Secure control protocol for universal serial bus mass storage devices

The universal serial bus (USB) has some advantages like high transmission speed, plug-and-play and hot swapping, and has become the most popular interface standard for peripheral connections. However, such features also make it easier for a malicious user to extract confidential files from computer systems via USB ports. Consequently, to control the potential security risks of USB interface, many workplace and commercial corporations have directly forbidden their employees from using USB devices. To provide a flexible way of using USB without compromising security, this study proposes a novel secure control protocol for USB storage devices. The device and the server are required to complete mutual authentication and establish a session key used to encrypt the transferred files. The details of each phase of the new protocol are given. Security analysis demonstrates that the proposed protocol conquers those security pitfalls existing in the available protocols and can resist various attacks. Performance discussion indicates that the new protocol is also efficient enough for practical applications.