Forgot your password?
typodupeerror
Security Hardware

RSA: Self-Encrypting USB Hard Drives for all Operating Systems (Video) 154

Posted by Roblimo
from the the-mysteries-of-the-crypt-on-a-portable-hard-drive dept.
Tim Lord met Jay Kim at the RSA Conference in an Francisco. Kim's background is in manufacturing, but he's got an interest in security that has manifested itself in hardware with an emphasis on ease of use. His company, DataLocker, has come up with a fully cross-platform, driver independent portable system that mates a touch-pad input device with an AES-encrypted drive. It doesn't look much different from typical external USB drives, except for being a little beefier and bulkier than the current average, to account for both a touchpad and the additional electronics for performing encryption and decryption in hardware. Because authentication is done on the face of the drive itself, it can be used with any USB-equipped computer available to the user, and works fine as a bootable device, so you can -- for instance -- run a complete Linux system from it. (For that, though, you might want one of the smaller-capacity, solid-state versions of this drive, for speed.) Kim talked about the drive, and painted a rosy picture of what it's like to be a high-tech entrepreneur in Kansas.



Jay Kim:
Hi. My name is Jay Kim. I am the president of DataLocker, based in Overland Park, Kansas.

Tim Lord: Okay. And what is DataLocker?

Jay Kim: Data Locker manufactures and develops encryption solutions for storage, for systems and for media.

Tim Lord: So solutions is a broad term. What do you mean by solutions in this case?

Jay Kim: Well, we specialize in hardware-based AES encryption. We develop devices that can be managed and used very simply by any consumer or client.

Tim Lord: Okay. And what is that you are holding in your hand there?

Jay Kim: This is one of our flagship products. It is called the DataLocker DL3. It comes in up to 1.5 terabyte of storage. It is hardware encrypted. Everything is done at the device level. You authenticate on this touch screen panel; you manage the device. And all the security features are done locally here on the device. Again, there is no software, no driver, so it could be used on any type of system, Mac, PC, Linux, any type of work station.

Tim Lord: Is there the possibility that this could be used as a bootable drive? Could you run an OS from it?

Jay Kim: Yes. Linux supports USB booting. Microsoft 8 supports it as well. All the versions of Windows do not support booting up a USB device, but this device also supports what they call a virtual CD. The user can take an ISO image and create a working bootable CD partition on this device itself.

Tim Lord: Okay. Now could you distinguish this, it is a little bit bigger than say using a USB key, but there are companies right here at the show that are selling smaller things that have some similarities? How do you distinguish this from those?

Jay Kim: The big difference is capacity. This comes in up to 1.5 terabyte of capacity in the same 2.5 inch form factor. It is USB powered, so everything is done at the device. In terms of performance, the speed of a hard drive is probably about six times faster than traditional flash drive or encrypted flash drive. Encryption is done through specialized hardware, so there is no latency in the actual data transfer speeds.

Tim Lord: And so this is a spinning disk hard drive? Is that correct? It is not a solid state.

Jay Kim: Yeah. The higher capacity models are spinning disk. We also have SSD models as well in 128bit AES and 512 gigabytes.

Tim Lord: Okay. A lot of the products at this show start out in prices that only pretty big businesses are able to pay. Is this priced at a level that household users might use or is it aimed at businesses? What do these cost?

Jay Kim: MSRP starts at $399. It is available at discount through retailers for a discount off the MSRP. It is also available on GSA Contracts as well at special contract pricing.

Tim Lord: Okay. Now one thing, if this device is stolen, it is encrypted, so what would someone find if they pried open the device and just popped out the hardware. They would find nothing but AES encrypted trash?

Jay Kim: Everything, every sector is encrypted. It is 256 bit AES encrypted. It also has a host of built in security features such as self-destruct, it prevents brute force attack, if somebody enters in the password, let’s say 10 times, you can set it from 10 to 50 attempts, it will wipe the ____3:13.

Tim Lord: And what if the actual input device itself, if that should ever go bad, I mean hardware fails once in a while, what does someone do? Can your company recover data? Or is it so strongly encrypted that you are?

Jay Kim: Let’s say if the touch screen is broken, you can swap – pull the drive out, and put it in a new enclosure and access it with the same password.

Tim Lord: Okay. Well, that is good to know. It will be a scary situation to find that out. Now you mentioned that you are from Overland Park, Kansas; your company is based there.

Jay Kim: Yes we are.

Tim Lord: Talk about that. Because I had never heard of Overland Park really.

Jay Kim: Overland Park is a suburb of Kansas City. We are host to a lot of major companies, Sprint Telecom is probably one of the bigger companies. Cerner, the healthcare information systems developers, they are based up north from us. It is really – they are going by trying to take that Silicon Prairie title and doing a pretty good job. Actually here at RSA I saw three or four companies based within 5 miles of myself exhibiting here today.

Tim Lord: That is really funny. Do you have any personal experience about what is different about being in business there than say in Silicon Valley or somewhere like that?

Jay Kim: A 10-minute commute is considered long. There is no traffic. It is a great place to live, raise children; the work ethic and workforce is outstanding. We have a lot of talent that came out of some older defense related industries also through the telecom community. Developers are easy to find, and wages are very reasonable compared to probably out east and west.

Tim Lord: And speaking of background, what is your background? How is that you came to be holding a new piece of hardware in your hand? Did you design this or how did it come to be?

Jay Kim: My background is actually manufacturing but what happened was about five years ago, I acquired some IP related to the use of a touch screen panel on a storage device, and we took that IP, commercialized it, developed a business around it, and developed a whole suite of products, using that core IP. It is more of I guess something I really enjoy doing, it is more of a personal endeavor, and it has really turned into a pretty nice business.

Tim Lord: Have you been involved with other startups before?

Jay Kim: Yes, we hit the dotcom boom actually starting in ’98, did e-commerce sites, worked in a variety of family businesses as well. Again, most of us that revolves around e-commerce for manufacturing and so we did steel fabrication overseas, we did some international trading businesses as well.

Tim Lord: How long did this product itself take to develop?

Jay Kim: We spent about two years in R&D. Basically just going from patent on a piece of paper to finished working product, that received – our initial product has FIPS 140-2 validation. That whole process took about a little over two years.

Tim Lord: Okay. And speaking of the development, this is you say, now available at the MSRP that you mentioned.

Jay Kim: Yes, it is available through most major retailers or e-commerce sites. We have a select set of specialty security bars as well. It is available through distribution through Ingram Micro and DNH as well.

Tim Lord: Okay. And what sort of reaction have you found here at RSA so far?

Jay Kim: The key comment we get is how easy our product is to use. If you ask anybody selling hardware, the number one support call they get is related to the software drivers, because we have none, it is very easy to implement, very easy to roll out, it is totally platform independent, again you don’t have to worry about the platform it operates on. So really there is a lot of use cases this can be just literally dropped in, plug-and-play, ready to go to provide an encryption solution.

Tim Lord: And what should we expect next from DataLocker?

Jay Kim: Well, like everybody else we are working on a new product called DataLocker Skycrypt. It is going to be a FIPS validated cloud storage solution. It has got some bells and whistles that you probably haven’t seen before, but we will have a formal announcement in about three months.

This discussion has been archived. No new comments can be posted.

RSA: Self-Encrypting USB Hard Drives for all Operating Systems (Video)

Comments Filter:
  • by ArhcAngel (247594) on Wednesday February 27, 2013 @04:32PM (#43027845)
    Obligitory [xkcd.com]
  • Re:NEAT (Score:4, Insightful)

    by camperdave (969942) on Wednesday February 27, 2013 @04:57PM (#43028077) Journal

    Mod This Up.

    Mod This Down.

    Sigh! You win some, you lose some.

  • Re:Hell no (Score:4, Insightful)

    by n7ytd (230708) on Wednesday February 27, 2013 @05:11PM (#43028213)

    Hardware encryption is superior to software encryption because at least with hardware encryption there is less room for error. Software usually has bugs, one bug in any implementation and its broken.

    I'm not sure what you're saying here... hardware encryption has less room for error because you can implicitly trust the company baking the algorithm into the hardware? Hardware can have all of the implementation errors that a software approach might have.

    Unless you compiled it yourself you can't trust the person who compiled it or the compiler itself not to have a bug or backdoor.

    But at least someone versed in the art can inspect the software to look for these bugs. With hardware, it's just a black box that you have to trust or reverse engineer at a much higher cost.

  • Not secure. (Score:4, Insightful)

    by gmarsh (839707) on Wednesday February 27, 2013 @09:05PM (#43030039)

    Here's how you crack this.

    - Buy another one of these drives and gut it. Replace or reprogram the touchscreen controller, and stuff a GSM modem in there.
    - Program the controller to act like an ordinary drive, but send the entered password as a text message via the GSM modem. Make it act like the password was entered wrong so the user enters it a few times.
    - Swap the modified "drive" for the users' original drive.
    - Wait for the password to arrive at your prepaid cellphone.

    You can break Truecrypt the same way - copy a users' encrypted data, and replace the Truecrypt executable with one that broadcasts the password when the user types it.

    Not sure what this attack is called - "false keypad attack"?

The first version always gets thrown away.

Working...