1. Field of the Invention
This technology relates to computer authentication of a local storage peripheral.
2. Description of Related Art
The storage capacity of USB pen drive increases by roughly 50% every year. With the advent of USB 3.0 technology, the USB pen drive data transfer rate is ten times faster than before and can go beyond 300 MBps. It is increasingly attractive for many people to carry all their personal or company data around in a tiny pen drive. It is convenient, environmentally friendly and can improve productivity.
Yet, this trend is also very dangerous from a security standpoint as many people lose their pen drives every day. The confidential information stored in the lost or stolen pen drives may be read by anyone, including strangers, identity thieves and competitors.
One common solution is to employ full-disk encryption based on hardware-based AES-256 or other encryption algorithm. No one can access the information inside the encrypted partition unless she knows a correct password. This approach is simple, fast and seemingly safe as AES-256 itself is fairly difficult to break. Unfortunately, computer hackers are notoriously good at guessing user passwords. While the encryption algorithm (e.g. AES-256) may be secure, many human-generated passwords are not. Oftentimes many people recycle similar passwords for all applications. Some use simple passwords from dictionary or based on their birthdays.
Even if we force users to enter a strong password (e.g. equivalent to a 256-bit random number), many of them simply record their passwords down on a piece of paper. This arguably is even worse for two reasons:
Because the user has to carry the paper with her (e.g. in office or outside), a thief can steal the pen drive and the paper at the same time.
When the user misplaces her paper, all information inside the drive is permanently lost.
One enhancement to the first solution is to use file-system-level encryption on top of full-disk encryption. Although the additional passwords can improve security, file-system-level encryption is typically very slow because they are software based. This drastically reduces productivity and defeats the purpose of high-speed USB 3.0 interface.
Another solution is to incorporate a biometric reader in a pen drive. The user cannot access the data unless she has the correct biometric features (e.g. fingerprint). An optional password may be required depending on implementation.
In existing security systems the authentication is performed sequentially: Credential 1 is authenticated; if authentication is successful then credential 2 is authenticated, if authentication is successful then credential 3 is authenticated, and so forth.
A problem with this approach is that the data associated with the authentication of each credential is stored separately from other credentials. This leads to a much greater risk of unauthorized attacks on each credential, separately, with or without knowledge of the other credentials.
For example, if one of the credentials is the user password, the associated authentication data is, typically, a hash value. Given knowledge of the implementation and physical access to the portable storage device, it is quite feasible for an attacker to recover the original raw password from the stored hash value. Typically, this would be achieved through a dictionary attack where a large set of common words, names, letter-number combinations, and commonly-used passwords are entered, one at a time, into the hash function in an attempt to find a match with the stored hash value. For passwords with high entropy, this approach will not work, but when it is considered that most users employ simple, low entropy, passwords, this form of attack is quite feasible.
In some basic security systems, credential authentication forms the only barrier to unauthorized access, i.e. the user data is stored unencrypted, and once authentication is passed, the host is allowed access to the stored user data. An attacker who has physical access to the device and knowledge of the implementation can easily recover the user data, even without any security credentials.
In some other security systems, in addition to credential authentication, the user data is stored encrypted. However, the cipher key that is used to encrypt the user data is stored on the device in an unencrypted form. An attacker who has physical access to the device and knowledge of the implementation can easily recover the user data after decrypting with the stored cipher key.
In yet other security systems, in addition to credential authentication and user data encryption, the user data cipher key is encrypted using a single credential. This approach is quite secure; however, if the raw credential has low entropy, such as a typical user password, there is a risk that the raw credential be recovered by using a dictionary attack on the encrypted user data. This can be achieved by decrypting the encrypted cipher key using each candidate password, separately, from the dictionary, to form a candidate cipher key. This cipher key is then used to decrypt the encrypted user data. The decrypted user data is then analyzed for intelligibility. If the data is deemed intelligible, then the corresponding candidate password matches the original user password used to encrypt the user data. This form of attack is only feasible if the unencrypted user data is already known or has a regular structure, such as a plain text file.