are under his/her control, and then puts them to work in parallel to guess the password offline and unlock the encrypted data. By nature and design, software implementations can not prevent the attacker from easily copying the encrypted file from the USB stick and initiating a parallel offline attack. Ver:1.0, 3 December 2010
Disadvantage Advantage Needs software installation Depends on Operating System and its security Open and Easy to Attacks (Brute Force, Parallel) Weak, uses common memory or RAM to encryption keys Needs software installation Depends on Operating System and its security Open and Easy to Attacks (Brute Force, Parallel) Weak, uses common memory or RAM to encryption keys “Usage of existing USB stick” provides “low-cost” solution At first this may look like a convenient and low-cost way. But, this solution is flawed and will be expensive in the long run because of its vulnerability! Result Software-based Solutions Ver:1.0, 8 February 2011
Secure USB Flash Drive solutions with AES encryption Hardware-based Solutions Ver:1.0, 8 February 2011
Hardware-based is more secure BenefitDescription Ease of Use ( plug&play) It does not require driver installation, nor any other type of software installation on the host PC No “footprint”No need of driver or software installation keeps the encryption independent of the PC while not leaving behind footprints. Encryption keys are securely stored Not using RAM or other common memory space to store encryption keys, and by the fact that the keys never leave the hardware Possible to prevent “Brute Force Attack” Access control and encryption are implemented by a dedicated chip located in hardware. When hackers run a brute force program on the host computer, this chip counts the number of attempts and destroy encryption keys after a predefined limit is reached. Ver:1.0, 8 February 2011
Price Comparison CapacityStandard USB Stick (Unit Price) AES-Encrypted Secure USB Sticks (Unit Price) 2 GB9 USD38 USD 4 GB15 USD40 USD 8 GB24 USD49 USD 16 GB50 USD76 USD 32 GB75 USD134 USD 64 GB140 USD270 USD * Patriot Bolt is referans for prices The price difference is so high when compared. Encrypted USB sticks are more expensive than standard ones. Ver:1.0, 8 February 2011
Hardware-based Solutions Disadvantage Advantage Standard Capacity. Sold in 2GB,4GB,8GB etc. limited capacity Expensive. Price difference is so high when compared with price of standard USB sticks. Standard Capacity. Sold in 2GB,4GB,8GB etc. limited capacity Expensive. Price difference is so high when compared with price of standard USB sticks. Ease of use (Plug & Play) Encryption keys are stored in a chip on hardware and never exported to host PC Strength to attacks, possible to prevent More secure than software- based Ease of use (Plug & Play) Encryption keys are stored in a chip on hardware and never exported to host PC Strength to attacks, possible to prevent More secure than software- based Secure but expensive ! Result Ver:1.0, 8 February 2011
There is always a better way! Ver:1.0, 8 February 2011
Difference Hardware-based Security Using low-cost, standard USB Sticks The advantages of both solutions are gathered Ver:1.0, 8 February 2011
Encryption Device featuring two USB ports, which provides encrypted link between host PC and peripheral USB Sticks / External Harddisks What is ? Ver:1.0, 8 February 2011
On-the-fly Encryption Original Data (Plain Text) Encrypted Data AES Key Host PC USB Stick / External Harddisk Ver:1.0, 8 February 2011
Function turn standard USB sticks and even external harddisks into portable safe secure transporting data with AES encryption strength %100 Security with AES-128bit Ver:1.0, 3 December 2010
It is a unique device as you can purchase today, that offers 128-bit AES hardware- based encryption, but without any internal storage area is not an encrypted USB Stick! Ver:1.0, 8 February 2011
Data Stored in USB Disks USB Sticks / External Harddisks are used as data storage area Host PC USB Stick / External Harddisk Ver:1.0, 8 February 2011
Secure but limited storage capacity - Unlimited Capacity 16GB USB Stick 32GB USB Stick Secure and “in any capacity” USB External Harddisk Ver:1.0, 8 February 2011
1- ∞ Usage More than one USB Stick / External harddisk can be used with the same USBK Host PC Your USB stick Another one Other one Ver:1.0, 8 February 2011
Cost Effective Encryption Cost per GByte reaches to 0$ As not limited in anyway, Ver:1.0, 8 February 2011
128-bit AES Hardware-based Encryption %100 of data is protected by hardware- based encryption Encrypted Data Host PC USB Stick / External Harddisk Original Data (plain text) Ver:1.0, 8 February 2011
Most secure AES mode -CBC mode Most solutions in market use ECB (Electronic Code Book) mode.It encrypts the blocks to look exactly the same. uses CBC ( Cipher Block Chaining), the most secure mode and is preferred by both NIST and NSA Original Data ECB modeCBC mode Ver:1.0, 8 February 2011
User ID Verification Password: User password is used to prevent unauthorized access ******** Host PC USB Stick / External Harddisk Ver:1.0, 8 February 2011
Secure Password: ******** Wrong Password AES key Password After 3 wrong password attempts, completely erases AES keys and user password Host PC USB Stick / External Harddisk Ver:1.0, 3 December 2010
Easy to Use No need to install driver or software on PC, it runs automatically (Auto-Run property) Ver:1.0, 8 February 2011
Graphic User Inteface (GUI) Management Software deployed on USBK supplies GUI (Graphic User Interface) for encryption keys and password Ver:1.0, 3 December 2010
Multiple Key Option * Customize your privacy policy by creating different encryption keys for your work and personal data * Available on model A103 and can be created up to 3 different encryption keys Host PC Key1 work Key 2 Ver:1.0, 8 February 2011
Oscilloscope Independent of Operating System Due to “Auto-Activation” property, possible to use on test & measurment equipments such as oscilloscope, EKG, etc. Host PC Ver:1.0, 8 February 2011
Technical Specifications Security Features Encryption Algorithm128 bit-AES (Advanced Encryption Standard) Encryption MethodHardware- based encryption AES ModeCBC (Cipher Block Chaining) mode AES KeyUser initiated or random key generator Number of AES keys1 (for A101 model) 3 (for A103 model) User AuthenticationPassword (min 4 –max 16 characters) Failed Password Procedure Return back to factory settings after 3 wrong password attempts System & Peripheral Features USBUSB 2.0 High Speed (USB 1.1 backward support) Plug&Play Driver & Software Requirements No need to install driver & Pop-up GUI for Windows (.net framework dependent) Ver:1.0, 8 February 2011
Summary with pictures Ver:1.0, 8 February 2011