Transcript
LOK-IT Simply Better – Hardware vs. Software User Authentication A Systematic Development Group White Paper ❶②③④⑤ ⑥⑦⑧⑨⑩
September 2011 350 Jim Moran Blvd Suite 120 Deerfield Beach, Florida 33442 Phone: 954.889.3535 www.LOK-IT.net
INTRODUCTION This is the first in a series of ‘LOK-IT Simply Better’ white papers distributed by Systematic Development Group addressing the design features of LOK-IT Secure USB Flash Drives® and the operational benefits LOK-IT delivers. ABSTRACT LOK-IT Secure USB Flash Drives are unique as they are the only FIPS 140-2 Level 3 Certified USB flash drives utilizing hardware user authentication via an onboard 10 Key PIN Pad. Drive access is managed by patents pending DataLock® technology. This makes LOK-IT the only FIPS drive that is truly platform (OS) independent and that integrates hardware user authentication with full disk hardware encryption. BACKGROUND To start it is necessary to define what USB flash drives are designed to do…..provide an easy means to store, work with and transport data. This is what makes USB drives so convenient and what makes them so vulnerable if they are not properly secured. USB drive popularity is driven by the fact they are extremely simple to use, totally platform independent and hold an extremely large volume of data in a very small space. Once the market recognized the security vulnerability USB drives presented there was a rush to secure them. The industries answer was to restrict access to the device and thereby to the data it contained. To accomplish this, vendors determined it was necessary to partition the drive into public and private partitions. The public partition is used for authenticating the person(s) using the drive and the private partition is used to store data. This solution marked the end of two important drive characteristics; ease of use and platform independence. Under this scenario the user authentication process is accomplished by running a piece of software from the public partition of the drive requiring the user to provide a password or, in some instances, a fingerprint and password. This process always requires the drive be mounted to a computer via a USB port. It is also always necessary for the computer to be equipped with a fully functional operating system and keyboard/touch screen. These requirements are necessary as the keyboard/touch screen is used to transmit the password and the computer is used to process the input information. Upon this information being successfully processed the user is granted access to the private partition. OPERATIONAL ISSUES WITH THIS SOLUTION This methodology for securing access to the drive presents three major operational problems. First, entering the password via the keyboard or touch screen makes it vulnerable to key board logging malware. Every vendor claims they protect password entry but SDG, with the help of an independent software engineer, was successful in easily compromising the supposed protection of four vendors in less than half a day (go to http://www.lok-it.net/hardware-authentication/ to view video). Second, running a software program from the drive for user authentication (or for that matter any purpose) requires the use of executable files. Executable files are the major source for malware distribution and are rightfully viewed as security threats when deployed on portable media. And third, running a software program from the drive for user authentication makes the drive platform (OS) dependent. Again, most vendors claim to be ‘compatible’ with Windows, Mac and Linux but in the real world of operating systems this is just not the case. OS updates and service packs are an administrative headache and fact of life in today’s computing environment not to mention their added operational and support costs. Just ask any IT manager. SDG’s SOLUTION SDG’s philosophy for resolving the security issues surrounding USB flash drives is quite different from that of our competitors. Our objective is to provide the highest level of security possible (both for authenticating the
2
user and protecting the drives data) while at the same time keeping the drive as easy to use and platform independent as original non-secure drives. We achieved our objective with LOK-IT Secure USB Flash Drives. LOK-IT drives are unique as they are the only FIPS 140-2 Level 3 Certified USB flash drives utilizing hardware user authentication via an onboard 10 Key PIN Pad based upon DataLock technology. What does ‘hardware user authentication’ really mean and what are the benefits? LOK-IT drive users are authenticated by holding the drive in hand and entering a PIN via the 10 Key PIN Pad on the drive. It is similar to entering a PIN like people are used to doing with an ATM machine. No software is used to process the PIN so it is not necessary to mount the drive to the computer USB port. Instead, DataLock processes the PIN entry, rather than the computer. If the PIN entry is correct, the drive is unlocked and access to the private partition is granted when the drive is mounted to a USB port. This is what is meant when stating LOK-IT drives utilize ‘hardware user authentication’. CONCLUSION The benefits are numerous.
Because the PIN is passed directly on the drive via the PIN Pad (not using a keyboard while the drive is mounted to the computer) the PIN is never subject to keyboard logging malware as it is never passed using a keyboard and computer. LOK-IT is invisible to the computer when locked and immune to keyboard logging.
Because LOK-IT does not rely upon software and a computer to authenticate the user, it never requires the use of executable files thereby eliminating the path malware uses to infect computers.
Because LOK-IT does not rely upon software and a computer to authenticate the user, it is never reliant upon any operating system to unlock and use. Clients never have to concern themselves with operating system compatibility and the associated operational and support costs.
Because LOK-IT does not rely upon software and a computer to authenticate the user, it can integrate full disk, on-the-fly, 256-bit AES hardware encryption.
Because LOK-IT does not rely upon software and a computer to authenticate the user, it may be used with other devices equipped with USB ports such as scanners, copiers, projectors, medical equipment, DVR’s, tablet PC’s, etc.
Because LOK-IT does not rely upon software and a computer to authenticate the user, there is no need for drive partitioning thereby allowing users’ access to 100% of the drive volume.
There are of course many additional security features designed into LOK-IT to make it FIPS 140-2 Level 3 Certified but hardware user authentication is what makes it unique and superior to all other secure USB drives in the market.
3
