Reverse-safe authentication protocol for secure USB memories

USB memory devices are both portable and easily accessible, and have thus become one of the most popular forms of external storage device. However, if a USB device is lost, stolen, or hacked, it may lead to leakage of critical information. It is a logical outcome that malicious individuals will try to steal their colleagues' USB memories. Consequently, various USB products with built-in security functions have been developed. To our knowledge, there has been little or no security analysis and comparison of these devices. This paper explores technological and architectural approaches to secure USB memories while analyzing their vulnerabilities, especially for resistance to reverse engineering attacks on the authentication protocols and data decryption. In this analysis, we classify vulnerabilities of these devices into 12 categories to summarize the current security situations on USB memories. Additionally, we derive a more secure authentication protocol based on our analysis. It is expected for secure USB products, including USB memory devices, to be revised with enhanced authentication protocols as a result of this effort. Copyright © 2012 John Wiley & Sons, Ltd.

[1]  Tae-Young Jeong,et al.  Countermeasures to the Vulnerability of the Keyboard Hardware , 2008 .

[2]  Kangbin Yim A New Noise Mingling Approach to Protect the Authentication Password , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[3]  Attacks on and Countermeasures for USB Hardware Token Devices , 2000 .

[4]  Dongho Won,et al.  Vulnerability analysis of secure USB flash drives , 2007, 2007 IEEE International Workshop on Memory Technology, Design and Testing.

[5]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[6]  Im-Yeong Lee,et al.  A Secure Solution for USB Flash Drives Using FAT File System Structure , 2010, 2010 13th International Conference on Network-Based Information Systems.

[7]  Kyungroul Lee,et al.  Hardware Approach to Solving Password Exposure Problem through Keyboard Sniff , 2009 .

[8]  Adrian Perrig,et al.  Lockdown: A Safe and Practical Environment for Security Applications (CMU-CyLab-09-011) , 2009 .

[9]  Sangjin Lee,et al.  USB PassOn: Secure USB Thumb Drive Forensic Toolkit , 2008, 2008 Second International Conference on Future Generation Communication and Networking.

[10]  Ilsun You,et al.  Safe Authentication Protocol for Secure USB Memories , 2010, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[11]  Kang-Bin Yim,et al.  Analysis of an Intrinsic Vulnerability on Keyboard Security , 2008 .