DESIGNING SECURE USB-BASED DONGLES



Similar documents
Digital Multiplexer and Demultiplexer. Features. General Description. Input/Output Connections. When to Use a Multiplexer. Multiplexer 1.

PSoC Programmer Release Notes

PSoC Creator Component Data Sheet. Calculation accuracy 0.01 C for -200 C to 850 C temperature range

PSoC Programmer Release Notes

Scanning Comparator (ScanComp) Features. General Description. Input/Output Connections. When to Use a Scanning Comparator. clock - Digital Input* 1.

Thermistor Calculator. Features. General Description. Input/Output Connections. When to use a Thermistor Calculator 1.10

PSoC Programmer Release Notes

Designing an efficient Programmable Logic Controller using Programmable System On Chip

Imation Clip USB 2.0 Flash Drive. Imation Drive Manager Software. User s Manual

PSoC Programmer Release Notes

Hi-Speed USB 2.0 Flash Disk. User s Manual

How to Encrypt your Windows 7 SDS Machine with Bitlocker

New Technologies Bridge the Gap Between Custom ASICs and ARM-Based Microcontrollers

How To Secure An Rsa Authentication Agent

Comparison of 2.4-GHz proprietary RF and Bluetooth 4.0 for HIS applications Page 1 of 6

CAPACITIVE SENSING MADE EASY, Part 2 Design Guidelines

RSA SecurID Software Token Security Best Practices Guide

AN10860_1. Contact information. NXP Semiconductors. LPC313x NAND flash data and bad block management

2.6.1 Creating an Acronis account Subscription to Acronis Cloud Creating bootable rescue media... 12

USB Flash Memory TransMemory-EX II TM

How Drive Encryption Works

How Endpoint Encryption Works

Intel Data Migration Software

Corsair Flash Voyager USB 2.0 Flash Drive UFD Utility User s Manual

Windows BitLocker Drive Encryption Step-by-Step Guide

White Paper: Whole Disk Encryption

TPM. (Trusted Platform Module) Installation Guide V for Windows Vista

Samsung KNOX User Guide KNOX for Consumers Edition

Pretec 34-in-1 Card Reader USIMEditor User s Manual. User s Manual

System Requirements. Installation. Microsoft SQL Express 2008 R2 Installation

BitLocker To Go USB Flash Drive encryption User Guide

DUAL MONITOR DRIVER AND VBIOS UPDATE

Imation LOCK User Manual

Printer Driver Installation Manual

USIMEditor User s Manual

Dell InTrust Preparing for Auditing Microsoft SQL Server

PGP Portable Quick Start Guide Version 10.2

USB. 16MB~2GB JetFlash. User s Manual

Samsung Portable SSD T1

AN2358. Manchester Decoder Using PSoC 1. Introduction. Contents. Manchester Code Principle

Operating System Installation Guide

Application Note Gemalto Access Client for windows smart card and EFS on Microsoft Windows Vista

Symantec Drive Encryption for Windows

C. System Requirements. Apple Software is supported only on Apple-branded hardware that meets specified system requirements as indicated by Apple.

Terms of Service. Your Information and Privacy

Trusted Platform Module (TPM) Quick Reference Guide

Managing Remote Access

Notes on Windows Embedded Standard

USB Thumb Drive. Designer Reference Manual. HCS12 Microcontrollers. freescale.com. DRM061 Rev. 0 9/2004

QuickBack. User s Guide

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

TotalShredder USB. User s Guide

NVIDIA GRID 2.0 ENTERPRISE SOFTWARE

Production Flash Programming Best Practices for Kinetis K- and L-series MCUs

HyperFS PC Client Tools

istar User Manual for Comsol USB Flash Drive

Temperature & Humidity SMS Alert Controller

How to Guide FUJITSU COMPUTER PRODUCTS OF AMERICA, INC E. Arques Ave., Sunnyvale, CA, Telephone: Facsimile:

BitLocker to Go: Encryption for personal USB flash drives (Windows 7 and 8)

TPM. (Trusted Platform Module) Installation Guide V2.1

SyAM Software* Server Monitor Local/Central* on a Microsoft* Windows* Operating System

CP2110-EK CP2110 EVALUATION KIT USER S GUIDE. 1. Kit Contents. 2. Relevant Documentation. 3. Software Setup

Samsung Drive Manager User Manual

Crestron VMK-WIN TouchPoint Virtual Mouse & Keyboard Software for Windows Installation Guide

HP Notebook Hard Drives & Solid State Drives. Identifying, Preventing, Diagnosing and Recovering from Drive Failures. Care and Maintenance Measures

LaserJet USB Walk Up Printing

Using the FX3 SDK on Linux Platforms

GENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE

Cloning Utility for Rockwell Automation Industrial Computers

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

CCA DSS SP 2 Release Notes. For Microsoft Dynamics GP v10.0, v2010 and v2013

Samsung Magician v.4.5 Introduction and Installation Guide

Best Practices for Installing and Configuring the Hyper-V Role on the LSI CTS2600 Storage System for Windows 2008

Automatic Drive Locking: Securing Digital Content Storage in the Digital Home

Resetting USB drive using Windows Diskpart command

WHITE PAPER. HP Guide to System Recovery and Restore

Security Industry Market Share Analysis

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

Recovers Lost or Deleted Pictures from: Any Memory Card Type Any Brand Using Any Mass Storage Reader

Digi Connect Wan 3G Application Guide Update the firmware, backup and restore the configuration of a Digi Connect Wan 3G using a USB flash drive.

USB 2.0 Flash Drive User Manual

User Manual. 2 ) PNY Flash drive 2.0 Series Specification Page 3

Using RAID Admin and Disk Utility

Mobile App User's Guide

Aras Innovator 11. Platform Specifications

USB Flash Drive User Guide

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Guidance on the Use of Portable Storage Devices 1

AN3354 Application note

NetDisk & NetDisk Mini

GENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE

BlackBerry Desktop Manager Version: User Guide

We suggest you retain a copy of these End User Terms of Use for your records.

APPLICATION NOTE. AT07175: SAM-BA Bootloader for SAM D21. Atmel SAM D21. Introduction. Features

2.8.1 Creating an Acronis account Subscription to Acronis Cloud Creating bootable rescue media... 16

User Manual. Copyright Rogev LTD

DriveLock and Windows 7

Using the RS232 serial evaluation boards on a USB port

Hi-Speed USB Flash Disk User s Manual Guide

Operating Instructions - Recovery, Backup and Troubleshooting Guide

Transcription:

DESIGNING SECURE USB-BASED DONGLES By Dhanraj Rajput, Applications Engineer Senior, Cypress Semiconductor Corp. The many advantages of USB Flash drives have led to their widespread use for data storage through every industry. However, given that these drives are highly portable, care must be taken to protect private and sensitive data from theft and accidental loss of the drives. USB Flash drives which implement security features are generally called USB Secure Dongles or Secure Dongles. There are various ways to design a secure dongle and the best secure dongle for a specific application balances system cost with the level of security required for a particular application. This article will describe techniques for designing secure dongles. USB Flash Drive Architecture A USB Flash drive consists of two main components (see Figure 1): a USB mass storage controller and non-volatile memory (storage media). Most USB Flash drives employ a two-chip architecture. The USB mass storage controller integrates USB functionality with the transceiver, storage controller, and optional interfaces for LEDs, switches, etc. The storage media is used to store user data, like files and folders. NAND Flash or Managed NANDs are most commonly used as storage media. The USB mass storage controller acts as a bridge between the storage media and USB host. It perform various tasks which can be roughly divided into three functions: 1. USB Mass Storage Class (MSC) Management 2. Storage Media Management 3. Peripheral Control (optional) The USB Flash Drive uses the USB Mass Storage Class over two bulk end-points to communicate with the Host. The USB mass storage controller is responsible for USB enumeration and MSC handling. If SLC/MLC NAND is used as the storage media, then storage media management involves wear leveling, bad block tracking, Error Correcting Code (ECC) protection, and NAND interface handling. If managed NAND is used as the storage media, then wear leveling, bad block and ECC are managed by the NAND itself. In a generic USB Flash Drive, access to memory is transparent to the USB controller and host and there is no control over it. DESIGNING SECURE USB-BASED DONGLES Page 1 of 7

Secure Dongle for Personal Storage USB flash drives are widely used for carrying personal data can be protected by simple security such as a password. Software is available on the Internet for more advanced forms of data protection. This software can be used with any generic USB Flash drive to make it password protected but there are security vulnerabilities to such an approach: The data or security software on the drive can be easily erased by reformatting it. Special software needs to be preinstalled on the PC to access the data. To access the drive from a new system, this software must first be downloaded from the Internet and installed, thereby limiting the convenience of using a Flash drive. An alternative approach is for the Flash drive to carry any security software required to access data in a separate partition which cannot be erased. This can be done without any additional hardware provided the USB Mass storage controller has the flexibility to be able to partition memory and then control access to each memory partition. Controllers on the market today, such as Cypress s West Bridge Astoria and NX2LP, are available which have features like these. As per the USB MSC spec, a Flash drive can have as many as sixteen logical units (LUNs). These appear as separate drives to the USB host. The logical unit can be removable, read only (ROM) or read/write enabled. As shown in Figure 2, the storage media needs to be divided into three LUNs for a protected scheme: One ROM LUN as big as necessary to store the secure application One or more read/write LUNs for user data One hidden block, accessible only to the USB Mass Storage Controller firmware, to store passwords, disk status, and other identification data. The secure application uses a SCSI Pass-Through mechanism to communicate with the Flash drive to lock the user LUN, unlock the user LUN, erase the user LUN, and set the password. The MSC allows SCSI Pass-through (SPT) commands from the USB host. The SPT mechanism can also be used to handle non-mass storage activities from the host like setting the password, locking the dongle, and verifying the password for unlocking the Dongle. Below is a step-by-step description of secure dongle behavior when connected to a Windows PC. DESIGNING SECURE USB-BASED DONGLES Page 2 of 7

Device Enumeration: When connected to a Windows PC, the Flash drive enumerates as a standard mass storage device. Two additional disks appear in Windows Explorer:* A CD-ROM disk of around 5MB size that contains the secure application A user disk in locked state that prevents the disk from being opened The size of the user disk is the size of the storage media being used minus the size of the secure application partition. At this stage, all read and write operations to this disk from USB host are blocked by the firmware. If a user tries to access the disk via a Windows PC, it will pop up the notification, Please insert the disk. * If the Flash drive is connected for first time to the Windows PC, the standard procedure for installing the mass storage drivers needs to be followed. Auto Run : Secure App: Device enumeration as described above is a quick process that is transparent to the user. When the device is connected to the PC, the user sees the SecureApp Window first (see Figure 3). This Demonstration Application (SeureApp) use SPT commands to identify, unlock, lock, and erase the user disk. This App is stored in the CD-ROM partition of the dongle along with the autorun.inf file (see Figure 4). The autorun.inf file contains following two lines which run the SecureApp automatically when the dongle is connected. [autorun] OPEN=SecureApp.exe DESIGNING SECURE USB-BASED DONGLES Page 3 of 7

Device Identification: When the SecureAppis starts, it checks the status of the device by sending a status SPT command. When the device receives a status command, it determines whether it is communicating to the correct device. It also retrieves the configuration of the device such as whether password is set or not. If the password has not been set before for the device, then any user partitions are accessible for read/write without any authentication, and SecureApp asks the user to set the password (see Figure 5). User Authentication: If a password has already been set for the device, then the user is asked to provide the password to unlock the user disk. The user password is stored inside the storage media in a secure sector that can only be accessed by device firmware. Typing the password and clicking on unlock sends the password to the device using SPT. This password can be encrypted if desired. The device verifies the password internally and unlocks the media if the password is correct. File read/write operations are now allowed to the disk. Erase Password: If the user forgets the password, the data stored on the drive will be completely inaccessible. However, the dongle can still be used by using the Erase password feature to first delete all user data and then allow the user to set a new password. Advantages of this architecture: Low cost: no special hardware is required. Standard Mass storage driver: no special driver/software need to be installed on PC. Higher throughput: data transfers between the PC and dongle are uninterrupted since there no encryption is used to transfer data. This results, for example, in less time to transfer large video files. Secure Dongles for Medical Applications USB Flash drives are now being used to store medical information like: 1. Emergency data 2. Health records DESIGNING SECURE USB-BASED DONGLES Page 4 of 7

3. Lifestyle information 4. Prescription information 5. Miscellaneous data like X-Rays and MRI files Such a dongle contains public information that needs to be accessible to anyone, such as information that can be used in the case of an emergency. However, the dongle also contains private information that requires authentication to access. A dongle might also offer additional features like backup of data on a web server when connected to a PC with an Internet connection or formatted representation of data for printing or editing. A secure dongle with storage memory partitioned into three can be used for such an application: CD-ROM Partition for storing the application Standard (unprotected) read/write partition for storing publically accessible data like Emergency data A protected partition which can only be accessed after user authentication As shown in Figure 6, the hardware described in the section secure dongle for personal storage can be used here as-is. There is only change is in the way storage is managed to support the extra partition. Additionally, the application stored in the CD-ROM partition may need to offer additional functionality beyond the SecureApp such as an application to display health records in a printable format. Secure Dongles for Banking Well-known risks to Internet banking include key loggers, screen readers, root-kits, botnets, Trojan, spyware, malware, and phishing which compromise the user PC. One way to avoid these risks is to operate from a clean OS. Most of the latest PCs and laptops support boot from USB Flash drive where user can use the system without launching the OS on the system hard DESIGNING SECURE USB-BASED DONGLES Page 5 of 7

drive. Such an OS boots quickly and can be read-only where any other application other than those built into the Flash drive cannot be installed or run. An example implementation for such an architecture is shown in Figure 7. It contains the following different units/features: 1. USB Mass Storage Class(MSC) Management 2. Storage Media Management 3. Finger Print sensor(optional) 4. Unique ID 5. Tamper Proof 6. Encryption unit. USB Mass Storage Class (MSC) Management: For the PC/laptop to boot from the USB disk drive, the drive must comply with the USB Mass Storage class. The dongle should enumerate as Read-Only device. This protects the OS and the drive from any intended or unintended corruption. Storage Media Management: The storage media used here can be NAND Flash or SD-MMC based Managed NAND. The media should be portioned into a read-only partition for storing the OS and another hidden partition for storing secure data like the server ID, user ID, finger print data, etc. Any write access to the read-only partition and read/write operations to hidden partition from the USB host should be blocked by the storage media management unit. The hidden partition is accessible internally to the device only. It is also a good idea to use encryption for storing secure data in the hidden partition. DESIGNING SECURE USB-BASED DONGLES Page 6 of 7

Finger Print Sensor: Access to the banking server is handled by the dongle but before the dongle begins communicating to the Banking Server, it first authenticates the user. User authentication can be done in multiple ways e.g. providing a password (PIN), figure print info, etc. A finger print sensor is more secure than a password mechanism but it comes at extra cost. The password/finger print info provided by the user is verified by the dongle using the information stored in the hidden block. Considering the level of security required for banking applications, these dongles should be tamper-proof and non-clonable. Device cloning can be avoided by implementing a unique ID in device hardware. Battery-powered mechanisms can be used to make the dongle tamper-proof. Such a mechanism should erase the entire dongle data if any unauthorized activity is detected. Cypress Semiconductor 198 Champion Court San Jose, CA 95134-1709 Phone: 408-943-2600 Fax: 408-943-4730 http://www.cypress.com Cypress Semiconductor Corporation, 2007. The information contained herein is subject to change without notice. Cypress Semiconductor Corporation assumes no responsibility for the use of any circuitry other than circuitry embodied in a Cypress product. Nor does it convey or imply any license under patent or other rights. Cypress products are not warranted nor intended to be used for medical, life support, life saving, critical control or safety applications, unless pursuant to an express written agreement with Cypress. Furthermore, Cypress does not authorize its products for use as critical components in life-support systems where a malfunction or failure may reasonably be expected to result in significant injury to the user. The inclusion of Cypress products in life-support systems application implies that the manufacturer assumes all risk of such use and in doing so indemnifies Cypress against all charges. PSoC Designer, Programmable System-on-Chip, and PSoC Express are trademarks and PSoC is a registered trademark of Cypress Semiconductor Corp. All other trademarks or registered trademarks referenced herein are property of the respective corporations. This Source Code (software and/or firmware) is owned by Cypress Semiconductor Corporation (Cypress) and is protected by and subject to worldwide patent protection (United States and foreign), United States copyright laws and international treaty provisions. Cypress hereby grants to licensee a personal, non-exclusive, non-transferable license to copy, use, modify, create derivative works of, and compile the Cypress Source Code and derivative works for the sole purpose of creating custom software and or firmware in support of licensee product to be used only in conjunction with a Cypress integrated circuit as specified in the applicable agreement. Any reproduction, modification, translation, compilation, or representation of this Source Code except as specified above is prohibited without the express written permission of Cypress. Disclaimer: CYPRESS MAKES NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Cypress reserves the right to make changes without further notice to the materials described herein. Cypress does not assume any liability arising out of the application or use of any product or circuit described herein. Cypress does not authorize its products for use as critical components in life-support systems where a malfunction or failure may reasonably be expected to result in significant injury to the user. The inclusion of Cypress product in a life-support systems application implies that the manufacturer assumes all risk of such use and in doing so indemnifies Cypress against all charges. Use may be limited by and subject to the applicable Cypress software license agreement. DESIGNING SECURE USB-BASED DONGLES Page 7 of 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information