This year Infosec was awash with encrypted USB flash drives. This makes sense; lost USB drives are a major security problem. In fact flash drives are a major security problem, full stop.
Nearly all the flash drives I looked at had one major weakness – they’re tied to the Windows operating system (or Macintosh, and possibly Linux) in order to get data on and off. They have a special application to get the password from the user and supply it to the drive.
This may be considered a weakness, with a common criticism being that key loggers can capture the password before it can get to the drive. I’m actually not too worried about this because if the host has a key logger running then malware can just as easily access the drive itself, however the drive received its password in the first place.
However, having a Windows application required for access to the data is no good if you’re not always running Windows, and flash drives can be read from anything from a car radio to a photocopier. Even if you are reading it on a PC, the operating system of your choice will be upgraded in due course, but the application needed to access your data may not be.
After a bit of searching did find three genuinely OS-independent devices; the LOK-IT, the hiden Crypto Adapter and the Data Locker
This is a USB 2.0 hard disk, available in capacities ranging from 320Gb to 1TB. It’s a nice bit of kit, with a rubber bump-shell and a touch sensitive LCD panel for entering the codes to unlock it. Data is encrypted using hardware to AES CBC 128-bit or 256-bit depending on the model, and once the password has been entered the host system sees it as a standard drive. There are lots of nice features, like a randomized keypad so wear on particular keys doesn’t give the game away.
As it contains a 2.5″ drive it’s bulky compared to a flash drive, but it’s a huge capacity. If you really need to carry around such a large amount of secure data it’s a good choice. But at £400+VAT you’d be better off with something smaller if you don’t.
The Data Locker is made by Origin Storage in Basingstoke. They’ve been around since 2001 supplying OEM storage products, and aquired Amacom in 2006 – the brand used for Data Locker.
No standard rate telephone number available.
hiddn Crypto Adapter
This doesn’t actually store anything – it’s a USB to USB adapter with encryption. Basically you plug one end into the host machine and plug your standard USB flash drive, or USB HDD if you prefer, into the top. Then you load your encryption key using a smart-card in the slot below, enter your PIN and away you go. It doesn’t matter what the host or USB storage device actually is; the host sees a standard USB drive.
The unit is mouse-sized and works well on a desktop, but is a bit bulky to carry around on portable equipment. It’s also pricey, at £290+VAT.
This system actually makes a lot of sense as with two units permanently attached to desktop machines in different locations as you can use cheap, standard flash drives to transport the data – even post them – without the risk of data leakage if they’re lost in transit. Using the optional key management software it’s possible to duplicate the keys on the smart cards so encryption works at both ends
The Norwegian makers, hdd, have a range of other encryption products which are worth a look, using the same smart cards to hold keys. I shall be watching them with interest
+47 38 10 44 80
This USB flash drive is probably the solution for the rest of us. It’s simple. It’s a flash drive with a small keypad allowing you to enter a PIN to activate it. Powered by an internal battery, you’ve got 30 seconds after entering the password to plug it in, at which point it looks like any other USB drive to the host system. Activation status is indicated by either a red or green LED, and once the drive is pulled from the host it immediately returns to its encrypted state.
There are two versions available, one with a five-key PIN pad, and one with the full ten digits. Both have on-the-fly 256-bit AES encryption hardware. Apparently the ten-key version is more popular, but I liked the five-key because it had a draw-back USB cover you can’t lose.
If you enter the PIN incorrectly ten times the units wipe all their data and reset. This could be annoying, but it prevents access if they fall in to the wrong hands.
My only concern about these units is the robustness of the keypad, which is also a tad difficult to operate. It feels flimsy but may be okay. But with the 4Gb version costing just US$60 they’re a very cost-effective and practical solution. No UK distributor is available at the time of writing.