USB flash drives are favorites among “road warriors,” “day extenders,” and employees who occasionally work at home, at a customer’s site, or even in a café.  These compact devices enable users to store and transfer data with confidence and ease. 

But, while USB drives have allowed users to reap mobility benefits, they have intensified the concerns of IT departments charged with securing confidential corporate data against theft or loss.  In their search for adequate data security, they are faced with many options, most of which encrypt the data stored on employee USB flash drives.  The choice of IT professionals is further complicated by two factors: the different levels of data encryption being offered, plus option of hardware-based or software-based encryption.

When considering hardware-based encryption or software-based encryption, the crucial factors include: password access control and encryption, protection against common attacks, USB flash drive and related security implementation, performance, and usability. 

Evaluating Access Control and Encryption

Two major elements are essential in securing data on USB drives:

• Access control: Access to decrypt data should be limited to authenticated users.
  
  
• Encryption: Whether by software or hardware means, encryption should alter data in order to make it inaccessible without the proper decryption key.

Access control is measured by the strength of authentication.  At a minimum, a complex password, typically consisting of an eight-character combination of letters and digits, is used to prevent attempts to guess the password.

Encryption is measured by the strength of the algorithm that is used to encrypt the data, and by the ability of the software or hardware-based system to generate a truly random encryption key.  The AES encryption algorithm is typically implemented in both software and hardware-based security solutions.  The strength of the AES algorithm depends on its bit length.  Currently, a 256-bit AES algorithm is the highest level that is commercially available both for software-based and hardware-based encryption. 

With USB flash drive solutions, encryption keys are generally either 128-bit or 256-bit.  In software implementations, these keys are generated by the host computer or input from an external system, while in hardware implementations, they can be generated by a true random number generator that is part of a dedicated, cryptographic processor.  The major advantage of hardware-based encryption keys is that they never leave the USB flash drive, unlike software-based keys which can be temporarily stored in the host’s random access memory (RAM) or on its hard disk drive.

USB Flash Drive Data Attacks and Malicious Code

USB drives are vulnerable to a variety of potential attacks from brute force to malicious code.  A combination of encryption and effective access control can eliminate most of these potential vulnerabilities.

• Brute Force Attack: Brute force attacks attempt to guess the password or the encryption key.  An attacker who illegally gets a hold of a USB flash drive can plug it into a computer and use a program designed to guess hundreds of passwords or encryption keys every second, based on algorithms specifically designed for this purpose.
  
  These attacks are thwarted both by enforcing the use of complex passwords and by counting and limiting the number of login or decryption attempts.  With hardware-based security solutions, access control, encryption and decryption are implemented by a dedicated crypto module located inside the USB flash drive.  When hackers run a brute force program on the host computer, the crypto module counts the number of attempts and locks down the USB flash drive, rendering information stored on it inaccessible after a predefined limit is reached.  Some systems also destroy the data and the encryption keys on the USB flash drive as an extra precautionary measure.
  
  
• Parallel Attack: A parallel attack is a brute force attack variant in which the attacker copies the encrypted data from the stolen USB flash drive, shares the data with as many computers as possible that are under his/her control, and then puts them to work in parallel to guess the password offline and unlock the encrypted data.  Hardware-based implementations prevent the mapping of storage from the USB flash drive to the OS file system until the user enters a correct password.  As a result, the attacker cannot copy the USB flash drive contents without first knowing the password.
  
  
• Cold Boot Attack: Recent research by a team at Princeton University points to how a little known characteristic of DRAM memory can serve as a window of opportunity for a cold boot attack. 
  
  DRAM memory is used to store data while the system is running.  After power is removed, all content is deleted in a gradual process that can take anywhere from a few seconds to a few minutes.  If the chip is cooled by artificial means, the content can be retained for as long as 10 minutes.
  
  This characteristic of DRAM memory enables a hacker to read the memory content by cutting power and then performing a cold boot with a malicious operating system.  This is deadly for disk encryption products that rely on software as a means to store encryption keys.  An attacker can cut power to the computer, then power it back up and boot a malicious operating system that copies the memory content.  The attacker can then search through the captured content, find the master decryption keys and use them to start decrypting hard disk contents.  To retain the content for a longer interval, the hacker can simply chill the DRAM chip before cutting power.  A hardware-based encryption system is not vulnerable to a cold boot attack, since it does not use the host RAM to store the keys. 
  
  
• Malicious Code: Malicious code can run on a PC into which a USB flash drive is inserted.  This could alter the software-based encryption, including the software itself or the drivers, to disable the encryption.  Malicious code can also copy data from the USB flash drive after it has been authenticated, or it can copy the user password and use it after the user logs out of the drive.  Hardware-based encryption is not affected by malicious code because it uses a security mechanism that is independent of the PC and its operating system.

Choosing the Right Security: Software-based Encryption vs. Hardware-based Encryption

Software-based encryption can be implemented on all types of media used by the organization, while hardware-based encryption is tied to a specific device; however, this means that it is “always on” as part of the device specifications, requiring no user intervention.  There are other considerations for assessing the security of a USB flash drive:

• Dependence on Security of Operating Systems: An application’s security depends largely on the security level of the operating system.  A flaw in the operating system is likely to lead to the subsequent vulnerability of the application running on top of it.
  
  
• Designed for Usability:  Robust hardware-based encryption does not require any type of driver installation or software installation on the host PC.  This keeps the encryption independent of the PC without leaving behind software footprints.  Solutions that require driver installation make the driver susceptible to attacks and making the drive more cumbersome to install. 
  
  
• Application Code Integrity:  Application code is stored in memory and is executed on demand or according to prior instructions.  If this code is stored in a common memory space, which is not necessarily protected as required, an adversary can modify it, causing the USB flash drive to either malfunction or leak critical information.  With hardware-based encryption, the code is digitally signed against the hardware, verifying software integrity each time the USB flash drive is inserted in the PC -- providing an extremely high level of code integrity. 

USB Flash Drive Data Protection

Not all types of hardware-based encryption deliver equivalent throughput and speed on USB flash drives.  The experience of a given manufacturer with flash memory management and the type of flash technology used are key factors in evaluating the USB flash drive and its encryption.  However, hardware-based encryption does protect against the most common attacks, such as cold boot attacks, malicious code, brute force attacks, and other threats to data stored on a USB flash drive.  By deploying the appropriate level of hardware encryption and strong password protection, users can ensure the highest degree of protection for USB flash drives.

Dror Todress is senior marketing manager for SanDisk’s Enterprise Division.