Biometric Authentication

New Directions for Removable USB Mass Storage
By Larry H

Recent developments in USB mass storage are truly remarkable. The technology is convenient and powerful, but corporate executives are losing sleep not knowing how much intellectual property is lost or stolen through portable mass storage on the gigabyte scale. However, with the proper controls in place, the USB mass storage protocol can be harnessed for beneficial security uses. On-board capabilities of strong cryptography and authentication appearing on some devices today are the prime ingredients for a new direction in the evolution of USB mass storage; portable identity management and secure storage.

The development and adoption of removable USB mass storage is truly remarkable. Never before has it been so easy to move gigabytes of information around on a portable device that is small enough to clip onto a key chain. These pocket size devices are known as a jump drive, thumb drive, flash drive, USB drive or USB flash drive. These devices have large capacities and they can copy data at lightning speed. It’s hard to buy a USB flash drive these days with less than 128MB of storage and some devices can achieve data rates greater than 20MB per second. The technology is so convenient and powerful that we wonder how we could have lived without it. It’s unthinkable to use floppy disks for the amount of data that we need to carry around today. While the capacity of a CD-RW might be sufficient the procedure of inserting and “burning” simply can’t compete with the ease of plugging a flash drive into the USB port.

To deal with this issue, some organizations have disabled USB ports through the BIOS, while others have gone to the more extreme measure of filling the USB connectors with a thick epoxy adhesive. While this solves the problem it also prevents any beneficial uses of USB mass storage to be garnered. But what other functions are there for USB mass storage devices? Besides moving large amounts of data around at lightning speed what else could we be missing by banning their use? Surprisingly, there are very compelling advances to be gained in the security industry by properly harnessing the power and protocol of USB mass storage.

USB mass storage devices are evolving and we are starting to see many new features and behaviors that were never conceived when the USB mass storage specification was written. For example, many devices today offer encrypted storage so that if you lose your device, the information on it remains safe. Some flash drives even have fingerprint sensors and processors built in so that biometric authentication of the owner is required before the storage can be accessed. These are examples of some security driven extensions to the basic functionality of mass storage. The on-board capabilities of strong cryptography and authentication that we see on some of the more advanced devices are the prime ingredients for a new direction in the evolution of USB mass storage. That direction is Portable Security Devices that offer identity management and secure storage.