论文信息 - Safe Authentication Protocol for Secure USB Memories

Safe Authentication Protocol for Secure USB Memories

Due to its portability and accesibility, the USB memory has become one of the most popular storage devices. However, if the device is lost, stolen or hacked, it can lead to critical information leakage. It is natural that malicious insiders would try to thieve their colleagues’ USB memories. Consequently, various security-incorporated USB products have been developed. To our best knowledge, there is lack of security analysis and comparison on them. In this paper, we explore the authentication protocols for the secure USB memory while analyzing their vulnerabilities. Also, we classify the vulnerabilities into 12 categories, based on which the protocols are then compared. In addition, some recommendations are given to address the vulnerabilities. It is expected for commercial secure USB products to provide enhanced security after a thorough revise on the authentication protocols of their software based on the introduced vulnerability categorization. Keyword : Authentication protocol, Identification, USB Flash Memory, Reverse engineering

[1] Kyungroul Lee,et al. Hardware Approach to Solving Password Exposure Problem through Keyboard Sniff , 2009 .

[2] Attacks on and Countermeasures for USB Hardware Token Devices , 2000 .

[3] Dongho Won,et al. Vulnerability analysis of secure USB flash drives , 2007, 2007 IEEE International Workshop on Memory Technology, Design and Testing.

[4] Tae-Young Jeong,et al. Countermeasures to the Vulnerability of the Keyboard Hardware , 2008 .

[5] L. O'Gorman,et al. Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[6] Adrian Perrig,et al. Lockdown: A Safe and Practical Environment for Security Applications (CMU-CyLab-09-011) , 2009 .

[7] Kang-Bin Yim,et al. Analysis of an Intrinsic Vulnerability on Keyboard Security , 2008 .

[8] Kangbin Yim. A New Noise Mingling Approach to Protect the Authentication Password , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.