Flash Drive Security

Handy devices are increasingly popular with
military and other users but need special
features to protect sensitive data.

by Karen E. Thuermer, MIT Correspondent

“Today, everyone is using flash drives,” said Doron Peri, product manager of SanDisk Enterprise, a global leader in flash memory devices for the enterprise market. “Flash drives make everyone, including military personnel, very mobile.”

“Portable flash drives, with their evergrowing storage capacity, have become ubiquitous in many computing environments as the preferred removable storage for data in transit,” observed Jyh Chau, senior product manager at Lexar.

The military, in particular, has adopted the use of thumb drives, given their portability and ease of use. But flash drives can also be easily lost or stolen. “There is always a risk that users may lose their flash drives or have the drives stolen because of their small physical size,” Chau warned. “This may expose the organizations and government agencies they represent to severe regulatory and/or financial implications should the confidential data be compromised.”

One recent report highlighted how personnel who utilize thumb drives that contain military records and sensitive material can lose them. According to a story published by the Los Angeles Times, there have been thefts from the U.S. military in Afghanistan, with memory sticks found on sale at the bazaar outside Bagram Air Base containing intelligence data.

The problem has become so widespread that the Army put out a training pamphlet called “New Technology, New Threats” to advise soldiers to protect their flash drives and treat the devices, if stolen, as a security threat.

Indeed, as this article was going to press, news reports indicated that the military services were issuing internal memos banning use of flash drives on Department of Defense networks. Although DoD spokesmen declined to confirm the reports, the news underscored flash-drive security concerns, in particular relating to the possibility of a virus getting into networks through the devices.

“Data breaches are becoming everyday high-profile news items, and there are significant potential damages in the aftermath of a breach,” Peri said. “The risk is twofold. There’s the risk of data being stolen as well as data being accessed by anyone who finds a lost flash drive. There’s also the risk of malware being infected, or viruses that could infect USB flash drives and be introduced to the corporate network.”

MALWARE PROTECTION

Because of that dual threat, SanDisk, which holds 21 percent of the USB flash drive market, has developed SanDisk Cruzer Enterprise, a secure flash that protects users from data leaks. In addition, users can also get anti-malware protection from McAfee that protects from both known and unknown threats. The drives are expected to be available next year.

“SanDisk Cruzer Enterprise is an ideal solution for the mobile work force and for IT departments concerned with data security, because it allows employees to have access to data everywhere and yet be fully protected,” said Roy Ramati, vice president and general manager, Enterprise Division at SanDisk. “Adding McAfee’s technology to our security solutions for the enterprise enables our customers to extend their security perimeter to mobile storage.”

The drives protect users from infection with an automatic anti-malware scan that prohibits file transfers to the secure USB drive when it detects infection on a host computer.

“Malware, short for malicious software, is a program that is intended to disrupt a computer system by introducing a harmful code such as a virus, worm or Trojan horse,” Peri explained.

The addition of McAfee Scan Engine and virus definition files prevents malware from attaching itself to the portable drive and in turn, infecting the internal enterprise host. The scan engine examines every file saved or copied to the secure USB flash drive.

SanDisk Cruzer Enterprise USB flash drives also have the ability to run RSA SecurID software tokens from RSA, the security division of EMC. The “two-forone” solution gives users a single device for secure data storage and two-factor authentication, thus offering an alternative to carrying both a flash drive and a separate hardware authenticator.

“The software tokens have two-factor authentication capabilities for remote and mobile network access,” Peri explained. “It requires a one-time pass code generated on the drive, used with or without a PIN, and the drive’s password. It uses time-based synchronization and generates a new six-digit number to enter every 60 or 120 seconds.”

SanDisk Cruzer Enterprise flash drives protect all files with advanced hardwarebased 256-bit AES encryption. Users are required to create a complex password during the setup process. The combination of USB encryption and password protection makes it virtually impossible for unauthorized users to access data if the drive is lost or stolen.

SanDisk Central Management & Control server software provides life cycle management for Cruzer Enterprise drives, including password recovery and renewal through the network, remote termination of lost drives, central backup and restore, and central usage tracking. This means data is not lost when a drive is lost, and IT administrators can provision a replacement flash drive with user files stored on the network.

The system represents an ideal solution for warfighters who need to travel light and yet have data access, Peri argued, as well as for IT departments that are concerned with data security and regulatory compliance challenges.

ENCRYPTED DRIVES

Other thumb drive manufacturers offer encryption solutions to make their portable storage devices more secure. “Encryption provides the second level of data protection if password authentication is somehow bypassed,” Chau pointed out.

For example, encryption prevents data from being compromised even if an intruder is able to extract data directly from the memory chip. The extracted content is not intelligible without the correct encryption key, which is stored on a tamper-proof smart card.

“The two levels of protection are definitely important for the military to prevent similar incidents as those described by the Los Angeles Times,” said Chau.

There are downsides to encryption, although they represent its advantages as well. The biggest is password access control. This prevents access to stored data until the user provides the correct password through a login process. Users of encrypted flash drives need to perform the required step of password authentication before access is granted to stored data. A non-secure drive makes data accessible when the drive is connected.

“Sound security implementations do not provide backdoor access,” Chau said. “This means if users forget or lose their login password, the stored data on the flash drives cannot be extracted, even by legitimate owners.”

Consequently, Lexar is offering the JumpDrive SAFE S3000, an advanced USB flash drive that protects up to 16 GB of data with proven smart card technology.

“The tamper-proof smart card processor manages all sensitive device operations and also generates and stores the cryptographic key used to encrypt and decrypt user data,” Chau explained.

The product’s epoxy-filled, tamper-resistant housing prevents physical tampering of the device, meeting both FIPS 140-2 Level 3 and MILSTD- 810F specifications.

Since all critical functions and cryptographic keys are managed from within the secure environment of the smart card module, Jump- Drive SAFE S3000 provides a high level of data protection.

“The innovative device delivers the ultimate level of data security through AES 256-bit hardware-based encryption technology,” Chau noted. “No external drivers or software setup are required, so deployment is quick and efficient for IT administrators.”

The drive also runs automatically when connected to a computer. The user enters the password to unlock and access the confidential data stored in the drive. Encryption and decryption are performed on the fly without any additional user intervention. Multiple options with storage capacities up to 16 GB give organizations the flexibility to select the most appropriate device based on the user’s storage requirements. In addition, Jump- Drive SAFE S3000 works seamlessly with third-party end-to-end access and port control software applications that allow agencies to monitor and track the usage of these devices and their hosts.

“With USB flash drives becoming ubiquitous in computing environments, we believe that a two-factor authentication is a desired solution to enable government agencies to protect data,” added Chau. “Just a few years ago, such a solution was not available. In the future, government agencies may require a three-factor authentication through adding a cost-effective biometric solution on top of the current solution.”

Kanguru Solutions, which has been involved with flash drive technology since 2001, was one of the first companies to provide Federal Information Processing Standard (FIPS)-validated encryption technology for these devices. “There are hundreds of thousands of users around the world who secure their information on Kanguru Encrypted USB Flash Drives, with a substantial presence within the U.S. military community,” said Nate Cote, vice president of product management for the company. “We have specifically designed our devices with the military user in mind, since many of their requirements for secure portable storage typically translate over the commercial community.”

While portable storage devices make life easier for all types of applications, the ability to easily store (and lose) such a huge amount of information is daunting, Cote observed. “That’s why it’s absolutely essential that military organizations encrypt portable storage devices with tested and proven encryption products such as those that meet FIPS 140-2. It is equally important to have a cohesive security policy to which users must abide, and which is pushed down by the security team of the military unit.” With the right overall solution, there are very few downsides, if any, to enforcing an encryption solution to USB flash drives, backers contend.

“Perhaps the largest inconvenience would be password enforcement and managing lost passwords,” Cote remarked. “Kanguru addresses this through the Kanguru Remote Management Console, which allows administrators to securely access devices to reset passwords should a user forget the password.”

Another downside could be the inability of users to bring any “off-the-shelf” flash drive into their organization if endpoint security policy is implemented in conjunction with encrypted flash drives. However, while potentially inconvenient for a user, this is typically viewed as a benefit, since security administrators can specifically decide which solutions meet their organization’s requirements and can enforce usage of these devices.

HARDWARE VS. SOFTWARE

Regarding hardware-based versus software-based encryption, Cote remarked that there really is no comparison when talking about the strengths and weaknesses of these two types of encryption. “Quite simply, hardware-based encryption should be employed in all USB flash drives where security and ease of use are important,” he said. “Also, the cost of hardware-based encryption used to be fairly prohibitive, but those costs have come down substantially.”

There are some differences between hardware- and software-based encryption, however. The most pronounced is that hardware encryption is always on and cannot be circumvented by a user. Devices cannot be formatted and rendered as basic USB flash drives, which can occur without the security team knowing that this has happened.

There’s also little or no degradation in transfer speeds. “With storage capacities increasing, it is not uncommon for users to transfer a 1 GB or 2 GB e-mail file onto their flash drive,” Cote said. “Try doing this with software encryption, and it may be up to 10 times longer than with hardware encryption.”

Security policies regarding the flash drive device can also be audited remotely when used with Kanguru Remote Management Console, he noted. If a software- encrypted product is formatted, it typically will delete the “secure vault” where all of the data is stored—as well as all activities, permissions and information that a security administrator may wish to view.

Software encryption sometimes requires installation on each user machine and also increases the CPU requirements when encrypting. Another benefit of Kanguru’s encrypted flash drive is that the entire device contains hardware-based AES encryption (currently in FIPS 140-2 testing for Level 2 approval). In addition, the device comes in color-coded, ruggedized aluminum housings. “Military requirements state that devices used on different security classification networks must clearly color the devices,” Cote pointed out.

Kanguru also has in-house laser engraving facilities so that all devices can be etched to meet military unit requests. For example, individual units are sequentially serialized on the device so that they can be easily tracked. The Kanguru Defender is currently equipped with robust 128- bit AES CBC encryption. A new version of 256-bit AES encryption will be released in early 2009.

CRYPTOCHIP MANAGEMENT

IronKey is also a major player in the mobile compact device market. The company has focused much of its research on developing thumb drives that offer stateof- the-art encryption solutions. As John Jefferies, vice president of marketing for IronKey, pointed out, however, encryption solutions come with one potential inconvenience: the need for password enforcement and managing lost passwords. “If someone gets hold of data on an encrypted drive and has the password, they have your data,” he stated. “It’s important to have the ability to shut the flash drive down like a Blackberry.”

IronKey, which bills its flash drives as the world’s most secure, offers its own encryption chip. “That cryptochip manages encryption keys, offers password brute force attack defenses, and selfdestructs,” Jefferies said.

This allows the user to remote-control, remotedelete and remotedestruct the device. If an end user is no longer valid, IronKey’s remote features make it impossible for that user to get into data on the device, since it’s truly dead at that point.

IronKey USB flash drives encrypt data using hardware-based, military- grade AES encryption, thus protecting critical information should the device be lost or stolen. Like Kanguru Solutions, IronKey’s flash drives are FIPS 140-2 validated. Their always-on, hardware-based encryption protects all data written to the device.

The IronKey flash drives also support Windows Vista, XP, 2000 SP4, Macintosh OSX and Linux without installing drivers, and include industrial-grade SLC flash chips that deliver long life along with high transfer rates. In addition, the drives, which are designed and assembled in the United States, are made with a physically hardened metal casing that is waterproof and tamper resistant. The IronKey device offers password protection, online password recovery and the ability to escrow the device’s password at a secure site.

“Access to the secure site requires you to answer multiple authentication challenges,” Jefferies remarked. In addition, authentication cannot be completed if the IronKey is not connected to a PC when the user is attempting to log in.

The devices will self-destruct if someone attempts to remove the crypto or memory chip from its casing. Also, the IronKey flash drive offers an on-board password manager whereby the user can encrypt and store all passwords on the device.

“These measures are critical because the risks are more real than people think,” Jefferies commented. ♦