USBKOverview

Ver:1.0, 8 February 2011

USB Sticks

350 million USBSticks are in useworldwide

• 155 million USB sticks were sold in 2008 and sales reached to 174 million in 2009 *

* Gartner Inc. 2009 research report

Ver:1.0, 8 February 2011

USB Sticks• Compatibility on most platform

the widespread usage of them for both transporting and storing data

have resulted in,

• Storing vast amount of data• Ease of use

• Mobility

• Physically small size

Ver:1.0, 8 February 2011

Popularity at work

• 86% of enterprisesuse USB Sticks to store and exchange data

• Rate of carrying confidential company data on USB Sticks is %51

Ver:1.0, 8 February 2011

Risks exposed on USB Sticks

TheftTheft LossLoss Disclosure of Sensitive DataDisclosure of

Sensitive Data

Data stored on unsecure, standard USB sticks means that data is constantly at risk for falling into wrong hands

Res

ult

Res

ult

Ver:1.0, 8 February 2011

Reality with Numbers *

Store confidential data on USB Sticks

Not reporting the lost devices immediately

*Ponemon Institute 2009

Lost with data

Not reported

Yes

Yes

Ver:1.0, 8 February 2011

ISO/IEC 27001

For ISO/IEC 27001 certified companies, data security in removable media is not only a corporation option, it is a must

Ver:1.0, 8 February 2011

Solution

Security is possible without giving up “ mobility” benefit.

Well-known and most popular way isencryption of data with strong algorithm

Ver:1.0, 8 February 2011

AES (Advanced Encryption Standard)

AES is the first publicly accessible and open encryption algorithm approved by the NSA* for top secret information

* NSA: National Security Agency

Currently, it is typically implemented in both software- based and hardware-based security solutions.

Ver:1.0, 8 February 2011

Software programs employing AES encryption

Software-based Solutions

Ver:1.0, 8 February 2011

Risk with Software-based Solutions

Risk Description

No ease of Plug & Play facility

Driver installation on the host PC required, potentially a security risk

Leaves “footprint” on computer

Encryption is dependent on host PC which is leaving behind software footprints

Difficult to prevent “Brute Force Attack”

Brute force attacks guess the password or the encryption key. Software implementations can not thwart these attacks efficiently since they must use the host’s memory to store intermediate results, including the number of login/decryption attempts counter

Difficult to prevent “Parallel Attack”

A parallel attack is a brute force attack variant in which the attacker copies the encrypted data from the stolen USB stick, shares the data with as many computers as possible that are under his/her control, and then puts them to work in parallel to guess the password offline and unlock the encrypted data. By nature and design, software implementations can not prevent the attacker from easily copying the encrypted file from the USB stick and initiating a parallel offline attack.

Ver:1.0, 3 December 2010

DisadvantageDisadvantageAdvantageAdvantage

Needs software installation Depends on Operating

System and its security Open and Easy to Attacks

(Brute Force, Parallel) Weak, uses common

memory or RAM to encryption keys

Needs software installation Depends on Operating

System and its security Open and Easy to Attacks

(Brute Force, Parallel) Weak, uses common

memory or RAM to encryption keys

“Usage of existing USB stick” provides “low-cost” solution

“Usage of existing USB stick” provides “low-cost” solution

• At first this may look like a convenient and low-cost way. But, this solution is flawed and will be expensive in the long run because of its vulnerability!R

esu

ltR

esu

ltSoftware-based Solutions

Ver:1.0, 8 February 2011

Secure USB Flash Drive solutions with AES encryption

Hardware-based Solutions

Ver:1.0, 8 February 2011

Hardware-based is more secure

Benefit Description

Ease of Use ( plug&play)

It does not require driver installation, nor any other type of software installation on the host PC

No “footprint” No need of driver or software installation keeps the encryption independent of the PC while not leaving behind footprints.

Encryption keys are securely stored

Not using RAM or other common memory space to store encryption keys, and by the fact that the keys never leave the hardware

Possible to prevent “Brute Force Attack”

Access control and encryption are implemented by a dedicated chip located in hardware. When hackers run a brute force program on the host computer, this chip counts the number of attempts and destroy encryption keys after a predefined limit is reached.

Ver:1.0, 8 February 2011

Price ComparisonCapacity Standard USB

Stick (Unit Price)

AES-Encrypted Secure USB Sticks

(Unit Price)

2 GB 9 USD 38 USD

4 GB 15 USD 40 USD

8 GB 24 USD 49 USD

16 GB 50 USD 76 USD

32 GB 75 USD 134 USD

64 GB 140 USD 270 USD

* Patriot Bolt is referans for prices

The price difference is so high when compared. Encrypted USB sticks are more expensive than standard ones.

Ver:1.0, 8 February 2011

Hardware-based SolutionsDisadvantageDisadvantageAdvantageAdvantage

Standard Capacity. Sold in 2GB,4GB,8GB etc. limited capacity

Expensive. Price difference is so high when compared with price of standard USB sticks.

Standard Capacity. Sold in 2GB,4GB,8GB etc. limited capacity

Expensive. Price difference is so high when compared with price of standard USB sticks.

Ease of use (Plug & Play) Encryption keys are stored in a chip

on hardware and never exported to host PC

Strength to attacks, possible to prevent

More secure than software-based

Ease of use (Plug & Play) Encryption keys are stored in a chip

on hardware and never exported to host PC

Strength to attacks, possible to prevent

More secure than software-based

• Secure but expensive !

Res

ult

Res

ult

Ver:1.0, 8 February 2011

There is always a better way!

Ver:1.0, 8 February 2011

Difference

Hardware-based Security

Using low-cost, standard USB

Sticks

The advantages of both solutions are gathered

Ver:1.0, 8 February 2011

Encryption Device featuring two USB ports, which provides encrypted link between host PC and peripheral USB Sticks / External Harddisks

What is ?

Ver:1.0, 8 February 2011

On-the-fly Encryption

Original Data

(Plain Text) Encrypted Data

AES Key

Host PCUSB Stick / External Harddisk

Ver:1.0, 8 February 2011

Function

• turn standard USB sticks and even external harddisks into portable safe• secure transporting data with AES encryption strength

%100 Security with AES-128bit%100 Security

with AES-128bit

Ver:1.0, 3 December 2010

It is a unique device as you can purchase today, that offers 128-bit AES hardware-based encryption, but without any internal storage area

is not an encrypted USB Stick!

Ver:1.0, 8 February 2011

Data Stored in USB Disks

USB Sticks / External Harddisks are used as data storage area

Host PCUSB Stick / External Harddisk

Ver:1.0, 8 February 2011

Secure but limited storage capacity

- Unlimited Capacity

16GB

USB Stick

32GB

USB Stick

Secure and “in any capacity”

USB External Harddisk

Ver:1.0, 8 February 2011

1- ∞ UsageMore than one USB Stick / External harddisk can be used with the same USBK

Host PC

Your USB stickAnother oneOther one

Ver:1.0, 8 February 2011

Cost Effective

Encryption Cost per GByte reaches to 0$

As not limited in anyway,

Ver:1.0, 8 February 2011

128-bit AES Hardware-based Encryption%100 of data is protected by hardware- based encryption

Encrypted Data

Host PCUSB Stick / External Harddisk

Original Data

(plain text)

Ver:1.0, 8 February 2011

Most secure AES mode -CBC mode• Most solutions in market use ECB (Electronic Code Book) mode.It encrypts the blocks to look exactly the same.

• uses CBC (Cipher Block Chaining), the most secure mode and is preferred by both NIST and NSA

Original Data ECB mode CBC mode

Ver:1.0, 8 February 2011

User ID Verification

Password:

User password is used to prevent unauthorized access

********

Host PCUSB Stick / External Harddisk

Ver:1.0, 8 February 2011

Secure

Password:******** Wrong Password

AES keyPassword

After 3 wrong password attempts, completely erases AES keys and user password

Host PCUSB Stick / External Harddisk

Ver:1.0, 3 December 2010

Easy to Use No need to install driver or software on PC, it runs automatically (Auto-Run property)

Ver:1.0, 8 February 2011

Graphic User Inteface (GUI)Management Software deployed on USBK supplies GUI (Graphic User Interface) for encryption keys and password

Ver:1.0, 3 December 2010

Multiple Key Option * Customize your privacy policy by creating different encryption keys for your work and personal data

* Available on model A103 and can be created up to 3 different encryption keys

Host PC

Key1work

workKey 2

Ver:1.0, 8 February 2011

Oscilloscope

Independent of Operating SystemDue to “Auto-Activation” property, possible to use on test & measurment equipments such as oscilloscope, EKG, etc.

Host PC

Ver:1.0, 8 February 2011

Technical SpecificationsSecurity Features

Encryption Algorithm 128 bit-AES (Advanced Encryption Standard)

Encryption Method Hardware- based encryption

AES Mode CBC (Cipher Block Chaining) mode

AES Key User initiated or random key generator

Number of AES keys 1 (for A101 model)3 (for A103 model)

User Authentication Password (min 4 –max 16 characters)

Failed Password Procedure

Return back to factory settings after 3 wrong password attempts

System & Peripheral Features

USB USB 2.0 High Speed (USB 1.1 backward support) Plug&Play

Driver & Software Requirements

No need to install driver & Pop-up GUI for Windows (.net framework dependent)

Ver:1.0, 8 February 2011

Summary with pictures

Ver:1.0, 8 February 2011

Ver:1.0, 8 February 2011