Secure USB Drives Aren’t

January 8, 2010

My grandfather used to describe a particular brand of fairly flimsy locks as “the kind of locks that keep honest people out.”  It seems that some of the “secure” USB flash drives on the market fall into the same category.  According to an article in The H Security (affiliated with the German publication Die Heise), the German security testing firm SySS GmbH has found a fundamental implementation weakness in the encrypted flash drive DataTraveler Black Box, marketed by Kingston Technologies.  The same flaw apparently exists in two rival products, the SanDisk Cruzer Enterprise FIPS Edition and the Verbatim Corporate Secure FIPS Edition.

These devices are advertised as meeting the security requirements for the FIPS 140-2 Level 2 certificate, by using AES 256-bit hardware encryption.  As Bruce Schneier has suggested, many customers probably have little to no knowledge of what FIPS 140-2 actually means, but just assume that “this crypto thingy is certified, so it must be secure.”   In fact, the cryptographic implementation suffers from a basic implementation blunder in password verification.

In a paper [PDF] published by the company, researchers describe the password entry and verification process used by these devices.  A key aspect of the vulnerability is that this processing is done on the “host” PC — that is, the PC to which the flash drive is being attached.  In essence, it appears that the method of verification uses the password as a key to encrypt a constant byte string, the encrypted value of which is stored on the flash drive.  Subsequent attempts to use the drive decrypt the stored string using the entered password; if the decrypted value equals the known constant value, access is allowed.  The SySS researchers were able to produce a “proof of concept” attack, in which the verification program is hacked to always return a successful comparison.  (There is much more detail in the paper itself.)  So the use of the very secure AES-256 algorithm is basically meaningless, since the system can be successfully attacked at the password verification stage.

This is another example of why “buzzword compliance” is not an adequate standard for purchasing technology products of even moderate complexity.  You really do need to know what you are buying — regardless of what the vendor’s marketing department says.

%d bloggers like this: