Everyone needs access to data, whether it is online or offline. Sometimes, there is a need to transfer data between two devices (hopefully both with encrypted storage).

Sometimes, you are an unprivileged user and cannot install software (better: you – as a security expert – always work as an unprivileged user, even on your home computer, and sometime you do not have the ability to go in privileged mode).

This is the time where the workarounds are pretty creative. In these situations, you are under pressure (you have to present something and your VGA adapter is in the office, so transfer the presentation (or, just to make sure everything will work, the whole directory) to the first computer you can attach to the projector using the first USB key you get): data exposed for a short period of time may remain as a copy on a USB key where the files were just deleted. Do you use a FIPS eraser to clean the files?

Time, urgency, pressure may lead to errors and finally to unprotected data.

In recent years, TrueCrypt has helped us to keep data secure, but still requires the user to work rigorously, requires the ability to run software on a device, expose the pass phrases to keyboard sniffing attacks and is limited to some device+OS combinations.

Protecting the Data

I have tried different solutions over the years, and – finally – last June, I spent around 160 Swiss Francs and ordered a Carbide USB Stick, a USB key with hardware encryption.

Pros

Basically, if you work rigorously, it keeps data relatively secure (note that even if you leave the data on the stick, the process of the data is in the computer memory, swap etc. but your HD is encrypted!).

The device has following features:

• Encryption Type: AES 256CBC
• PINs: 7 to 15 digit admin and user PINs, alphanumeric keypad
• Tamper Resistant: Tamper evident construction, brute force hack resistant
• Everything Proof: Water, Dust, Shock & Tamper Resistant
• Drivers and Software Required: None
• Certification: FIPS Security 140-2 Level 3 Certified (Certificate number 1873)
• Certification: IP57 (#LVD-D120789COC), MIL-STD-810F

Unlike most encrypted drives that only work with specific combination of devices+OSs, the physical PIN code entry on the side of the drive allows for universal compatibility. You can unlock the key using the keypad and stick in the USB device port in the next 30 minutes. The computer or Android devices or television recognizes it as a normal USB key.

Remove the device (physically or virtually) and the drive is locked.

In addition to the physical and security defenses of the Carbide drive, the drive is also protected from viruses by ClevX DriveSecurity™ powered by ESET. Carbide includes a full 5-year license for DriveSecurity.

Contra

I found just one problem: the speed. If you work on Word documents, then the delay is noticeable; in this case the temptation to make a temporary copy on the desktop is irresistible.

Benchmarked Speed: 10MB/s and up, comparable to other high-end FIPS-certified hardware-encrypted drives. Random read/write of small blocks comparable to non-encrypted retail drives. Your portable apps hum along just fine!

Summary

Why so serious about data security? It is very easy to lose data. And sometime you don’t know which data is lost.

If you need a secure portable storage, this is the only usable solution I know. If the key is lost, you can reasonably be secure that the data will be unreadable.

On the other side, with this device you can read data on each device reading normal USB keys.

References

• The World’s Best Flash Drive

About the Author

Rocco Gagliardi has been working in IT since the 1980s and specialized in IT security in the 1990s. His main focus lies in security frameworks, network routing, firewalling and log management.