in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Software Encryption vs. Hardware Encryption: False Sense of Security?

Data encryption software is, without a doubt, one of the best ways to protect information stored in digital devices, including USB memory sticks.

However, not all agree: I ran across a whitepaper (link at the bottom) that claims that software encryption is a technological mismatch for flash storage, and that hardware encryption is the way to go.  Granted, the whitepaper is published by a company that sells USB flash drives that make use of hardware encryption, so it's not surprising.  And, some of their points are quite valid.  However, it appears to me that they've got some FUD going on as well.

Hardware Encryption Does Not Fall to Brute Force Attacks But Software Encryption Does?

According to the whitepaper, one of the supposed reasons hardware encryption is better than software encryption is that the former resists brute force attacks, whereas software encryption does not.  (A brute-force attack is where you try all possible combinations for gaining access; at some point, you've got stumble upon the right combo, be it tomorrow or ten million years from now).

This is a weird argument because brute-forcing for a hardware encryption key is also possible.  What am I missing here?  The entire argument seems to revolve around this:

Software encryption on a USB flash drive relies solely on the user password for security of the encryption master key. Simply put, the user password is utilized to encrypt the stronger master key - which in turn encrypts the data. When the password is cracked, all stored data is laid bare.

Now, technically, what the whitepaper is claiming is not that software encryption is not resistant to brute force attacks; rather, they're pointing out that a weak password falls to brute-force attacks quite easily.  This is also true for hardware encryption, though.  I mean, a device featuring hardware encryption will also require a password for access (or some kind of token, which prevents brute-forcing but introduces other problems like lost or damaged tokens).

The whitepaper would have a case if all software encryption programs use a password to create a master key.  While such encryption programs do exist, they're not really meant to protect your sensitive data; more like keeping your nosy kid brother out of your stuff (although, I'll have to admit that the marketing department behind the products might paint the picture differently).

How AlertBoot Does USB Encryption

When it comes to USB flash drive encryption, AlertBoot takes a different approach.  Knowing that there are at least two devices that require protection (a USB drive and a computer from where the data is copied off from), the computer is protected with full disk encryption (software-based) and the USB drive is encrypted along with it.  Just plug it in and the computer begins encrypting the USB device.

On its own, the USB drive is going to show up as an unformatted (aka, blank) storage device.  So, plug it into a foreign computer and that computer will prompt you to format it.  No prompts for passwords that can be brute-forced.

The USB drive can also be shared between a group of computers.  Specify that your computer belongs to a group, and the encrypted USB device can be used to transfer data from one computer to another.  But, again, stick it into a non-group computer and it shows up as unformatted.

Now, one might argue that this cuts down on the usefulness of the USB drive, and they're right.  But, it also prevents the data from truly leaving a secure perimeter: you won't have a WikiLeaks kind of scenario.


Related Articles and Sites:
http://safestick.net/doc/WP_Why_Software_Encryption_Gives_a_FalseSenseOfSecurity_softek.pdf

 
<Previous Next>

Data Encryption Software For SMBs And Other Trends For 2011

Drive Encryption Software: Because That File Cabinet Could End Up Elsewhere

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.