{"id":126,"date":"2006-04-06T00:00:00","date_gmt":"2006-04-06T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/04\/06\/new-security-directions-for-removable-usb-devices\/"},"modified":"2021-12-30T11:36:34","modified_gmt":"2021-12-30T11:36:34","slug":"new-security-directions-for-removable-usb-devices","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/04\/06\/new-security-directions-for-removable-usb-devices\/","title":{"rendered":"New Security Directions for Removable USB Devices"},"content":{"rendered":"<p>The development and adoption of removable USB mass storage is truly remarkable.  On the other hand, most security officers wish that this technology didn&#8217;t exist at all.  First of all it is a medium that can carry computer viruses and software that shouldn&#8217;t be used in the corporate environment.  To deal with this issue, some organizations have disabled USB ports through the BIOS, while others have gone to the more extreme measure of filling the USB connectors with a thick epoxy adhesive.  Surprisingly, there are very compelling advances to be gained in the security industry by properly harnessing the power and protocol of USB mass storage.  As any technology evolves we always see more features and functionality being added to newer models of devices.  Some flash drives even have fingerprint sensors and processors built in so that biometric authentication of the owner is required before the storage can be accessed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>They can be simple credentials such as usernames and passwords, or more complex forms such as PKI based X509 certificates or claims based assertions in SAML tokens.  To be really useful in today&#8217;s identity infrastructures an identity device must be more than a secure store of static credentials.  It must also be able to generate cryptographic keys, perform digital signature operations, parse request messages and emit security tokens in standard formats. One doesn&#8217;t normally associate these operations with USB storage.<\/p>\n<p>In fact, digital identity functions are very different from mass storage, but that doesn&#8217;t mean that they cannot exist on the same device, just as digital cameras now exist on cell phones.  After all, digital identity devices already exist in other form factors such as smart cards and yes, USB key fobs.<\/p>\n<p>Portability has been the Achilles&#8217; heel of smart cards and USB tokens.  <\/p>\n<p>Even when you have deployed a smart card solution with all of the required components and middleware, you&#8217;ll probably find that the solution won&#8217;t work with another brand of smart card without swapping in new middleware components.  The U.S. Government has addressed these interoperability challenges by developing GSC-IS (Government Smart Card Interoperability Specification) so that they can deploy smart cards to federal employees without being tied to one smart card or middleware provider.<\/p>\n<p>This opens up a whole new set of possibilities for security operations as much more data can be sent and retrieved than what was previously possible on devices such as smart cards.  The widespread native support and high bandwidth of the USB mass storage interface enables a digital identity device to be truly portable and accept high level application messages through a protocol that is as simple as reading and writing to a file.<\/p>\n<p>http:\/\/www.it-observer.com\/articles\/1104\/new_security_directions_removable_usb_devices\/<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-126","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=126"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/126\/revisions"}],"predecessor-version":[{"id":2613,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/126\/revisions\/2613"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}