USB Flash Drives: Protecting Data And Enhancing Storage Steffen Hellmold VP and General Manager UFD BU Lexar.

Download Report

Transcript USB Flash Drives: Protecting Data And Enhancing Storage Steffen Hellmold VP and General Manager UFD BU Lexar.

USB Flash Drives: Protecting
Data And Enhancing Storage
Steffen Hellmold
VP and General Manager
UFD BU
Lexar
Presentation Outline
History of UFD standardization
User’s security value metrics
Advantages of standard security solutions
Evolution of the UFD – a vision
USB Lockable Storage Device specification
Compelling technology design considerations
Future Lexar technologies
Demo
Call to action
Additional resources
History Of Lexar’s UFD
Standardization Efforts
At WinHEC 2003 four aspects of USB flash
drives requiring additional standardization
were identified
New category name for USB Flash Drive (UFD)
UFDA founded end of 2003, initially focused on establishing
category name and educate consumers about UFDs
Physical Form Factor for USB Flash Drive
USB-IF approved the Series ‘A’ Plug
form factor Guideline 1.0 – 2005
Bootability support for USB Flash Drives
Windows Vista “Core System” logo certification
requirement (Consumer and Business SKUs)
Security for USB Flash Drives
User’s Security Value Metrics
Easy to Use
Low Cost
Solution
Highly Secure
Advantages Of Standard
Security Solutions
No need to exploit
One UFD
“Windows XP backdoors”
and use spoofing to launch
password systems software
Seamless integration
into Windows
Avoiding legacy issues
Don’t need to use Vendor
unique commands limiting
the solutions to specific hardware
Evolution Of The UFD – A Vision
Past
In the beginning, USB Flash Drives (UFDs) enabled
their users to take their data with them everywhere
Present
Then, USB Flash Drive manufactures created small, stand-alone,
proprietary applications which could be run from the UFDs
Today, Portable Working Environments enable us to install
and run a wide variety of programs from our UFDs
Future
My data → my data and apps → my data and apps and OS
UFDs: Protecting Data
And Enhancing Storage
Martin Furuhjelm
Design Manager
Enterprise and OEM Products
Lexar
USB Lockable Storage
Purpose
USB-IF Implementers Forum international
standard-royalty free
Extend USB Mass Storage Class
to allow hosts and devices to lock
and unlock storage, without breaking
legacy behaviors that exists today
Key Scenarios
Protect for loss/theft
Ensure privacy of data
What Is USB Lockable Storage?
Legacy / Impersonal
Mode
USB Locking User Experience
Plug-in
Successful
Passphrase
USB Lockable Storage
Feature Negotiation
Feature negotiation
No impact on legacy systems
Lockable Storage Interface
Extension Descriptor (LSIED)
USB parser already knows how to handle
Extension Descriptors from HID devices
Allows future features to be added
USB Lockable Storage
Command Set
Nine new USB commands specified
Store, match, and change Passphrase
Erase Passphrase (return to Impersonal)
Electronic unplug
Originally used to update firmware
Now we change PIDs to unlock
Compelling Technology
Design Considerations
Personal storage device environment
Integrating support into
the Windows Storage Stack
PC OEM and Enterprise concerns
Value add opportunities
Reusable architecture
The Personal Storage
Device Environment
Legacy OS
1998 – 2005
Legacy
“MSC Device”
1
2
3
4
New OS
2006 – 20xx
New
“Personal Storage
Device”
Window’s USB Stack Changes
A new Device Class
Requires additional driver
for locked devices
Launches Windows “Found New Hardware”
experience if locked and no driver
When device is unlocked we switch
back to USBSTOR.SYS
USBSTOR.SYS
Standard Windows driver
for USB mass storage
Window’s USB Stack Changes
Application
Lexar’s
Application
PSD-Lock™
Provided by
Microsoft
User
User
ISV
IHV
Lexar
USBSTOR.SYS
Locked
USBSTOR.SYS
Vendor Unique
Device driver
USB.SYS
USB.SYS
Std. Device
Hardware Device
Windows Inbox
Technology Benefits
Open architecture
High percentage of end-user
lost/theft scenarios addressed
No additional system/device overhead
Enables features for all markets
Consumer level locking without
additional cost
Extensible architecture for more
complex locking policies
No licensing fees
Added Value Opportunities
Built-in Windows Shell support
Continued standards activity
Easy to Use
USB
Lockable
Storage
Low Cost
PC Industry adoption
Continued standards activity
Built-in Windows driver support
Highly Secure
Password strength protection
mechanisms Biometrics
Add HW Encryption
Integrate into Centrally
Managed software
Harden saved passwords in Windows
Continued standards activity
USB Lockable Storage
Pat LaVarre
Design Engineer
OEM Products
Future Lexar Technologies
Solutions For
A Reusable Architecture
Locking other
USB “Things”
Discourage theft
Authentication
Device to Host
Host to Device
Fixing USB flash card readers
Which drive did I insert my media into?
Call To Action
OEMs, ODMs, IHVs, and ISVs
Support USB Lockable Storage
Send feedback to Microsoft at
hec6stor @ microsoft.com
Microsoft
Provide Windows logo requirements
for USB Lockable Storage
Provide inbox support for USB Lockable
Storage in Windows Vista
Additional Resources
Web Resources
Join USB-IF http://www.usb.org
Authentication
IEEE 1667 http://standards.ieee.org/announcements/pr_p1667.html
TCG https://www.trustedcomputinggroup.org/groups/storage/
Microsoft
Windows Logo Program 3.0
http://www.microsoft.com/whdc/winlogo/HWrequirements.mspx
Lexar White Papers
USB Flash Drives to revolutionize Removable Storage in Personal
Computing www.lexar.com
Related Sessions
Session name: Personal Storage: Opportunities and Challenges
for Pocket-Sized Storage Devices in the Windows World
Email alias Winhec2006 @ lexar.com
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.