Secure USB flash drives protect the data stored on them from access by unauthorized users.
USB flash drive
A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since firs ...
products have been on the market since 2000, and their use is increasing exponentially.
As both consumers and businesses have increased demand for these drives, manufacturers are producing faster devices with greater
data storage
Data storage is the recording (storing) of information (data) in a storage medium. Handwriting, phonographic recording, magnetic tape, and optical discs are all examples of storage media. Biological molecules such as RNA and DNA are conside ...
capacities.
An increasing number of portable devices are used in business, such as
laptop
A laptop, laptop computer, or notebook computer is a small, portable personal computer (PC) with a screen and alphanumeric keyboard. Laptops typically have a clam shell form factor with the screen mounted on the inside of the upper li ...
s,
notebook
A notebook (also known as a notepad, writing pad, drawing pad, or legal pad) is a book or stack of paper pages that are often ruled and used for purposes such as note-taking, journaling or other writing, drawing, or scrapbooking.
History
...
s,
personal digital assistant
A personal digital assistant (PDA), also known as a handheld PC, is a variety mobile device which functions as a personal information manager. PDAs have been mostly displaced by the widespread adoption of highly capable smartphones, in partic ...
s (PDA),
smartphone
A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
s,
USB flash drive
A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since firs ...
s and other mobile devices.
Companies in particular are at risk when sensitive data are stored on unsecured
USB flash drive
A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since firs ...
s by employees who use the devices to transport data outside the office. The consequences of losing drives loaded with such information can be significant, including the loss of customer data, financial information, business plans and other confidential information, with the associated risk of reputation damage.
Major dangers of USB drives
USB flash drives pose two major challenges to information system security: data leakage owing to their small size and ubiquity and system compromise through infections from
computer virus
A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a compu ...
es,
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
and
spyware
Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...
.
Data leakage
The large storage capacity of USB flash drives relative to their small size and low cost means that using them for data storage without adequate operational and logical controls may pose a serious threat to information availability, confidentiality and integrity. The following factors should be taken into consideration for securing important assets:
* Storage: USB flash drives are hard to track physically, being stored in bags, backpacks, laptop cases, jackets, trouser pockets or left at unattended workstations.
* Usage: tracking corporate data stored on personal flash drives is a significant challenge; the drives are small, common and constantly moving. While many enterprises have strict management policies toward USB drives and some companies ban them outright to minimize risk, others seem unaware of the risks these devices pose to system security.
The average cost of a data breach from any source (not necessarily a flash drive) ranges from less than $100,000 to about $2.5 million.
[
A ]SanDisk
SanDisk is a brand for flash memory products, including memory cards and readers, USB flash drives, solid-state drives, and digital audio players, manufactured and marketed by Western Digital. The original company, SanDisk Corporation was acquire ...
survey characterized the data corporate end users most frequently copy:
# Customer data (25%)
# Financial information (17%)
# Business plans (15%)
# Employee data (13%)
# Marketing plans (13%)
# Intellectual property (6%)
# Source code (6%)
Examples of security breaches resulting from USB drives include:
* In the UK:
** HM Revenue & Customs lost personal details of 6,500 private pension holders
* In the United States:
**a USB drive was stolen with names, grades, and social security numbers of 6,500 former students
** USB flash drives with US Army classified military information were up for sale at a bazaar outside Bagram, Afghanistan.
Malware infections
In the early days of computer viruses, malware, and spyware, the primary means of transmission and infection was the floppy disk
A floppy disk or floppy diskette (casually referred to as a floppy, or a diskette) is an obsolescent type of disk storage composed of a thin and flexible disk of a magnetic storage medium in a square or nearly square plastic enclosure lined w ...
. Today, USB flash drives perform the same data and software storage and transfer role as the floppy disk, often used to transfer files between computers which may be on different networks, in different offices, or owned by different people. This has made USB flash drives a leading form of information system infection. When a piece of malware gets onto a USB flash drive, it may infect the devices into which that drive is subsequently plugged.
The prevalence of malware infection by means of USB flash drive was documented in a 2011 Microsoft study analyzing data from more than 600 million systems worldwide in the first half of 2011. The study found that 26 percent of all malware infections of Windows system were due to USB flash drives exploiting the AutoRun feature in Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
. That finding was in line with other statistics, such as the monthly reporting of most commonly detected malware by antivirus company ESET, which lists abuse of autorun.inf as first among the top ten threats in 2011.
The Windows autorun.inf file contains information on programs meant to run automatically when removable media (often USB flash drives and similar devices) are accessed by a Windows PC user. The default Autorun setting in Windows versions prior to Windows 7 will automatically run a program listed in the autorun.inf file when you access many kinds of removable media. Many types of malware copy themselves to removable storage devices: while this is not always the program's primary distribution mechanism, malware authors often build in additional infection techniques.
Examples of malware spread by USB flash drives include:
* The Duqu
Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Lab ...
collection of computer malware.
* The Flame
A flame (from Latin ''flamma'') is the visible, gaseous part of a fire. It is caused by a highly exothermic chemical reaction taking place in a thin zone. When flames are hot enough to have ionized gaseous components of sufficient density they ...
modular computer malware.
* The Stuxnet
Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition ( SCADA) systems and is believed to be responsible for causing su ...
malicious computer worm.
Solutions
Since the security of the physical drive cannot be guaranteed without compromising the benefits of portability, security measures are primarily devoted to making the data on a compromised drive inaccessible to unauthorized users and unauthorized processes, such as may be executed by malware. One common approach is to encrypt the data for storage and routinely scan USB flash drives for computer viruses, malware and spyware with an antivirus
Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
program, although other methods are possible.
Software encryption
Software solutions such as BitLocker
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in ...
, DiskCryptor and the popular VeraCrypt allow the contents of a USB drive to be encrypted automatically and transparently. Also, Windows 7
Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly ...
Enterprise, Windows 7 Ultimate and Windows Server 2008 R2
Windows Server 2008 R2 is the fifth version of the Windows Server operating system produced by Microsoft and released as part of the Windows NT family of operating systems. It was released to manufacturing on July 22, 2009, and became General av ...
provide USB drive encryption using BitLocker
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in ...
to Go. The Apple Computer
Apple Inc. is an American multinational technology company headquartered in Cupertino, California, United States. Apple is the largest technology company by revenue (totaling in 2021) and, as of June 2022, is the world's biggest company b ...
Mac OS X
macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...
operating system has provided software for disc data encryption since Mac OS X Panther
Mac OS X Panther (version 10.3) is the fourth major release of macOS, Apple's desktop and server operating system. It followed Mac OS X Jaguar and preceded Mac OS X Tiger. It was released on October 24, 2003.
System requirements
Panther's s ...
was issued in 2003 (see also: Disk Utility
A disk utility is a utility program that allows a user to perform various functions on a computer disk, such as disk partitioning and logical volume management, as well as multiple smaller tasks such as changing drive letters and other mount poi ...
).
Additional software can be installed on an external USB drive to prevent access to files in case the drive becomes lost or stolen. Installing software on company computers may help track and minimize risk by recording the interactions between any USB drive and the computer and storing them in a centralized database.
Hardware encryption
Some USB drives utilize hardware encryption in which microchips within the USB drive provide automatic and transparent encryption.[Hierarchical Management with b² cryptography ]
GoldKey (Accessed January 2019) Some manufacturers offer drives that require a pin code to be entered into a physical keypad on the device before allowing access to the drive. The cost of these USB drives can be significant but is starting to fall due to this type of USB drive gaining popularity.
Hardware systems may offer additional features, such as the ability to automatically overwrite the contents of the drive if the wrong password is entered more than a certain number of times. This type of functionality cannot be provided by a software system since the encrypted data can simply be copied from the drive. However, this form of hardware security can result in data loss if activated accidentally by legitimate users and strong encryption algorithms essentially make such functionality redundant.
As the encryption keys used in hardware encryption are typically never stored in the computer's memory, ''technically'' hardware solutions are less subject to "cold boot
In computing, rebooting is the process by which a running computer system is restarted, either intentionally or unintentionally. Reboots can be either a cold reboot (alternatively known as a hard reboot) in which the power to the system is physi ...
" attacks than software-based systems.[White Paper: Hardware-Based vs. Software-Based Encryption on USB Flash Drives]
SanDisk (June 2008) In reality however, "cold boot" attacks pose little (if any) threat, assuming basic, rudimentary, security precautions are taken with software-based systems.
Compromised systems
The security of encrypted flash drives is constantly tested by individual hackers as well as professional security firms. At times (as in January 2010) flash drives that have been positioned as secure were found to have been poorly designed such that they provide little or no actual security, giving access to data without knowledge of the correct password.
Flash drives that have been compromised (and claimed to now be fixed) include:
* SanDisk Cruzer Enterprise
* Kingston DataTraveler BlackBox
* Verbatim Corporate Secure USB Flash Drive
* Trek Technology ThumbDrive CRYPTO
All of the above companies reacted immediately. Kingston offered replacement drives with a different security architecture. SanDisk, Verbatim, and Trek released patches.
Remote management
In commercial environments, where most secure USB drives are used,[ a central/remote management system may provide organizations with an additional level of IT asset control, significantly reducing the risks of a harmful data breach. This can include initial user deployment and ongoing management, password recovery, data backup, remote tracking of sensitive data and termination of any issued secure USB drives. Such management systems are available as ]software as a service
Software as a service (SaaS ) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software.
SaaS is con ...
(SaaS), where Internet connectivity is allowed, or as behind-the-firewall solutions. SecureData, Inc offers a software free Remote Management Console that runs from a browser. By using an app on a smartphone, Admins can manage who, when and where USB devices were last accessed with a complete audit trail. Used by Hospitals, large enterprises, Universities and the federal government to track access and protect data in transit and at rest.
See also
* Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1 ...
(HIPAA) (Moving confidential data requires encryption.)
* Cruzer Enterprise Developed by SanDisk, the Cruzer Enterprise was an encrypted USB flash drive. This secure USB drive imposed a mandatory access control on all files, storing them in a hardware-encrypted, password-protected partition. The Cruzer Enterprise is designe ...
* Data remanence
Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting o ...
* IronKey
IronKey is the brand name of a family of encrypted USB portable storage devices owned by Kingston Digital, the flash memory affiliate of Kingston Technology Company, Inc.
History
From 2005 to 2012, IronKey was an Internet security and privacy com ...
* Kingston Technology
Kingston Technology Corporation is an American multinational computer technology corporation that develops, manufactures, sells and supports flash memory products, other computer-related memory products, as well as the HyperX gaming division ...
References
External links
Analysis of USB flash drives in a virtual environment
by Derek Bem and Ewa Huebner, Small Scale Digital Device Forensics Journal, Vol. 1, No 1, June 2007 (archived from the original on 19 October 2013)
* Dataquest insight: USB flash drive market trends, worldwide, 2001–2010, Joseph Unsworth, Gartner, 20 November 2006.
Computerworld Review: 7 Secure USB Drives
by Bill O'Brien, Rich Ericson and Lucas Mearian, March 2008 (archived from the original on 17 February 2009)
* , by Karsten Nohl and Jakob Lell
{{DEFAULTSORT:Usb Flash Drive Security
USB
Disk encryption
Non-volatile memory
Solid-state computer storage