Presentation is loading. Please wait.

Presentation is loading. Please wait.

USBK Overview Ver:1.0, 8 February 2011. USB Sticks 350 million USB Sticks are in use worldwide 155 million USB sticks were sold in 2008 and sales reached.

Similar presentations


Presentation on theme: "USBK Overview Ver:1.0, 8 February 2011. USB Sticks 350 million USB Sticks are in use worldwide 155 million USB sticks were sold in 2008 and sales reached."— Presentation transcript:

1 USBK Overview Ver:1.0, 8 February 2011

2 USB Sticks 350 million USB Sticks are in use worldwide 155 million USB sticks were sold in 2008 and sales reached to 174 million in 2009 * * Gartner Inc. 2009 research report Ver:1.0, 8 February 2011

3 USB Sticks Compatibility on most platform the widespread usage of them for both transporting and storing data have resulted in, Storing vast amount of data Ease of use Mobility Physically small size Ver:1.0, 8 February 2011

4 Popularity at work 86% of enterprises use USB Sticks to store and exchange data Rate of carrying confidential company data on USB Sticks is %51 Ver:1.0, 8 February 2011

5 Risks exposed on USB Sticks Theft Loss Disclosure of Sensitive Data Data stored on unsecure, standard USB sticks means that data is constantly at risk for falling into wrong hands Result Ver:1.0, 8 February 2011

6 Reality with Numbers * Store confidential data on USB Sticks Not reporting the lost devices immediately * Ponemon Institute 2009 Lost with data Not reported Yes Ver:1.0, 8 February 2011

7 ISO/IEC 27001 For ISO/IEC 27001 certified companies, data security in removable media is not only a corporation option, it is a must Ver:1.0, 8 February 2011

8 Solution Security is possible without giving up “ mobility” benefit. Well-known and most popular way is encryption of data with strong algorithm Ver:1.0, 8 February 2011

9 AES ( Advanced Encryption Standard ) AES is the first publicly accessible and open encryption algorithm approved by the NSA* for top secret information * NSA: National Security Agency Currently, it is typically implemented in both software- based and hardware-based security solutions. Ver:1.0, 8 February 2011

10 Software programs employing AES encryption Software-based Solutions Ver:1.0, 8 February 2011

11 Risk with Software-based Solutions RiskDescription No ease of Plug & Play facility Driver installation on the host PC required, potentially a security risk Leaves “footprint” on computer Encryption is dependent on host PC which is leaving behind software footprints Difficult to prevent “Brute Force Attack” Brute force attacks guess the password or the encryption key. Software implementations can not thwart these attacks efficiently since they must use the host’s memory to store intermediate results, including the number of login/decryption attempts counter Difficult to prevent “Parallel Attack” A parallel attack is a brute force attack variant in which the attacker copies the encrypted data from the stolen USB stick, shares the data with as many computers as possible that are under his/her control, and then puts them to work in parallel to guess the password offline and unlock the encrypted data. By nature and design, software implementations can not prevent the attacker from easily copying the encrypted file from the USB stick and initiating a parallel offline attack. Ver:1.0, 3 December 2010

12 Disadvantage Advantage  Needs software installation  Depends on Operating System and its security  Open and Easy to Attacks (Brute Force, Parallel)  Weak, uses common memory or RAM to encryption keys  Needs software installation  Depends on Operating System and its security  Open and Easy to Attacks (Brute Force, Parallel)  Weak, uses common memory or RAM to encryption keys  “Usage of existing USB stick” provides “low-cost” solution At first this may look like a convenient and low-cost way. But, this solution is flawed and will be expensive in the long run because of its vulnerability! Result Software-based Solutions Ver:1.0, 8 February 2011

13 Secure USB Flash Drive solutions with AES encryption Hardware-based Solutions Ver:1.0, 8 February 2011

14 Hardware-based is more secure BenefitDescription Ease of Use ( plug&play) It does not require driver installation, nor any other type of software installation on the host PC No “footprint”No need of driver or software installation keeps the encryption independent of the PC while not leaving behind footprints. Encryption keys are securely stored Not using RAM or other common memory space to store encryption keys, and by the fact that the keys never leave the hardware Possible to prevent “Brute Force Attack” Access control and encryption are implemented by a dedicated chip located in hardware. When hackers run a brute force program on the host computer, this chip counts the number of attempts and destroy encryption keys after a predefined limit is reached. Ver:1.0, 8 February 2011

15 Price Comparison CapacityStandard USB Stick (Unit Price) AES-Encrypted Secure USB Sticks (Unit Price) 2 GB9 USD38 USD 4 GB15 USD40 USD 8 GB24 USD49 USD 16 GB50 USD76 USD 32 GB75 USD134 USD 64 GB140 USD270 USD * Patriot Bolt is referans for prices The price difference is so high when compared. Encrypted USB sticks are more expensive than standard ones. Ver:1.0, 8 February 2011

16 Hardware-based Solutions Disadvantage Advantage  Standard Capacity. Sold in 2GB,4GB,8GB etc. limited capacity  Expensive. Price difference is so high when compared with price of standard USB sticks.  Standard Capacity. Sold in 2GB,4GB,8GB etc. limited capacity  Expensive. Price difference is so high when compared with price of standard USB sticks.  Ease of use (Plug & Play)  Encryption keys are stored in a chip on hardware and never exported to host PC  Strength to attacks, possible to prevent  More secure than software- based  Ease of use (Plug & Play)  Encryption keys are stored in a chip on hardware and never exported to host PC  Strength to attacks, possible to prevent  More secure than software- based Secure but expensive ! Result Ver:1.0, 8 February 2011

17 There is always a better way! Ver:1.0, 8 February 2011

18 Difference Hardware-based Security Using low-cost, standard USB Sticks The advantages of both solutions are gathered Ver:1.0, 8 February 2011

19 Encryption Device featuring two USB ports, which provides encrypted link between host PC and peripheral USB Sticks / External Harddisks What is ? Ver:1.0, 8 February 2011

20 On-the-fly Encryption Original Data (Plain Text) Encrypted Data AES Key Host PC USB Stick / External Harddisk Ver:1.0, 8 February 2011

21 Function turn standard USB sticks and even external harddisks into portable safe secure transporting data with AES encryption strength %100 Security with AES-128bit Ver:1.0, 3 December 2010

22 It is a unique device as you can purchase today, that offers 128-bit AES hardware- based encryption, but without any internal storage area is not an encrypted USB Stick! Ver:1.0, 8 February 2011

23 Data Stored in USB Disks USB Sticks / External Harddisks are used as data storage area Host PC USB Stick / External Harddisk Ver:1.0, 8 February 2011

24 Secure but limited storage capacity - Unlimited Capacity 16GB USB Stick 32GB USB Stick Secure and “in any capacity” USB External Harddisk Ver:1.0, 8 February 2011

25 1- ∞ Usage More than one USB Stick / External harddisk can be used with the same USBK Host PC Your USB stick Another one Other one Ver:1.0, 8 February 2011

26 Cost Effective Encryption Cost per GByte reaches to 0$ As not limited in anyway, Ver:1.0, 8 February 2011

27 128-bit AES Hardware-based Encryption %100 of data is protected by hardware- based encryption Encrypted Data Host PC USB Stick / External Harddisk Original Data (plain text) Ver:1.0, 8 February 2011

28 Most secure AES mode -CBC mode Most solutions in market use ECB (Electronic Code Book) mode.It encrypts the blocks to look exactly the same. uses CBC ( Cipher Block Chaining), the most secure mode and is preferred by both NIST and NSA Original Data ECB modeCBC mode Ver:1.0, 8 February 2011

29 User ID Verification Password: User password is used to prevent unauthorized access ******** Host PC USB Stick / External Harddisk Ver:1.0, 8 February 2011

30 Secure Password: ******** Wrong Password AES key Password After 3 wrong password attempts, completely erases AES keys and user password Host PC USB Stick / External Harddisk Ver:1.0, 3 December 2010

31 Easy to Use No need to install driver or software on PC, it runs automatically (Auto-Run property) Ver:1.0, 8 February 2011

32 Graphic User Inteface (GUI) Management Software deployed on USBK supplies GUI (Graphic User Interface) for encryption keys and password Ver:1.0, 3 December 2010

33 Multiple Key Option * Customize your privacy policy by creating different encryption keys for your work and personal data * Available on model A103 and can be created up to 3 different encryption keys Host PC Key1 work Key 2 Ver:1.0, 8 February 2011

34 Oscilloscope Independent of Operating System Due to “Auto-Activation” property, possible to use on test & measurment equipments such as oscilloscope, EKG, etc. Host PC Ver:1.0, 8 February 2011

35 Technical Specifications Security Features Encryption Algorithm128 bit-AES (Advanced Encryption Standard) Encryption MethodHardware- based encryption AES ModeCBC (Cipher Block Chaining) mode AES KeyUser initiated or random key generator Number of AES keys1 (for A101 model) 3 (for A103 model) User AuthenticationPassword (min 4 –max 16 characters) Failed Password Procedure Return back to factory settings after 3 wrong password attempts System & Peripheral Features USBUSB 2.0 High Speed (USB 1.1 backward support) Plug&Play Driver & Software Requirements No need to install driver & Pop-up GUI for Windows (.net framework dependent) Ver:1.0, 8 February 2011

36 Summary with pictures Ver:1.0, 8 February 2011

37


Download ppt "USBK Overview Ver:1.0, 8 February 2011. USB Sticks 350 million USB Sticks are in use worldwide 155 million USB sticks were sold in 2008 and sales reached."

Similar presentations


Ads by Google