An encrypted flash drive could be handy for storing banking and financial information, passwords, confidential business documents or just personal information that is private to you. Not only can it be used for making backups, but it also means you can have it in an accessible way when you are at home, traveling, etc. I know it’s popular to use cloud services to store this and other information, but those big frameworks can have serious security vulnerabilities that are as yet undiscovered. Sometimes it’s best to keep really confidential stuff close, as in your front pocket or desk drawer close, and not stored off in a server where you are uncertain who really has access to it.
Good Encryption is Tough
Good encryption is tough. It’s not that modern encryption algorithms are bad (quite the opposite – most are so strong that breaking them is well beyond most ability at this point). It’s just that the developers implementing the algorithms, and the customers that use them daily, often are the weak point.
For instance, in 2010 SanDisk, Kingston and Verbatim had to recall supposedly “secure” USB flash drives when it was discovered the encryption was easily bypassed. The vendors thought it was a good idea to have the software signal to the key when it was OK to unlock. Problem is, an attacker could alter the software so it would do that without a correct password. Even worse, the vendors used the same encryption key for every single drive shipped. No high-security encryption will work with the same password on every device! And, it’s not the first time someone has done this either. Encryption is hard, but it’s even harder if you’re stupid.
USB Flash Drives – Convenient, but Dangerous
Flash drives are perhaps one of the most convenient ways to store data portably. However they are also huge security risks because they are easily lost, stolen, or compromised by unauthorized users with access (think grabbing it off a desk, duplicating it to their laptop, and then replacing it before anyone notices).
Given the above, security in a USB flash drive is critical. As for the security features, I want the key to be fully encrypted at all times and only readable when the correct security code is entered. Even better, if the key can have hardware encryption where I don’t need to load up a software application onto the host machine that is great. It’s just one less thing to go wrong. Also it’s extremely handy if you are plugging the drive into something that simply doesn’t have an operating system you can access to run programs. Think media player, display monitor/TV, etc. If you have pictures, music or video on the USB drive and want to show it on your USB enabled-TV or media player, you simply can’t load any software to decrypt the drive. The drive needs to do the decryption for you.
I’d also love for the drive to have a security mechanism that didn’t rely on me entering a password on a keyboard. I want the security code entry to be on the device itself. This can come in handy if I need to copy data from a machine I don’t trust and am worried about malware stealing passwords as I access the drive. Also, as noted above, a keyboard-less system that can take a USB drive could then use the drive but still have the data secure when you’re done.
Finally, a self-destruct mechanism should be present. Meaning that a casual, or even determined attacker can’t easily access the data. Either it prevents them from brute-forcing lots of access codes, or makes it hard to physically tamper with the device without destroying the encrypted data.
As it turns out, I found a USB flash drive that so far is meeting the above criteria:
Apricorn Aegis 16GB USB Encrypted Flash Drive (also in 4GB and 8GB versions)
Bring on the Apricorn Aegis
The Apricorn Aegis USB encrypted flash drive integrates a keypad with 256bit AES encryption and a tamper proof package. My impression so far is this:
Built In Keypad Stops Keyloggers
Built in keypad means threat of keylogger on untrusted system is reduced. It takes a PIN code of 7-15 digits settable by the user (and optional admin PIN to remedy lost PINs from users). The keys are easy to read and press. A wear-resistant material ensures attackers can’t determine what keys are most frequently pressed. PIN codes are easily changed.
Encryption in hardware means that there is no software piece on the host system that could be targeted for attack.
After 10 attempts the drive destroys the relevant cryptographic material needed to decrypt the device. Even with a correct code after 10 attempts, the encrypted material is not available. My initial test showed it worked for what it’s worth. Once the brute force protection is activated, the drive needs to be reformatted with a new PIN to work again as all the previous data will be inaccessible.
Apricorn is seeking FIPS 140-2 Level 3 certification. This standard basically says that approved algorithms are used and there is tamper resistance (https://en.wikipedia.org/wiki/FIPS_140-2). They also will certify the system at the component/software level to ensure it is cryptographically sound.
Excellent Build Quality and Good Performance
The flash drive has a built in cover with o-ring to give it water resistance and protects the keypad. The cover fits nicely and is machined aluminum. It also has a sturdy keyring attachment.
Drive performance is USB 2.0 which is OK for storing basic data. Copying larger files could take a little while, but for most documents it’s more than fast enough.
The maximum drive size is 16GB, which is fine for document storage. However, the price is high for the storage space provided compared to unencrypted USB drives. But with full hardware encryption, built in PIN pad, and FIPS certification (pending) it is reasonable. Build quality is very good as well.
Thwarts Evil Maids
The PIN is required to even get the computer to recognize it as a USB drive. Without the PIN the computer sees no USB drive is even attached. At first blush then, the Apricorn Aegis USB drive is doing more than just putting a big encrypted blob in world readable storage. The device is actually activating the USB controller logic onboard when a valid PIN is entered. This will discourage attempts to probe the USB data directly without authorization.
What this means is that an attacker couldn’t surreptitiously grab the drive, make an image of the entire thing, return the drive intact, and then take the stolen image elsewhere to run password cracking against it. It also helps prevent The Evil Maid Attack, where a drive is taken and malicious code inserted onto it to later grab passwords, etc. after being secretly returned.
It could probably be bypassed in hardware perhaps (happened with the Corsair USB drive by some Dutch hackers), but the Aegis is filled with a tough epoxy to make physical tampering very difficult without destroying the unit. With the Apricorn Aegis, the attacker would have a much harder time getting to the encrypted data undetected. Then they’d have the encrypted data to contend with on top of it even if they did get the drive to somehow mount. It’s just another layer of protection to consider. It would be difficult for someone to take this drive and insert malware onto it easily and in a timely manner without you knowing about it.
Since the drive is computer agnostic it can be formatted to any file system (comes as FAT32 which is cross-platform compatible). If you run Mac/Windows/Linux it should mount as an ordinary drive just fine once you enter the PIN.
The little PIN pad on the drive is handy because it means you don’t have to load any software. Just put in the PIN, wait for the green light, plug it in within 30 seconds and you have an encrypted drive. Once you unplug the USB key, the device locks down. Simple!
Simple and Easy, but Secure?
Overall I like the Apricorn Aegis USB flash drive. It’s nice not having to load up another piece of software to decrypt your data (like other encrypted USB drives). The PIN encryption is convenient and perhaps a reasonable tradeoff vs. the ability to put in very long pass-phrases in software like TrueCrypt. Assuming the designers did the encryption well, it should be fairly secure. There is not much technical data on the specifics of the implementation. I wish they’d release this (at least at a high level) and allow it to be reviewed. It’s the implementation that will make or break the device.
I’ll discuss this in a later post, but if you were to use this with a TrueCrypt encrypted volume stored on it, I suspect it would be basically impenetrable by just about anyone (even governments) when not mounted. I have some neat ways to use this with TrueCrypt that I’ll cover in the near future.
I could also see this being a good platform for a secure browser bootable system with Linux on untrusted systems as well. Enter your PIN, reboot the system into Linux off the USB, browse securely, check mail, etc. Shut down the system when you are done and when you pull the USB out it locks again and all the data is encrypted seamlessly. Pretty slick.
I’ll do a longer term report on this later. Today I loaded up a USB probe tool to do some deeper analysis and the probe software wrecked my system and I had to reload it entirely! Bummer. Based on their other secure hard drive products, which get good reviews, I’m thinking this USB flash drive may be a much better encrypted option than other attempts I’ve seen. Here’s hoping, because it really is a slick piece of gear to protect personal data if it works as advertised.