Embedded Software-Free Authentication vs. Software Host-Based
- Thursday, June 25, 2015
- Store Owner
Embedded Software-Free Authentication vs. Software Host-Based
In any market where IP owners value the security and safeguarding of data, it may be preferable to move files on encrypted flash drives rather than over the public Internet and well-traveled networks. Such flash drives will let the user authenticate his or her identity either with software via an application that runs on the host system or without software. Both approaches have their respective pros and cons. In this paper, we will explore the merits of both flash drive models and recommend which user priorities will be best aligned with each drive type.
Introduction: A Tale of Three Thumb Drives
Imagine Bob Smith, a forensic investigator for Acme State Evidence. Mr. Smith pulls up in front of a quiet, suburban crime scene cordoned off with police tape. He flashes his credentials and slips through the front door. His objective waits silently in the living room: the family’s digital video recorder, which allegedly contains key evidence needed in the ongoing investigation. Mr. Smith’s job is to offload the DVR’s contents onto the flash-based thumb drive in his pocket.
In fact, Smith has three such drives, and, as he stands before the recorder, he considers them in turn. The first is a standard 32 GB consumer product, plucked from a Black Friday sale for only a few dollars. Remembering how his last consumer thumb drive became lost when it fell out of his pocket, resulting in some awkward New Year’s Eve photos of himself circulating among local friends’ social media feeds, Smith puts that drive back in his pocket. Unencrypted data is never an option when transporting business files.
He considers the second drive, a sleek little thing with military-grade encryption and 64 GB of flash memory, which should be plenty for the job. It presents only one problem: To decrypt the drive, Smith needs to enter his pass code into the device’s cloud-managed local client. Of course, the DVR doesn’t run Windows or any other OS supported by the drive’s manufacturer. He could leave the flash drive in the DVR’s USB port all afternoon, and the machine would never recognize its presence.
That leaves the third drive, very similar in size and shape to the first two and also equipped with top-quality data encryption. However, this unit has a numeric keypad on its front. The product has no cloud platform with which to link and no need for a local, computer-based application. Smith punches in the drive’s PIN code, thereby unlocking it, and inserts the drive into the DVR’s USB port. Minutes later, with the data he needs copied to the drive, he removes the device from the DVR, instantly triggering the flash drive to lock and protect its encrypted contents. Now, even if he loses the drive, it will be physically impossible for even the most determined hacker to read its files. Smith’s work here is done.
Our example of Mr. Smith is based on a true customer story, and his decision between flash products is one faced by a broad spectrum of professionals, government workers, and even privacy-conscious consumers. Even in an era of online data transfer options, the need to hold sensitive files in hand and transport them securely remains bigger than ever. The choice for Mr. Smith was practically made for him, but in general use other considerations come into play, and the embedded authentication and security level method he chose may not always be the best fit.
Let’s dig into the question and see which authentication approach — software-based or software-free — will make sense for your needs.
The Case for Software-Based Security
A software-based authentication approach for portable storage has several apparent benefits. Chief among these is ease of use in the field. The user pops the flash drive into a host, and, just as a media player app will typically start when an audio CD is loaded into an optical drive, an autorun routine will load a password authentication app from the flash drive. (Generally, no vendor-provided software needs to reside on the host system.) The user enters his or her password via the system’s keyboard, the drive unlocks, and the host mounts the USB drive’s volume just as with any other flash drive. The process takes only a few seconds, but in cases where the drive contacts a remote cloud service via the host system, a secure path forms from the cloud through the host and all the way to the drive’s onboard circuitry. Through this path, IT can control a range of flash drive features and functions. Some vendors add additional authentication security by implementing an on-screen keyboard that will randomize the key layout with each input character in an attempt to thwart malware that tracks both keylogging as well as mouse click positions.
Software-based authentication also appeals to IT administrators who need a centralized, easily logged approach to managing a fleet of encrypted flash drives. Not only do managers have a convenient, console-driven way to manage the passwords for each drive, but they can enforce company security policies, such as requiring passwords to meet certain length and complexity criteria. Similarly, managers can provision large quantities of encrypted flash drives, which may save time when deploying portable storage for a workforce.
Centralized, cloud-driven management also means that admins have the power to perform remote crypto erases, much like the remote wipe one can perform on iOS devices via iCloud. The flash drive admin receives a call from the user reporting the drive as lost, the admin issues a wipe command, and the next time that drive gets inserted into a system and connects to the managing cloud service, the server will instruct the drive to delete its crypto keys. This leaves all encrypted data on the drive permanently scrambled with no hope of recovery.
On the Other Hand...
Remote cryptographic erasure sounds like a great idea, but, in reality, it’s not particularly necessary. The Advanced Encryption Standard (AES) technology used in virtually all encrypting flash drives has yet to be hacked by anyone, ever, and that encryption would be in force from the instant the flash drive unplugs from its last host system. In the event of a brute force attack on the drive, wherein hackers try to use a random key generator to guess the password, most drives are programmed to “self-destruct” (by erasing the onboard crypto keys) after a given number of unsuccessful password entry attempts.
In effect, the only way to unlock a lost or stolen drive is through prior knowledge of the password. This video (http://bit.ly/1G9kCI8) illustrates how background malware can record the supposedly secure entry of a pass code, even through a randomized on-screen keyboard. However, this approach, along with any other means of “stealing” a password, presumes that someone with knowledge of that password is already present. Could a disgruntled employee gain unauthorized device access? Of course — with prior knowledge of the password. Could someone use a keylogger app to record the password and gain access to the device? Sure, but this intruder would also have to find a way to physically steal the drive.
The bottom line is that while cloud-based drive management may be convenient for deploying many devices across a fleet of users, its actual benefit for security is minimal and may even be a hindrance in any of several common situations:
1. Autorun functionality — or anything that executes without express permission by IT — is typically viewed as suspect from a security perspective and thus is often disabled. Naturally, users can browse for the drive’s login script executable and open it manually, but after two decades or so of universal autorun convenience, some users may not know how to do this.
2. The data path from cloud to host system may be secure, but the circuit path from the USB port to the security circuitry inside the flash drive can be exploited by hackers. Moreover, while AES algorithms remain essentially uncrackable with modern technology, that’s not to say that other flaws in the product design can’t be leveraged by a hacker. Recall how in 2010 security firm SySS was able to easily break into Kingston, SanDisk, and Verbatim flash drives protected by AES-256 encryption due to a weakness in the drives’ authentication routines. This is like having a steel door mounted in a rotting wooden frame.
3. Software can have backdoors, just like systems and network infrastructure. If in doubt, read up on the National Security Agency’s recent defense of its cyber-security policies and its illicit bugging of Cisco routers.
4. Managed platform software may require annual licensing, making the investment an ongoing operational expense in addition to an up-front capital expense. In addition, either the software platform or the OS underneath it may undergo occasional updates, which not only entails more work for IT but also may introduce incompatibilities. IronKey ran into this in November 2014 when Apple updated to Mac OS 10.8 and in doing so left several encrypted flash drive models adversely affected.
5. Some encrypted flash drive solutions may require a client application to be loaded on the host system. Because of the low-level security involved, this installation may require admin rights on the host — which the user may not have.
6. If the software-based security platform requires authentication of credentials from across the Internet, this will pose obvious difficulties in situations where Internet access is either suspended or unavailable.
7. By now, nearly everyone in the business world has been lectured about the importance of having complex passwords and changing them regularly. In practice, relatively few people do this, if only because complex passwords are hard to memorize. This doesn’t get any easier with the move to encrypted flash drives, where users will still have to remember complex passwords if that’s what conforms to IT security policies.
The Pros of Software-Free Security
Essentially, all of the drawbacks outlined above vanish with the switch to a software-free, hardware encrypted flash drive, such as Apricorn’s patented approach. Rather than entering a password into a drive-resident app running on the host system, users validate their security credentials directly on the drive. This is done either through onboard biometric or keypad entry.
Clearly, the chief benefits of a biometric USB drive fall under two umbrellas. First, nothing beats a biometric drive for convenience. Just swipe a finger and go — there’s nothing to memorize. Second, being software-free, there’s no hassle with host setup, Internet connectivity, admin rights, or anything else. Simply register the user’s fingerprint(s) to engage drive encryption, then swipe again to unlock the drive and decrypt the drive’s data.
Today’s biometric flash drives use an integrated fingerprint scanner linked to an onboard processor. Users can register multiple fingers with the device. It’s important to note that, as with other fingerprint biometric systems, visual copies of the fingerprint are not stored. Rather, algorithms analyze the fingerprint image, looking for key reference points called minutiae, then analyze and hash the relationships between those points. Thus a subsequent validation doesn’t have to match the exact fingerprint image. It only needs to confirm that the minutiae hashes of an authentication attempt are within allowed thresholds in their similarity to the hashes of the registered image. All of this takes place on the flash drive independent of the host system.
Among software-free drives, the alternative to biometrics is an alphanumeric keypad, much like that on an ATM. While not quite as convenient as a fingertip swipe, a drive such as Apricorn’s Aegis Secure Key 3.0 requires only a seven- to 16-digit PIN entry that can be based on a memorable word or phrase rather than some inscrutable combination of capital letters and special punctuation characters. The drive is completely OS-independent. As we saw in our beginning illustration with Mr. Smith, all that’s required from the host device is a powered USB port and a file storage system. The host’s operating system is irrelevant, so there will never be outside software issues or update problems.
On the Other Hand...
While there’s no way to keylog a fingerprint, and drives like Apricorn’s Aegis Bio 3.0 are software-free in setup and operation, biometric drives aren’t without their compromises. Fingerprints in general have a long history of mixed results with users. Scars, dry skin, sweat, and lotion (not to mention gloves) can all foil validation attempts. Although not in the case with Apricorn’s biometric drives, researchers have proven that fingerprints can be spoofed through digital photography combined with gelatin and silicone printed facsimiles. Additionally, if there are no admin fingers enrolled, centralized drive management, or other means of authenticating the drive, employers may still have trouble with terminated employees taking their fingertips with them.
And the drawbacks of a keypad-based encrypted USB drive? There really aren’t any. Some devices may be prone to BadUSB, a known weakness in common USB controller chips that allow for reprogramming in the field. To thwart this, makers of reputable drives, including the Aegis Secure Key 3.0, lock their controllers to prevent post-manufacture updating. Other than this, the keypad approach to encrypted, software-free drives is fairly bulletproof.
The entire Apricorn Aegis product family stands as a best-of-breed example within this software-free product category. The capacious Padlock drive series integrates various keypad designs while the Bio models authenticate with fingerprint scanning. For compact simplicity, though, nothing beats Aegis Secure Key (ASK) 3.0. Measuring only 95.5 mm x 24.5 mm x 12.6 mm in its crush-resistant, aluminum sleeve, the USB 3.0 drive looks and feels much like any standard thumb drive. Pulling off the sleeve, however, reveals a 10-key pad, lock and unlock buttons, and a row of three LED indicators. Capacities range from 30 GB up to 240 GB.
Within the ASK 3.0’s shell, the circuitry is encased with FIPS-validated epoxy in order to thwart any hacking that might attempt to interfere directly with the device’s chips or traces. Digging through the epoxy will simply destroy the drive. The hardened epoxy also helps to keep the ASK 3.0 dust- and water-resistant in accordance with strict IP58 standards.
As noted earlier, the ASK 3.0, like the entire Aegis Padlock family, has onboard authentication, a completely software-free design, OS independence, and no centralized administration. Upon first use out of the box, an admin presses the green unlock button to wake up the drive, then holds down the unlock key (again) and the number 9. Then the admin will enter his or her unique 7-16 digit PIN and press the unlock button, then repeat for confirmation. With that done, the admin can go through a similar process to establish a new user PIN that will be shared with the end-user. That’s it. (Compare this with the convoluted setup process found in IronKey’s so-called Quick Start Guide.) There are additional features the admin can enable, such as a read-only mode, an unattended auto-lock, and the aforementioned brute force self-destruct, but basic ready-to-run setup takes less than one minute and can be done anywhere regardless of connectivity.
The ASK 3.0 adheres to the most stringent security standard in the world for its device class. With FIPS 140-2 Level 3 validation, the flash drive meets government-grade security standards across 11 areas of its cryptographic design, from key management to physical tamper-resistance. Again, there are no autorun routines needing to be disabled, no updates to hassle over, and no licensing of any kind.
Your Authorization Approach
By now, you should have a solid idea of which means of authentication —software or software-free — will make more sense for your secure data needs. Large organizations needing to field high quantities of centrally managed drives may prefer software-based options. Groups with smaller volume needs and/or a preference for simplified administration and user experience will gravitate to software-free.
We should also emphasize a couple of the fundamental security differences between the two options. Software-based drives do have remote management capabilities, especially for wiping, and this can be valuable in some instances. However, such drives may share critical security parameters (CSPs) with the host system. A CSP is data used to work in conjunction with a cryptography module to process encryption functions, and passing this data in the clear to the host creates a security vulnerability. The Apricorn Aegis family does not pass CSPs to the host, but be sure to research the specifics of any drive you consider.
It’s worth reiterating the lesson of Mr. Smith. If you work with embedded devices, from DVRs to medical equipment to retail kiosks, and these devices either contain secure data or need to receive occasional updates of highly secure or proprietary, valuable software, then software-free will likely be your de facto choice.
The ASK 3.0 is an affordable, convenient, and exceptionally secure solution for any situation in which data needs to be kept protected and offline. For large-scale enrollment, Apricorn is close to releasing a secure configurator that would enable IT administrators to easily provision and deploy mass quantities of Aegis products. And in any environment of any size, the ASK 3.0 stands as the market’s leading example of the full potential in software-free encrypted flash drive technology. Consider the organizational, operational, and ROI benefits of going software-free for your data transportation needs.