[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

USB Stick U3 Security; What is it, whats needed?

Posted on 2006-04-06
9
Medium Priority
?
5,944 Views
Last Modified: 2012-05-05
Greetings Experts!

I need to supply 8 secure USB sticks to top level managment. I have not decided what level of security; username/password, encryption or a combination of both. The bigger challenge lies with the users/usability.

Not to be demeaning but we are talking about "technical idiots" as users. This is OK with me, top managers have other things to worry about other than IT related issues. Like putting gas in a car and driving away; They don't want to know all the technical details on the engine and drivetrain! At any rate, I need the sticks to therefore be "idiot proof". The users should, in case of emergency, be able to access their documents from any given PC (XP/2000; maybe Win98).  

I have looked at simple USB sticks and the possibility of installing add-on "portable software" on the stick. However those that I have looked at require either Admin rights to install the set-up software OR Admin rights to run the portable take with software. One perfect exception is TrueCrypt. It works like a charm for me BUT as stated above it must meet the "idiot proof" criteria.  There is no way to train the older generation of management on how to  use this software. They simply will not understand virtual drives, devices, or how to mount a said partition or encrypted file. Period.   If you move or delete an icon on their desktop, they panic. TrueCrypt is a fine program but in my opinion is not for the non-technical user.

So recently I have taken a closer look at the U3 USB Sticks.  So far so good regarding the simplicity and the fact of not needing Admin rights to launch the stick(unless I overlooked something). However, It does not end there. All the manufacturers speak about security on their sticks but no where is it explained how or what level of protection the basic password offers on the stick. Bruce Schneier calls it "Security through obscurity". OK, so the stick can be password protected. So what. How where is the hash stored? Is this level enough for say classified (level 1; out of 3) documents?

The password only obviously does not seem to be enough if one looks at the crypto programs that are offered for U3. Are these really needed? In looking at the U3 Crypto progs; so far, so bad! None of these pass my idiot proof criteria, at least not the ones I have looked at. Complicated to configure; complicated to remember the steps.

1. Does anyone have any ideas for an "idiot proof" solution?
2. Does anyone know the level of security that the U3 password offers?
3. What are your experiences?

For any help, I'll be eternaly indebted...
Regards
Dr Dude
0
Comment
Question by:DrDude1
9 Comments
 
LVL 22

Expert Comment

by:dovidmichel
ID: 16393226
Easy USB drive with fingerprint recognition. Here is one just to show you what I am talking about.

http://www.computergear.com/thumusbdriv2.html

To anyone else but you with this smart 2.0 USB memory drive with 256MB that uses fingerprint recognition technology to keep your files secure and private.

0
 
LVL 3

Accepted Solution

by:
RiDo78 earned 1200 total points
ID: 16408593
Check this one: http://www.kingston.com/flash/dt_elite.asp?id=2

The data is encrypted with 128 bit AES and accessible only with a password.
As far as I can tell you don't need administrative privileges to login or out the privacy-zone. (At least I don't need them using Windows XP)
0
 
LVL 4

Assisted Solution

by:samb39
samb39 earned 300 total points
ID: 16410358
You can install optional security software on the U3.  Here is a list of them all:

http://software.u3.com/ProductCategoryList.aspx?CategoryId=8&Selection=6&lang=en-US

Several look interesting:

Cryptomnemo uses pictures instead of a password:

http://www.everythingusb.com/mnemonic_cryptomnemo.html

e-Capsule Private Safe looks very secure
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:DrDude1
ID: 16410418
@@RiDo78--From the link you sent Kingston states, "For ease of use and personalization, My Traveler software helps you organize the DataTraveler's contents, set language preferences and synchronize files with the host device."  Q. is this software needed? Or is the stick plug and play without it, like U3. This where I have always run into problems. Additional software needed; and almost always admin rights to install!

@@samb39--Yes, I have looked at the list and as a matter of fact DL'ed mnemonic. During the installation, it does not fit the "idiot proof" concept of mine. It needs an internet access to get a trial license. And by the look of it ,internet access to add a purchased key. The damn trial sign up would not even recognize our proxy setting and therefor i was unable to finish installing the tril software. I worked around this by taking my laptop home, putting it on MY private net, disabling the company prox setting and finished the install.  This is a BS workaround that definately does not work for a corporate setting. After starting Mnemonic it asked for three passwords. Are they insane?? Do they really expect the users i described above to comprehend and remember all these PWs???

I forgot to mention i was looking at this: http://www.bioxs.nl/shop/Hardware/Logical-access/USB-Memory/Stealth-MXP/
Most imortantly they state: "The Stealth MXP makes use of a patent pending user-mode communication protocol providing true zero footprint mode – no software installation and no administrator rights required on the host PC."

Then i know at what level ALL data on the stick is securd by, right from the get-go. It is not available yet but hopefully I will get one soon to test.  
0
 
LVL 3

Expert Comment

by:RiDo78
ID: 16411196
@DrDude1: Yes, the software is required but can be divided in two parts. The first part is the management software that prefers (not requires) te be installed on the machine. With this software you can manage the stick (eg. define how large the encrypted part should be). It is NOT required for daily use.

The second part can be found twice on the stick itself (once in the secure part and once in the on-secure part) and does not require installation. This software is required to switch to the secure-part of the stick and back. If you switch to the secure part, a password is required. After (I thougt) 30 false attempts, the stick erases the data stored on it.

Although you can change the size of the secure part, I suggest to use the entire stick (minus 1 Mb for its own software) so the non-technical managers do not open an document on the non-secure part and then wonder why they can't switch to the secure part with the document open. (The non-secure part and the secure part share the same driveletter. The software basically remounts the USB-drive).
0
 
LVL 3

Expert Comment

by:RiDo78
ID: 16486642
I found something else: http://www.safeboot.com/products/usb.html 
0
 

Author Comment

by:DrDude1
ID: 16487260
RiDo78:
Just by chance i have been in contact with safeboot here in Germany. While visiting the CeBit they were one of the first stands i visited. Come to find out, the safeboot USB is also part of a software installation suite. Their Rep is the one who pointed me to the Stealth-MXP. They should be offering it now(or soon I was on vacation and did not make follow-up contact yet).

My major problem is that I need to configure the sticks one time and hand them out at a meeting to 8 individuals who are working around the globe. No room for error, no wish for anything complicated(reminds me of going from a carburator that could be adjusted with a screwdriver, to all the electronic injection systems that need expensive computers and experts to tune them. They call this progress. Perhaps we should all just carry a piece of paper and a pencil).

Anyway, we are leaning more towards anyone of the U3 conform sticks; no particular brand. The cool thing is that we can install Open office; that way if the host computer does not have MS office at least the execs can access the Docs/XLs files.

I password protected my U3 stick and re-inserted it with out putting in the password. If i click on the removable dirve part, it says access denied. Seems OK to me, but my real concern is what level/type of protection is being used here?  I had read that the U3 acts as a normal USB removable drive when inserted on a non MS machine. I booted the latest Knoppix 5.0 and it did not mount or find the stick. Perhaps the U3 simple protection is enough for the casual user? Like a simple person who would find the stick on the seat in an airport. How much troulbe/effort would they go through to hack the stick? After disscussin with my boss, it seems that the password with U3 might be enough for the information on the stick. We are not talking military secrets here. What I dont want to happen is that later the users come and say the level of protection is not enough; that is why I was thinking about the Stealth-MXP.

@RiDo78 and samb39; i have not really gotten the answer i was looking for but I think all of our Q. and A. could benefit others. Therefore I will slipt the points 400/100 accordingly. Hope you agree.
0
 
LVL 3

Expert Comment

by:RiDo78
ID: 16489570
Hi again,

I'm sorry that we could not be of any more help. Honestly said, how you divide the points is your business and I don't mind how you do it. For me the points do not have a real value, their just a number.

One last thing though, I don't know how good your linux-skills are, but most (if not all) USB sticks (U3 or not) can be treated like an ordinary removable storage device. So if you say that Knoppix did not find the stick at all, I would say that there's something wrong with the distro or your knowledge of the distro or Linux is not sufficient.  I own several sticks:
- unknown-brand, 64 Mb on my keychain. It contains my private key for world-wide access to my PC at home, the public host-certificate and Putty.
- Kingston Datatraveler II plus migo, 2 Gb for carrying applications (like firefox), desktopsettings and a couple of documents.
- Kingston Datatraveler Elite 512 Mb used for senitive data
Apart from those I've used many other USB-sticks as well. On ALL of them the unsecured part could be mounted under Linux (SuSe 9.2). The secured part remained hidden.
0
 

Author Comment

by:DrDude1
ID: 16505609
RiDo78,

I admit, my Linux knowledge is very basic. One cannot be an expert at everything :-) although some claim to be. A Jack of all trades, and Master at none. LOL Anyway, that is why i use the Knoppix. It is basically "Idiot Proof". As you stated, it will find/mount ordinary USB sticks as removable storage. It does do this with my Corsair stick but not the U3 configured stick. I tried them side-by-side. KPx finds the "open" one, but the other U3 is not seen.

I just ordered 10 Kingston U3 Smart Data Travelers.  The "basic" password protection will do for now. However, I will pursue the quest of trying to find out just how this pw protection works and on what basis it operates. Should our execs desire added encryption, as samb39 suggested, I can always add Cryptomnemo later. According to the Project leader, the execs will not be carrying top secret documents. At the same time, I donnot what them to have a false sense of security! Most would not understand the difference. All they think is that if they have to put in a password, it must be secure(kinda like Win9x...LOL).

take care and thanks for your help!
DrDude
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your phone running out of space to hold pictures?  This article will show you quick tips on how to solve this problem.
Article by: evilrix
Looking for a way to avoid searching through large data sets for data that doesn't exist? A Bloom Filter might be what you need. This data structure is a probabilistic filter that allows you to avoid unnecessary searches when you know the data defin…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month20 days, 5 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question