Docstoc

“SecuTok” - Securing Removable Media

Document Sample
“SecuTok” - Securing Removable Media Powered By Docstoc
					                            “SecuTok” - Securing Removable Media
                                                         March 2006


     Daniel Edge                 Karl Richardson                        Emma Rowland                     Paul Taylor

ABSTRACT                                                          solutions are undoubtedly secure; however, they do not
         We have implemented a secure solution to aid             appear to address the main problem associated with the use
corporations who wish to utilise removable USB media for          of mass removable media within an organisation. Although
the transportation of sensitive data.                             the authors acknowledge the importance of securing data,
                                                                  many businesses are not just concerned with restricting
          Current solutions aim to approach securing these
                                                                  unauthorised access but are also interested in how and
devices with traditional cryptographic techniques
                                                                  where their data is being used by employees. Our solution
(encryption). We have identified the issue that once
                                                                  attempts to address this specific problem whilst providing a
decrypted the company has lost any control that they had
                                                                  highly secure mechanism for the transportation of data.
over the data. To address this issue, we have implemented
the ability to log all encryptions and decryptions of data on             It is worth noting that whilst this solution focuses
USB media using our system. Our solution is implemented           on the use of USB tokens, primarily as they provide the
in software and requires no client side installation, making      most practical method of transporting data, it is possible to
it both cost effective and flexible.                              apply the same techniques to other forms of USB based
                                                                  media such as external hard drives
         The implemented solution consists of four main
components – an administration application used for the
creation of a secure environment on standard USB based
                                                                  2. Motivation & Issues
media; the server component which monitors and authorises                  Introducing the use of mass removable media such
encryption/decryption events; the client application which        as USB tokens allows sensitive data to be moved from the
provides a secure environment for ‘checking in’                   controlled office environment in a convenient manner.
(encrypting) and ‘checking out’ (decrypting) files and a          However, this presents a significant risk to that data. This
web-based reporting tool which allows querying of location        may involve both careless and malicious data use by
and time of events.                                               employees. Employee carelessness does not simply extend
          We have considered the implementation from a            to the physical loss of the device. Even when stringent
security perspective and have utilised industry standard          security procedures are in place, they may not always be
components where appropriate, for example SSL, digital            adhered to. For example, data may be copied from
certificates and the latest AES encryption algorithm,             removable media onto insecure or public machines. This
Rijndael.                                                         means that effective security methods may need to be
                                                                  independent of employee processes; a log based, reactive
          We have considered relevant legislation and have
                                                                  system is often the most useful tool for management when
identified limitations in the current implementation and
                                                                  attempting to enforce security policy. Unfortunately, a
extensions that could be developed.
                                                                  reactive system is often the only practical defence against
                                                                  employee misconduct.
1. Introduction
                                                                            The importance of combining traditional
        USB Tokens are quickly becoming the “new                  approaches to security with a reactive system is highlighted
floppy disk”; prices are continuously falling as data             by statistics taken from 2003 during which 137529 security
capacity increases. The media provides a convenient               incidents were registered by the Coordination Center of the
method of transporting data where network and email               US Computer Emergency Response Team (CERT/CC)
technologies may be inappropriate or not available.               making it apparent that security cannot be achieved by
         Despite the clear convenience and ease of use,           prevention alone. When the attack is launched by a
many organisations have been reluctant to allow employees         “trusted” employee only reactive measures are capable of
to adopt this technology; many restrict the use of USB            hindering an attacker or preventing future intrusions. 1
drives, some to the extent of disabling all USB ports. Much                We present within this report a solution that
of this reluctance stems from security concerns. Current          combines standard cryptographic techniques with the
solutions on the market attempt to address this problem           reactive approach to security demanded by the business
from a solely “Cryptographic” perspective; employing large        environment. In order to address these issues effectively,
key sizes and hardware security modules (HSMs). These             our solution provides the following facilities:


                                                          Page 1 of 8
    •    A mechanism of transporting data from location to         USB based removable media, enabling organisations to
         location in a secure, intrusion tolerant manner.          incorporate our solution in a cost effective way without the
                                                                   need for new and expensive hardware (such as the Sandisk
    •    A balance between the need for a secure solution
                                                                   Cruzer’s etc). Our solution is aimed specifically at business
         and a cost effective one.
                                                                   needs and we have provided the ability for management to
    •    The ability to identify where data is being used in       monitor where and when data is encrypted and decrypted,
         an auditable manner allowing for a reactive               recording ‘points of exit’ from the corporation’s sphere of
         approach to the identification of both malicious          control. This enables the much needed reactive approach to
         and careless decryption at unauthorised locations.        security.
                                                                             The implementation of a reactive system has many
3. Existing Products                                               benefits. Firstly, informing the data owner of each
          There are many different secure USB tokens               decryption and recording the location will mark where the
available on the market today, providing cryptographic             data has exited their control. These ‘points of exit’ would
solutions to securing data. Each of these use slightly             be useful to the organisation in a number of ways, for
different strategies for securing stored data:                     example in the case of information being leaked, this
                                                                   information would give clear points at which to begin
3.1 Lexar Jumpdrive Secure                                         investigation. A second use of this information would be in
         The Lexar Jumpdrive is designed to store                  the case of a lost token being accessed; if a file residing on
documents securely for transport. It provides 256-bit AES          a reportedly lost token is decrypted, this would not only
encryption on the data, which is protected with a single           alert the company to track unauthorised access to the data
password and preloaded software allows users to divide up          but also provide them with information with which to begin
the token into secure and public areas. The Jumpdrive is           looking into the matter. Furthermore this reactive approach
available in a range of storage sizes. 2                           could be used to alert data owners of employee
3.2 Authenex A-Key                                                 carelessness. The report of an unrecognised IP address or
          The Authenex A-Key is designed as an                     username, for example, may raise questions as to whether
authentication method rather than for document storage, but        an employee is using the data appropriately.
it uses similar encryption techniques to other cryptographic
USB tokens. As well as AES encryption the A-key uses               5. The Solution
server authentication for further security. The A-Key is a                Our solution can be split into four discreet
hardware solution with much of the encryption taking place         components, together forming the SecuTok system.
within a built in processor. 3
                                                                   5.1 Administration Application
3.3 Sandisk Cruzer                                                            One of the main aims of the project was to produce
         The Sandisk Cruzer is aimed at transporting               a solution that, whilst providing a high level of security,
documents securely. The device uses standard encryption            was entirely software based; utilising off the shelf USB
techniques, but with the added security of biometrics. The         based media, without the need for any bespoke hardware
Cruzer features a fingerprint scanner which is used to             components. To this end, we have provided a mechanism
unlock the data stored on it. The Cruzer is only available in      for ‘creating’ a secure interface for any USB removable
512MB and 1GB sizes. 4                                             media. The generation of this secure environment takes
                                                                   place using the ‘Administration Application’ provided in
4. How Our Solution Addresses These Issues                         the SecuTok suite. This tool registers the USB token with a
          The solutions that exist on the market today             centralised server and copies all necessary executables and
attempt to address the issues of security from a purely            files to the device. The tool is aimed at non-technical users,
cryptographic perspective, many are hardware based, and,           for example business managers.
although providing high levels of security, are neither cost                The creation tool is presented in the form of a
effective, nor do they address the specific issues affecting a     wizard; this was the considered the most appropriate
large corporation, such as employee carelessness.                  format, taking into consideration the user base and the
         Our solution is highly secure, using the latest NSA       procedural nature of the process. Figure 1 graphically
approved encryption algorithm, AES Rijndael. We have               represents the sequence of events involved in creating a
presented a method of creating a secure device from any            SecuTok token:




                                                           Page 2 of 8
                                                                        5.2 Client
                                                                                 The SecuTok client provides a secure interface for
                                                                        using off the shelf USB removable media. It provides a
                                                                        mechanism of ‘checking in’ and ‘checking out’ files in an
                                                                        encrypted form. The application resides entirely upon the
                                                                        token and requires no client side installation. We have
                                                                        employed a number of mechanisms to allow files to be held
                                                                        in a highly secure and encrypted form on the device.
                                                                                 Each token is protected by a user defined
                                                                        password, the first time the token is used a prompt for a
                                                                        new password is displayed. It is this password that forms
                                                                        the basis of the encryption key used to encrypt the files.
                                                                        This password is checked whenever the application is
                                                                        launched. For obvious security reasons, we are unable to
                                                                        store, in any form, this password on the token. We have
                                                                        employed a mechanism that allows us to check that the
                                                                        password is correct without needing to store the literal
                                                                        password string. During the initial password creation, a file
Figure 1: Creating a secure token                                       containing a unique string known to the application is
                                                                        encrypted using a statically defined initialisation vectorI and
          The first step in creating a secure token is to define        a 256-bit derived hash of the entered password. During
its ‘security policy’. Two different policies are available             subsequent launches of the application, the user is presented
that restrict how the token will be used and define the level           with a password prompt and the following validation
of auditing capabilities of the device. An overview of these            process takes place:
policies is defined in Table 1.
                                                                               1.   The ‘password file’ (token.inf) is decrypted into
         Each token has an ‘owner profile’ associated with                          memory using the statically defined IV and an
it, the owner of the token can be defined as the person                             SHA256 hash of the entered password.
responsible for monitoring events on tracked documents                         2.   The decrypted value is compared to the statically
held on the token. It is this owner who will have                                   defined string and, if found to be matching, the
permissions to view any tracking information gathered.                              password entered is found to be accurate. It is a
          We envisage that the role of ‘token owner’ would                          hashed form of this password that forms the basis
be taken on by management, or an IT security group. The                             of any encryption or decryption events.
owner profile is relayed to a central server and stored within
a secure database. With this information in place the token                        This mechanism provides a user friendly
is registered with the server and assigned a unique ID.                 authentication and key generation method (the password is
Each token also contains a signed digital PKCS#12                       only prompted for at start up) but we believe this to be
certificate, containing the token identifier. This is used for          sufficiently secure. One could envisage the scenario in
authentication with the server and identifying the                      which a hacker may use a method commonly adopted when
authenticity of a particular token. The administration                  cracking software based password checks; using a debugger
application confirms that a correct certificate has been                to modify code at execution time. This method makes it
                                                                        possible to replace the relevant assembly JE (Jump on
Security Policy              Description                                Equal) or JNE (Jump On Not Equal) to a JMP (Jump
                                                                        Unconditionally) which in turn would result in the
Obligatory Tracking          Recommended for sensitive data:
                                                                        application launching without any password related errors5.
                             detailed tracking information obtained
                             for ALL files that are encrypted and       We have ensured that this style of attack does not threaten
                             decrypted.                                 the security of the files contained on the token as it is the
                                                                        entered password (under normal circumstances presumed to
Optional Tracking            Allows the user of the token to decide
                                                                        be correct) that is hashed and used as the key to decrypt the
                             whether to track files.
                                                                        files. If this was incorrect (and the initial password check
Table 1: Security Policies                                              bypassed) the files would not decrypt successfully as the
supplied. The final action performed by this tool is to place           incorrect key would be used for decryption.
all necessary executables and files on the token, so the
secure environment can be utilised without any client side              I
                                                                            When a block cipher is used in CBC mode, an initialisation
installation.                                                               vector is exclusive-ORed with the first plaintext block prior to
                                                                            encryption adding a further level of obfuscation.

                                                                Page 3 of 8
          The encryption algorithm used to secure data using            1.   The application does not allow data to be
the SecuTok system is the latest NIST approved AES                           decrypted to the device (the tokens drive letter is
standard, Rijndael6. We have adopted the use of the                          removed from the interface)
SHA256 hashing algorithm for key generation. The user                   2.   The file is encrypted in the file’s originating
supplied password is hashed, creating a 256 bit value and                    location and only the encrypted version is copied
files are encrypted using this key. Although there are a few                 to the token.
theoretical attacks against the SHA256 algorithm, no
practical implementation of these is yet known and it is                   These two mechanisms ensure that the decrypted
generally accepted within the cryptographic community to          version of any files are never present on the token,
be a true ‘one way’ hashing algorithm. All files are              employing these methodologies prevents any file recovery
encrypted using Rijndael CBC (Chain Block Cipher) mode            based attacks.
of operation7. Using this mode of operation, each plaintext                   Following a successful encryption operation, the
block is exclusive-ORed with the previous ciphered block          initialisation vector is written to a file with the same name
before encryption takes place. This ensures that no plaintext     as the now encrypted file, with the extension of ‘.iv’
block encrypts to the same cipher text if an identical key        appended. To ensure this value remains secure, the file is
was used. The alternative mode of operation, electronic           encrypted using Rijndael in ECB mode, the key used to
code book (ECB), could present the opportunity for a              encrypt this data is held within the source code. For
statistical analysis style hack to be applied to the cipher       example, encrypting a file encryptme.exe would result in
text. The security of CBC is further enhanced through the         two files encryptme.exe.enc and encryptme.exe.iv.
use of a randomly generated initialisation vector.
                                                                            When encrypting tracked files, the method
An overview of CBC mode is outlined in figure 2.                  undertaken is slightly different. In this case, when the
                                                                  tracked file is encrypted, the IV is not stored on the token.
                                                                  Instead, the application scours the host machine for
                                                                  identifiable information (discussed below) and sends the
                                                                  gathered information, together with the filename, to the
                                                                  server. Once this data is received, the server will generate
                                                                  an IV and return this to the client to be used for encryption.
                                                                  The IV and tracking information are then stored at the
                                                                  server.
                                                                             When the file is decrypted, the application must
                                                                  once again supply the required tracking information and file
Figure 2: CBC encryption                                          name to the server. Having validated the received tracking
                                                                  data, the server then returns the stored IV for that file so
5.2.1 Tracking
                                                                  that the data can be decrypted. This method ensures that an
          The client can function in one of two modes of
                                                                  essential part of the encryption/decryption process (the
operation, as defined at the token creation stage
                                                                  initialisation vector) is not generated and / or released, even
(administrative application); obligatory tracking and
                                                                  when the password for the token has been validated,
optional tracking. When optional tracking is selected, the
                                                                  without ensuring that the event can be tracked
end user of the token can decide whether to track
                                                                  appropriately.
encryption and decryption events for a particular file.
Dependent upon the mode of operation, the initialisation          5.2.2 Tracking Data
vector is utilised differently.                                             As part of the encryption and decryption process,
     Prior to encrypting untracked files, an initialisation       each event can be sourced to the originating computer. The
vector is generated randomly using the initialisation             following information is retrieved client side and sent to the
generation function from the Microsoft cryptographic API.         server where it is verified for completeness before an IV
Encryption takes place in CBC mode and the algorithm is           will be released:
seeded with this randomly generated value. Using the              Hostname: The computer’s ‘friendly’ name.
password entered at start-up the key for the algorithm is
                                                                  Local IP: The IP address assigned to the computer for the
generated and the file is encrypted. The authors of the
                                                                  Local Area Network interface.
SecuTok system acknowledge that the FAT32 and NTFS
file system simply mark a deleted file as available space         Username: The username that was used to log onto the
without removing the data and it is therefore relatively          computer.
straight forward to recover deleted files8. We have               Domain: The domain that the machine resides upon.
prevented any possible leaking of data through this means
                                                                           Following the receipt of this information, the
in two ways:
                                                                  server determines the IP address (wan IP) of the connected
                                                          Page 4 of 8
machine by examining the underlying socket. All                                       The server checks that the certificate has been
information is logged within a database, along with a                       signed by the SecuTok CA, performing certificate chain
date/timestamp and the event type (encryption/decryption).                  verification. If the certificate is not verified as a valid
This information is accessible for later inspection through                 signed certificate, the communication channel is terminated.
the provided web reporting tool.                                                     The       entire     communication        following
          The information recorded should provide                           authentication is encrypted using SSL via RC4/RSA.
sufficient data to give an indication of where and when the                 Packets being sent to and from the server are secure. Each
encryption and decryption events occurred.                                  subsequent packet also contains a token ID that is unique to
                                                                            the individual token. As an added layer of security this ID is
5.3 Server                                                                  held in an encrypted form within the PKCS#12 certificate
           When the client is configured to track                           under the common name field, preventing this id from being
cryptographic events, the process involves communicating                    tampered with.
with the SecuTok server. The server is responsible for
receiving and validating tracking data and writing this to a                         Although the PKCS12 blob could be copied from
database along with the generation and storage of                           the token, the certificate contained within it is held in a
initialisation vectors. Due to the nature of the messages                   secure manner; an attempted hack would involve
passing between the server and potential clients which                      determining a username and password and deriving the
contain both personal and cryptographic material the                        correct key. This mechanism of holding certificates within a
security and authenticity of all communication is extremely                 software environment is used extensively within software
important. We have employed a number of mechanisms to                       based solutions.
ensure that the security of this highly sensitive data is                   5.4 Web Application
maintained. All communication between clients and server                             The Web Application provides a reporting
are routed via the Secure Socket Layer protocol, ensuring                   interface that is accessible to token owners, its purpose is to
transactions are encrypted. The chosen algorithm is RC4,                    provide detailed information on the files encrypted to and
combined with RSA key exchange with a key size of 256                       decrypted from their tokens. In this context, we envisage
bits.                                                                       the token owner being someone other than the user, for
         Before any transactions between the server and                     example, management. The web application runs on top of
client can take place, a client is first authenticated. Each                the industry standard Apache web server. It is this tool that
client has a unique digital certificate that is signed by the               will be used to determine possible unauthorised decryption
SecuTok Certificate Authority (CA)II.                                       and encryption of data at both token and individual file
         An SSL channel is instantiated between the server                  level, by presenting gathered tracking data on a per file or
and client and the client’s digital certificate is sent to the              per token basis.
server (see figure 3).                                                                The application is secured by utilising database
                                                                            authentication (requiring a user to log in) and via PHP
                                                                            sessions. Sessions have been used in this context both to
                                                                            ensure that pages cannot be accessed without first logging
                                                                            into to the system and to prevent a user from manipulating a
                                                                            URL to gain access to data associated with a different user.
Figure 3: Client and Server Communication via SSL                                     PHP was utilised rather than a client side scripting
                                                                            language such as VB Script, to ensure that connections to
The certificates used within the process are encoded within
                                                                            the database occur server-side. Utilising server side
a PKCS#12 blob. This is a transfer syntax devised by RSA
                                                                            scripting prevents malicious manipulation of the pages and
for the secure distribution of personal identity information,
                                                                            prevents the user from determining database connection
including private keys, certificates, miscellaneous secrets,
                                                                            details which could be used to manipulate the database
and extensions9. This is achieved by encrypting the data
                                                                            directly or invoke stored procedures that return the IV of a
with a symmetric key which is derived from a username and
                                                                            given file.
password. The client decrypts and extracts the certificate
held within the blob using the username and password
known only to the client.
                                                                            6. Legal Considerations
                                                                            6.1 Legislation
                                                                                     Users wishing to decrypt information will have
II                                                                          personal data from their machine collated and stored. As
     A Certificate Authority is a trusted party, which certifies the
                                                                            with any scenario where personal information is being
     authenticity of a digital certificate by encrypting all or part of
     the certificate using its Private Key. The certificate can be          stored about an individual, both legal and ethical issues
     verified by attempting to decrypt it with the CA’s public key          must be considered.

                                                                    Page 5 of 8
         The key concern for the application is the Data             it would have been possible to trust the SecuTok CA on the
Protection Act 1998 (DPA) which can be applied                       client, this would be unrealistic and require configuration of
specifically to the data that is gathered by the client              individual machines. If this solution were to be employed,
application during the tracking process. This data needs to          by an organisation it is expected that certificates signed by
be gathered, transmitted and stored legally as defined by the        an industry trusted Certificate Authority, such as Verisign10
Act.                                                                 would be used. All Windows machines trust certificates
         Any organisation employing the SecuTok solution             from Verisign, as a result server authentication could be
would be defined as a “data controller” by the act, with             enabled without any reconfiguration of client machines.
users of the tokens (the company’s employees) being the              This is not a limitation of the SecuTok system and server
“data subjects.” The main points covered by this act are that        authentication can be enabled by manipulating a Boolean
data pertaining to subjects must be:                                 value within the source code. Unfortunately we were
                                                                     constrained by the cost of server certificates.
    •    Fairly and lawfully processed.                                        Whilst we have employed tried and tested industry
    •    Processed for limited purposes                              standard authentication techniques, our dependence on
    •    Adequate, relevant and not excessive.                       certificates for authentication presents a further problem
    •    Accurate and up to date                                     that may require development. In the current setup digital
    •    Not kept longer than necessary                              certificates are stored as files on the token itself, wrapped
    •    Secure                                                      within a PKCS#12 blob, this is an encrypted file that
    •    Not transferred to any country outside the                  encapsulates the digital certificate; the username and
         European Economic area unless that country has              password required for decryption are known to the client.
         adequate protection for the individual                      Using PKCS#12 we prevent certificates from being copied
                                                                     and used to authenticate non-SecuTok clients. However, it
           We have complied with criteria laid out in the            is possible to copy the PKCS#12 file from one token to
DPA in a number of ways. The first is ensuring that the user         another, which would in effect allow tokens to be “cloned”,
of the system is aware of when, how and why data is being            resulting in decryption and encryption attempts on multiple
collected during the tracking process. Data gathered is held         tokens appearing to originate from the same token.
within a secure database and data is not excessive for the           Although this would not present any opportunity to
purpose for which it is intended. Although the system does           circumvent the security of an individual file, it is raised
not directly define procedures for ensuring that data is             within this report for consideration.
stored in a manner that conforms to the DPA, we believe                        A possible solution to this involves storing the
that this is beyond the scope of the solution and that the           certificate on a Hardware Security module within the token;
responsibility for this resides with the corporation that            this would prevent the certificate from being copied and
employs our solution. We believe the implementation, as              ensure its integrity. Whilst this would provide the ultimate
far as is possible, conforms to legislation set out in the act.      solution in terms of securing the certificate the net cost of
          The Data Protection Act also specifies six                 the SecuTok system would increase exponentially as non-
conditions (of which at least one must be met) for personal          standard USB based devices would be required.
information to be considered fairly processed. Of the six,
the application will meet the following two conditions:              7.2 Deletion of Token.inf. and .IV Files
                                                                               As described within section 5.2, the token.inf file
    1) The individual has consented to the processing.               is used as a method to check that the password entered was
    2) Processing is necessary in order to pursue the                correct. Although this file does not contain the password or
       legitimate interests of the data controller or third          key material, deleting this file could cause a problem. If the
       parties (unless it could unjustifiably prejudice the          file does not exist, the application assumes that no password
       interests of the individual).                                 has been assigned to the token and prompts the user for a
                                                                     password; the token.inf is then regenerated. Although this
7. Known Limitations and Extensions                                  does not pose any risk to the security of data on the token, it
                                                                     would no longer be possible to decrypt existing files as the
7.1 Digital Certificates                                             application would launch with an incorrect password,
          Our current implementation of authentication               resulting in the generation of an incorrect key. A similar
between the server and client uses self-issued digital               problem occurs with the IV file associated with every non-
certificates and certificate authority. Although this provides       tracked file. The solution to this problem would be to store
a sufficient level of authentication for clients (verifying that     the equivalent of the token.inf and .IV file at the start of
the client is a valid SecuTok application) authentication of         each encrypted file on the token. This would also allow
the server is currently disabled. For authentication of the          passwords to be assigned on a file level rather than the
Server to work on all machines, the server’s Certificate             current token oriented password.
Authority would have to be trusted on each client. Although
                                                             Page 6 of 8
7.3 Brute Force Attacks                                              as this adds an extra layer of security to the device; as
         The current system prompts the user for a                   decrypting data not only requires a password but also the
password which, if verified to be correct, is used as the            use of an authorized computer.
basis to form the encryption key. It may be possible to                   Uniquely identifying a machine can be difficult,
launch a brute force style attack against the token; although        particularly as traditional identifiers such as network cards
we have implemented a simple shutdown procedure; if the              and MAC addresses can be changed using third party
password is entered incorrectly the SecuTok client closes.           software. It is therefore not possible to rely on one single
This could be extended to block access to the token if the           identification technique. In order to uniquely identify a
password is entered incorrectly a predefined number of               machine, we have proposed the following solution:
times. This is relatively easy to implement, for example the
                                                                          During the identification               stage   the   following
application could delete the token.inf file, requiring this file
                                                                     information would be retrieved:
to be recovered by an administrator.
                                                                                •     Processor Serial Number
7.4 Implementing the Server as a Windows
Service                                                                         •     MAC Address
          Currently the server runs as a standard windows                 Using this data a string representation would be
application, although it can be minimised to the system tray         generated as outlined in Table 2.
and can operate without user intervention, it may be
advantageous to allow this application to run as a windows                   Identifier           Description
service. A windows service would allow the application to
continue running outside of a particular user context (i.e.                  Processor            As a string, for example,
irrespective of which user is logged into the system).                       Serial Number        “1268987909A”
Windows services are supported within Windows NT/2000                        MAC Address          As a string, for example “00-08-74-
/XP/2003.                                                                                         4C-7F-1D"
          Converting the application to allow it to run as a               Table 2: Construction of a unique identifier
service is achieved by creating a GUI-less class that inherits            These strings can then be concatenated and the
the ServiceProcess.ServiceBase class that                            resulting value encrypted using a symmetric block cipher
implements the following methods:                                    (such as AES), together with a predefined key known to the
    •    OnStart                                                     SecuTok system. The result is a unique identifier for this
                                                                     machine.
    •    OnStop
                                                                          We envisage that this would be stored within a digital
    •    OnPause                                                     certificate on the machine with which the identifier
    •    OnContinue                                                  corresponds (the machine on which decryption is allowed).
                                                                     It is this identifier combined with the user’s password that
    •    OnShutdown
                                                                     would be hashed and used as the encryption key for the data
          These are called when the Windows Service                  on the token.
Manager requests the action of the application. The
                                                                          When encrypting and decrypting data on a token with a
conversion could be achieved by implementing the
                                                                     “provisioned” security policy, the identifier is compared to
serviceBase class and calling the appropriate action
                                                                     the version held locally within the digital certificate on the
from the ServerSocket class. The implemented GUI                     client’s machine. If the two match, the value is combined
should remain as is, this will provide the user with the             with the validated password entered, a hash is generated
ability to configure and monitor the application easily              and the resulting value is used as the key for encryption and
whilst ensuring the communication portions of the                    decryption events.
application run outside of the user’s execution space,
continuing to service client requests even if the GUI is                  If decryption is attempted on an invalid machine, the
closed.11                                                            operation would fail in the first instance due to the missing
                                                                     digital certificate. Copying the certificate from another
7.5 Provisioning a Token For a Specific Machine                      machine would also result in the decryption failing as the
     A possible extension to this project involves restricting       identifier contained within it would not match the one
which machines a token could be used on (“Provisioning a             calculated at decryption time. The certificate is used as a
token”). The basic principal being that a token will only            convenient method of checking whether the machine is
allow decryption events to occur on “recognised”                     valid for decryption. However, even if this precaution was
computers, that is, computers that the data owner has                to be circumvented in some way, decryption would still fail
deemed as authorised. In the context of the business                 as the underlying data used to generate the encryption key
environment this may be an employee’s computer at work,              is not stored anywhere but is generated at decryption time.
a pc at home or a laptop. Enforcing a security policy such
                                                             Page 7 of 8
8. Summary
         We have presented within this document a solution
that will satisfy the security concerns affecting many             10. Bibliography
businesses wishing to introduce the use of removable media
within the workplace. Although there are existing solutions        [1] M. Meier, U. Flegel, and H. König, “Reactive Security Intrusion
on the market today, we feel that none of these address the        Detection, Honeypots, and Vulnerability Assessment”, 2004. http://ls6-
                                                                   www.informatik.uni-
problems faced by businesses.                                      dortmund.de/issi/archive/literature/2004/Meier_Flegel_Koenig:2004a.pdf
         We have approached the design and construction
of our solution from a security perspective, whilst                [2] “JumpDrive® Secure USB Flash Drive”, Lexar Media, Inc., 2005
maintaining the cost effectiveness of the solution. The result     http://www.lexar.com/jumpdrive/jd_secure.html
is a solution that allows any standard (and relatively low
cost) USB based media to be used in a secure fashion. The          [3] “A-Key® Overview”, Authenex Inc., 2005
system provides employees with the ability to work with            http://www.authenex.com/products_akey.cfm
these devices easily and effectively but also provides
management with the much needed auditing and reactive              [4] “SanDisk Cruzer®”, SanDisk Corporation, 2006
security measures missing from any of the competing                http://www.sandisk.com/Products/Default.aspx?CatID=1167
solutions on the market today.
          Our solution encompasses a suite of applications         [5] Wanner, Richard, ‘GIAC Reverse Engineering Malware (GREM)’
that assist in the creation and deployment of secure devices       SANS Institute, July 2004
(the SecuTok administrative application) through to the            http://www.whitehats.ca/main/members/Cerberus/cerberus_grem/rick_wa
                                                                   nner_grem.pdf
web based reporting tool used to track how and where data
has been used.
                                                                   [6] Federal Information Processing Standards Publication 197,
         Unfortunately, due to time constraints we were            “Announcing the ADVANCED ENCRYPTION STANDARD (AES)”,
unable to implement the final phase of the solution,               NIST, November 26, 2001
machine provisioning. We feel that this would make a               http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
valuable addition to the existing feature-set, increasing the
                                                                   [7] Sungcheol Chang et al, “CBC Mode and Initial Vector for the AES
security of the devices and increasing the products
                                                                   algorithm”, EEE 802.16 Broadband Wireless Access Working Group,
marketability further.                                             2004
         We believe that out solution makes a unique               http://www.ieee802.org/16/tge/contrib/C80216e-04_540.pdf
contribution to the security of removable media. In
designing the suite of products we have acknowledged the           [8] Simson L Garfinkel and Abhi Shelat, “IEEE - Remembrance of Data
limitations of relying solely upon traditional cryptographic       Passed:A Study of Disk SanitizationPractices”, Massachusetts Institute of
                                                                   Technology, 2003
techniques in the prevention of internal misconduct. We            http://www.simson.net/clips/academic/2003.IEEE.DiskDriveForensics.pdf
therefore present for consideration a solution that combines
traditional approaches to securing removable media with            [9] “PKCS 12 v1.0: Personal Information Exchange Syntax“ RSA
the added benefit of monitoring capabilities, independent of       Laboratories, 1999
                                                                    http://mirror.switch.ch/ftp/doc/standard/pkcs/pkcs-12/pkcs-12v1.pdf
processes and security privileges afforded to an individual
employee.
                                                                   [10] “SSL Certificates”, Verisign Inc, 2006
9. Acknowledgements                                                http://www.verisign.com/products-services/security-
                                                                   services/ssl/index.html
         We would like to thank Dr Tim Hopkins for
agreeing to supervise this project and for his continuing
                                                                   [11] “Windows Services: New Base Classes in .NET Make Writing a
support and guidance throughout the year.                          Windows Service Easy”, MSDN Magazine, 2001
                                                                   http://msdn.microsoft.com/msdnmag/issues/01/12/NETServ/




                                                           Page 8 of 8

				
DOCUMENT INFO