USB flash drive security

Last updated

Secure USB flash drives protect the data stored on them from access by unauthorized users. USB flash drive products have been on the market since 2000, and their use is increasing exponentially. [1] [2] As businesses have increased demand for these drives, manufacturers are producing faster devices with greater data storage capacities.

Contents

An increasing number of portable devices are used in business and decreased numbers for consumers, such as laptops, notebooks, personal digital assistants (PDA), smartphones, USB flash drives and other mobile devices.

Companies in particular are at risk when sensitive data are stored on unsecured USB flash drives by employees who use the devices to transport data outside the office. The consequences of losing drives loaded with such information can be significant, including the loss of customer data, financial information, business plans and other confidential information, with the associated risk of reputation damage.

Major dangers of USB drives

USB flash drives pose two major challenges to information system security: data leakage owing to their small size and ubiquity and system compromise through infections from computer viruses, malware and spyware.

Data leakage

The large storage capacity of USB flash drives relative to their small size and low cost means that using them for data storage without adequate operational and logical controls may pose a serious threat to information availability, confidentiality and integrity. The following factors should be taken into consideration for securing important assets:

The average cost of a data breach from any source (not necessarily a flash drive) ranges from less than $100,000 to about $2.5 million. [1]

A SanDisk survey [3] characterized the data corporate end users most frequently copy:

  1. Customer data (25%)
  2. Financial information (17%)
  3. Business plans (15%)
  4. Employee data (13%)
  5. Marketing plans (13%)
  6. Intellectual property (6%)
  7. Source code (6%)

Examples of security breaches resulting from USB drives include:

Malware infections

In the early days of computer viruses, malware, and spyware, the primary means of transmission and infection was the floppy disk. Today, USB flash drives perform the same data and software storage and transfer role as the floppy disk, often used to transfer files between computers which may be on different networks, in different offices, or owned by different people. This has made USB flash drives a leading form of information system infection. When a piece of malware gets onto a USB flash drive, it may infect the devices into which that drive is subsequently plugged.

The prevalence of malware infection by means of USB flash drive was documented in a 2011 Microsoft study [6] analyzing data from more than 600 million systems worldwide in the first half of 2011. The study found that 26 percent of all malware infections of Windows system were due to USB flash drives exploiting the AutoRun feature in Microsoft Windows. That finding was in line with other statistics, such as the monthly reporting of most commonly detected malware by antivirus company ESET, which lists abuse of autorun.inf as first among the top ten threats in 2011. [7]

The Windows autorun.inf file contains information on programs meant to run automatically when removable media (often USB flash drives and similar devices) are accessed by a Windows PC user. The default Autorun setting in Windows versions prior to Windows 7 will automatically run a program listed in the autorun.inf file when you access many kinds of removable media. Many types of malware copy themselves to removable storage devices: while this is not always the program's primary distribution mechanism, malware authors often build in additional infection techniques.

Examples of malware spread by USB flash drives include:

Solutions

Since the security of the physical drive cannot be guaranteed without compromising the benefits of portability, security measures are primarily devoted to making the data on a compromised drive inaccessible to unauthorized users and unauthorized processes, such as may be executed by malware. One common approach is to encrypt the data for storage and routinely scan USB flash drives for computer viruses, malware and spyware with an antivirus program, although other methods are possible.

Software encryption

Software solutions such as BitLocker, DiskCryptor and the popular VeraCrypt allow the contents of a USB drive to be encrypted automatically and transparently. Also, Windows 7 Enterprise, Windows 7 Ultimate and Windows Server 2008 R2 provide USB drive encryption using BitLocker to Go. The Apple Computer Mac OS X operating system has provided software for disc data encryption since Mac OS X Panther was issued in 2003 (see also: Disk Utility).[ citation needed ]

Additional software can be installed on an external USB drive to prevent access to files in case the drive becomes lost or stolen. Installing software on company computers may help track and minimize risk by recording the interactions between any USB drive and the computer and storing them in a centralized database.[ citation needed ]

Hardware encryption

Some USB drives utilize hardware encryption in which microchips within the USB drive provide automatic and transparent encryption. [8] Some manufacturers offer drives that require a pin code to be entered into a physical keypad on the device before allowing access to the drive. The cost of these USB drives can be significant but is starting to fall due to this type of USB drive gaining popularity.

Hardware systems may offer additional features, such as the ability to automatically overwrite the contents of the drive if the wrong password is entered more than a certain number of times. This type of functionality cannot be provided by a software system since the encrypted data can simply be copied from the drive. However, this form of hardware security can result in data loss if activated accidentally by legitimate users and strong encryption algorithms essentially make such functionality redundant.

As the encryption keys used in hardware encryption are typically never stored in the computer's memory, technically hardware solutions are less subject to "cold boot" attacks than software-based systems. [9] In reality however, "cold boot" attacks pose little (if any) threat, assuming basic, rudimentary, security precautions are taken with software-based systems.

Compromised systems

The security of encrypted flash drives is constantly tested by individual hackers as well as professional security firms. At times (as in January 2010) flash drives that have been positioned as secure were found to have been poorly designed such that they provide little or no actual security, giving access to data without knowledge of the correct password. [10]

Flash drives that have been compromised (and claimed to now be fixed) include:

  • SanDisk Cruzer Enterprise [11]
  • Kingston DataTraveler BlackBox [12]
  • Verbatim Corporate Secure USB Flash Drive [13]
  • Trek Technology ThumbDrive CRYPTO [10]

All of the above companies reacted immediately. Kingston offered replacement drives with a different security architecture. SanDisk, Verbatim, and Trek released patches.

Remote management

In commercial environments, where most secure USB drives are used, [1] a central/remote management system may provide organizations with an additional level of IT asset control, significantly reducing the risks of a harmful data breach. This can include initial user deployment and ongoing management, password recovery, data backup, remote tracking of sensitive data and termination of any issued secure USB drives. Such management systems are available as software as a service (SaaS), where Internet connectivity is allowed, or as behind-the-firewall solutions. SecureData, Inc offers a software free Remote Management Console that runs from a browser. By using an app on a smartphone, Admins can manage who, when and where USB devices were last accessed with a complete audit trail. Used by Hospitals, large enterprises, Universities and the federal government to track access and protect data in transit and at rest.

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Firmware</span> Low-level computer software

In computing, firmware is software that provides low-level control of computing device hardware. For a relatively simple device, firmware may perform all control, monitoring and data manipulation functionality. For a more complex device, firmware may provide relatively low-level control as well as hardware abstraction services to higher-level software such as an operating system.

<span class="mw-page-title-main">Boot sector</span> Sector of a persistent data storage device

A boot sector is the sector of a persistent data storage device which contains machine code to be loaded into random-access memory (RAM) and then executed by a computer system's built-in firmware.

<span class="mw-page-title-main">Live CD</span> Complete, bootable computer installation that runs directly from a CD-ROM

A live CD is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading from a hard disk drive. A live CD allows users to run an operating system for any purpose without installing it or making any changes to the computer's configuration. Live CDs can run on a computer without secondary storage, such as a hard disk drive, or with a corrupted hard disk drive or file system, allowing data recovery.

In computing, a removable media is a data storage media that is designed to be readily inserted and removed from a system. Most early removable media, such as floppy disks and optical discs, require a dedicated read/write device to be installed in the computer, while others, such as USB flash drives, are plug-and-play with all the hardware required to read them built into the device, so only need a driver software to be installed in order to communicate with the device. Some removable media readers/drives are integrated into the computer case, while others are standalone devices that need to be additionally installed or connected.

<span class="mw-page-title-main">USB flash drive</span> Data storage device

A flash drive is a data storage device that includes flash memory with an integrated USB interface. A typical USB drive is removable, rewritable, and smaller than an optical disc, and usually weighs less than 30 g (1 oz). Since first offered for sale in late 2000, the storage capacities of USB drives range from 8 megabytes to 256 gigabytes (GB), 512 GB and 1 terabyte (TB). As of 2023, 2 TB flash drives were the largest currently in production. Some allow up to 100,000 write/erase cycles, depending on the exact type of memory chip used, and are thought to physically last between 10 and 100 years under normal circumstances.

Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.

AutoRun and the companion feature AutoPlay are components of the Microsoft Windows operating system that dictate what actions the system takes when a drive is mounted.

<span class="mw-page-title-main">U3 (software)</span>

U3 was a joint venture between SanDisk and M-Systems, producing a proprietary method of launching Windows software from special USB flash drives. Flash drives adhering to the U3 specification are termed "U3 smart drives". U3 smart drives come preinstalled with the U3 Launchpad. Applications that comply with U3 specifications are allowed to write files or registry information to the host computer, but they must remove this information when the flash drive is ejected. Customizations and settings are instead stored with the application on the flash drive.

<span class="mw-page-title-main">BitLocker</span> Disk encryption software for Microsoft Windows

BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard (AES) algorithm in cipher block chaining (CBC) or "xor–encrypt–xor (XEX)-based Tweaked codebook mode with ciphertext Stealing" (XTS) mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

<span class="mw-page-title-main">Live USB</span> USB drive with a full bootable operating system

A live USB is a portable USB-attached external data storage device containing a full operating system that can be booted from. The term is reminiscent of USB flash drives but may encompass an external hard disk drive or solid-state drive, though they may be referred to as "live HDD" and "live SSD" respectively. They are the evolutionary next step after live CDs, but with the added benefit of writable storage, allowing customizations to the booted operating system. Live USBs can be used in embedded systems for system administration, data recovery, or test driving, and can persistently save settings and install software packages on the USB device.

Defensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

Data erasure is a software-based method of data sanitization that aims to completely destroy all electronic data residing on a hard disk drive or other digital media by overwriting data onto all sectors of the device in an irreversible process. By overwriting the data on the storage device, the data is rendered irrecoverable.

The SanDisk Cruzer Enterprise was an encrypted USB flash drive. This secure USB drive imposed a mandatory access control on all files, storing them in a hardware-encrypted, password-protected partition. The Cruzer Enterprise is designed to protect information on company-issued USB flash drives.

Check Point GO is a USB drive that combines an encrypted USB flash drive with virtualization, VPN and computer security technologies to turn a PC into a secure corporate desktop. By plugging Check Point GO into the USB port of a Microsoft Windows OS-based PC or laptop, users can launch a secure virtual workspace that is segregated from the host PC. This allows users to securely access company files and applications from any remote location, including insecure host environments such as a hotel business center or Internet café.

Agent.BTZ, also named Autorun, is a computer worm that infects USB flash drives with spyware. A variant of the SillyFDC worm, it was used in a massive 2008 cyberattack on the US military, infecting 300,000 computers.

References

  1. 1 2 3 ENISA (PDF), June 2006, archived from the original (PDF) on 19 February 2009
  2. Secure USB flash drives. European Union Agency for Network and Information Security. 1 June 2008. ISBN   978-92-9204-011-6 . Retrieved 21 July 2014.
  3. SanDisk Survey, April 2008
  4. Swartz, Jon (16 August 2006). "Small drives cause big problems". USA Today.
  5. Watson, Paul (10 April 2006). "Afghan market sells US military flash drives". Los Angeles Times.
  6. Microsoft Security Intelligence Report Volume 11, January-June, 2011.
  7. Global Threat Report, December 2011.
  8. Hierarchical Management with b² cryptography , GoldKey (Accessed January 2019)
  9. White Paper: Hardware-Based vs. Software-Based Encryption on USB Flash Drives, SanDisk (June 2008)
  10. 1 2 "SySS Cracks Yet Another USB Flash Drive" (PDF). Archived from the original (PDF) on 19 July 2011. Retrieved 6 December 2016.
  11. Archived 6 January 2010 at the Wayback Machine
  12. "Kingston Technology Company - DataTraveler Security Update Information - Kingston's Secure USB Drive Information Page". Archived from the original on 3 January 2010. Retrieved 7 January 2010.
  13. "Verbatim Europe - Data Storage, Computer & Imaging Consumables". Verbatim.com. Retrieved 10 February 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.