About journal Subscribe and distribution Advertising


29 октября 2014

About Insiders and USB Drives


Discussions about the reasons that make an employee a source of problems, i.e. an insider, are quite frequent today. Everything to do with people and their motives is always interesting, but there is an area where the problem of insiders can be resolved without going deep into the psychology of the phenomenon. This is about the use of USB drives in an organization.

Unlike threats to data in networks or on local computers posed in the form of various attacks, threats associated with USB drives are characterized by very powerful common signs of possible attacks: gaining physical possession of a device and access to its memory on any PC.

It is extremely difficult and practically impossible to protect a small device against theft (or discovery as a result of purposeful search, provocation of loss) by using technical methods. It is also extremely difficult to take organizational measures as the user’s nature has a strong impact on the physical possession of such a small object: whether he/she is absent-minded or boastful, dishonest or trustful.

So the task of protecting a USB drive consists in making its illegal physical possession senseless. This is this logic that protected USB drives of the Secret family are based on.

Let us compare efficiency of counteraction to attacks on USB drives by using traditional methods and the Secret method.


A small device can be very easily lost, especially if its user is inattentive. One cannot be sure as to whether the lost memory stick has been lost or stolen or whether a person that has accidentally found it will not use its data. Availability of USB filters and DPL systems in the system of the organization is no comfort in this case. Such comfort would be even flouting to a certain extent.

The extent to which a PIN code may be helpful in this situation is a philosophic question. Today every student has programs for hacking PIN codes. Theoretically, this can be counteracted by increasing the length of PIN codes. But the longer the PIN code is, the higher the likelihood is that it is written on the memory stick body.

It is more difficult to match a fingerprint than a PIN code. But if we think how biometric authentication can be implemented in an ordinary memory stick, it becomes quite clear that the sample should be stored in this very memory stick (the memory stick has no other place to store it), and comparison should be made in the short-term memory of a PC (as a memory stick has no computational resources). All the results are obvious:

1) the system has access to a memory stick before authentication (otherwise how will it get the sample?);

2) the decision about matching is taken by the computer short-term memory (otherwise where?);

This means that an intruder can open a memory stick on a specially prepared computer (in other words, on his/her  computer).

Encrypted data in a memory stick perhaps represent the most convincing traditional method. However, this method has the same limitations as described for biometry: there is a key somewhere in the memory stick and information will be decrypted in the short-term memory of a PC. Correct authentication is required for the system to get access to the key. Therefore, encryption does not improve protection of a memory stick with a PIN code or with a fingerprint at all, as the only task is to communicate data about correct authentication.

What about using the Secret method?

An intruder has managed to get the Secret and connects it to his/her specially trained computer. Everything the intruder will see is a line "other device" in the "Devices". The intruder has no reasons for launching any special cracking programs as the system can see no connected removable disk.


No person is likely to fight to the bitter end for a small memory stick; it means that a serious intruder will easily find out the PIN code.

I am unwilling to fantasize about biometry.

Encryption will not be helpful for the same reasons: it is enough to find out data necessary to access the key.

What about using the Secret method?

It is normally not pleasant to use physical force, so an intruder is likely to leave the unwilling insider after taking his memory stick and finding out authentication information. And the Secret will not install on his/her computer and will not request a PIN code.

Developing a scenario of an action film, we could imagine that the intruder took the owner to make sure that the latter told him/her the right PIN code. If it does not match, he/she would treat the owner otherwise.

But the intruder will see that the memory stick is damaged, the drive does not appear in "My computer", and the PIN code cannot be entered anywhere.


Perhaps the most popular way of getting another person’s memory stick is to take it where its user left it for a couple of minutes and went to have a nap or a cup of coffee. At this moment the employee becomes an insider.

This case does not differ from a theft both, in terms of counteracting the intruder and in terms of the intruder’s actions.

However, in case of a theft or loss, the device owner knows about it. But in this situation the user can see the memory stick and has no reasons to worry.

In order to learn the PIN code or any other authentication information, the intruder’s computer (laptop) must be equipped with the minimum tools and the intruder has to be qualified to the minimum extent, but nothing of the above is required to record a harmful code in the memory stick or just infect it with viruses.

The system has access to the USB drive; therefore, the harmful software has access as well. Game over.

What about using the Secret method?

Before successful mutual authentication of the Secret with the computer and successful authentication of the user in the device, there is interaction with the authentication module of the Secret, which is physically separated from the USB device memory. The drive is not connected and is unavailable for the system either for reading or recording.

It should be noted that for cases where it is important to both prevent a successful attack and know about every attempt of attacks the Special Purpose Secret product maintains a message log of events recording all the attempts of connecting the device to various computers regardless of whether they were successful.

If you have any slightest suspicions (the USB drive seems to have been left in a different place), you can verify it to know for sure.


In fact, this is a soft variant of robbery, but it is also aggravated with additional circumstances:

1) the victim does not know (anyway at the beginning) that it has become a victim of an attempt and takes no timely measures;

2) having certain qualification, the intruder may build up a multilevel scenario of attacking the system, including both the memory stick seizure and data replacement (infecting the system or introducing certain bookmarks).

It is obvious that if memory sticks with a PIN code, biometry, and encryption are unprotected in case of removal or theft, they are unprotected in this case as well. On the contrary, trusting the intruder, the user will both enter the PIN code and make his/her fingerprint and make sure that the intruder does everything correctly.

What about using the Secret method?

There are two possible scenarios.

If the user does not know the way the protection system is organized (users do not have to know it), can work on legal computers and cannot work on illegal ones, he/she will think that either the computer is illegal or the memory stick is broken. In any case, even if he/she is extremely trusty, he/she will not be able to help the intruder open the Secret.

If the user knows how the Secret works, but the intruder manages to persuade him/her that the latter is right, the user will have to ask the administrator for permission to access and the administrator knows the policy of access control very well.


One cannot deny the fact that the PIN code, biometric authentication, or data encryption will not prevent the legal user from giving the memory stick to interested parties on beneficial terms or copying data on his/her home computer and sending them by e-mail, introducing any programs into the information system or data for the benefit of any third parties.

The legal user is the owner of his/her USB drive.

Should we accept it and suspect all those using memory sticks every time they take them home? We cannot verify the way they are used.

What about using the Secret method?

The main phase of the Secret access control system consists in mutual authentication of the device and the computer. The Secret has a database of computers and computers have a database of Secrets. Only after the Secret recognizes a computer permitted for it and the computer recognizes a device that can be used on it, the access control procedure passes to the phase of user authentication. In other words, if the Secret is connected to a different computer, it will not even find out whether the user is legal.

In this case, taking the Secret outside is senseless.

If the owner wants to be able to check the honesty of his/her employees at any time, find out whether they have attempted to connect the Secret, this can be done by using the Special Purpose Secret. The administrator can see records of all the events of connections, including unsuccessful ones, in its special message log. This will make it possible not to doubt, but to make sure that employees are honest. We know how important it is to trust your team; so we have created a tool for conquering doubts.

Всего проголосовало: 0



Комментировать могут только зарегистрированные пользователи

Новости банков и компаний

Выплаты «Сбербанк страхование жизни» за 2019 год выросли втрое
Новикомбанк начал выпуск карт «Мир» c отечественными чип-модулями
Компания «Ингосстрах-Жизнь» подвела итоги выплат по завершившимся в январе 2020г. договорам инвестиционного страхования жизни со стратегией «Сбалансированный рост»
Технологии мобильного антифрода от BSS на XII Уральском Форуме «Информационная безопасность финансовой сферы»

Календарь мероприятий

Ближайшие мероприятия