usb flash drives: protecting data and enhancing storage steffen hellmold vp and general manager ufd...
TRANSCRIPT
USB Flash Drives: Protecting USB Flash Drives: Protecting Data And Enhancing StorageData And Enhancing Storage
Steffen HellmoldSteffen HellmoldVP and General ManagerVP and General ManagerUFD BUUFD BULexarLexar
Presentation OutlinePresentation Outline
History of UFD standardization History of UFD standardization
User’s security value metricsUser’s security value metrics
Advantages of standard security solutionsAdvantages of standard security solutions
Evolution of the UFD – a visionEvolution of the UFD – a vision
USB Lockable Storage Device specificationUSB Lockable Storage Device specification
Compelling technology design considerationsCompelling technology design considerations
Future Lexar technologiesFuture Lexar technologies
DemoDemo
Call to actionCall to action
Additional resourcesAdditional resources
History Of Lexar’s UFD History Of Lexar’s UFD Standardization EffortsStandardization Efforts
At WinHEC 2003 four aspects of USB flash At WinHEC 2003 four aspects of USB flash drives requiring additional standardizationdrives requiring additional standardizationwere identifiedwere identified
New category name for USB Flash Drive (UFD)New category name for USB Flash Drive (UFD)UFDA founded end of 2003, initially focused on establishing UFDA founded end of 2003, initially focused on establishing category name and educate consumers about UFDscategory name and educate consumers about UFDs
Physical Form Factor for USB Flash DrivePhysical Form Factor for USB Flash DriveUSB-IF approved the Series ‘A’ PlugUSB-IF approved the Series ‘A’ Plugform factor Guideline 1.0 – 2005form factor Guideline 1.0 – 2005
Bootability support for USB Flash DrivesBootability support for USB Flash DrivesWindows Vista “Core System” logo certificationWindows Vista “Core System” logo certificationrequirement (Consumer and Business SKUs)requirement (Consumer and Business SKUs)
Security for USB Flash DrivesSecurity for USB Flash Drives
Easy to Use
Low Cost Highly SecureSolution
User’s Security Value MetricsUser’s Security Value Metrics
Advantages Of Standard Advantages Of Standard Security SolutionsSecurity Solutions
No need to exploitNo need to exploit“Windows XP backdoors”“Windows XP backdoors”and use spoofing to launchand use spoofing to launchpassword systems softwarepassword systems software
Seamless integrationSeamless integrationinto Windowsinto Windows
Avoiding legacy issuesAvoiding legacy issues
Don’t need to use VendorDon’t need to use Vendorunique commands limitingunique commands limitingthe solutions to specific hardwarethe solutions to specific hardware
One UFD
Evolution Of The UFD – A VisionEvolution Of The UFD – A Vision
PastPastIn the beginning, USB Flash Drives (UFDs) enabledIn the beginning, USB Flash Drives (UFDs) enabledtheir users to take their users to take their datatheir data with them with them everywhereeverywhere
PresentPresentThen, USB Flash Drive manufactures created small, stand-alone, Then, USB Flash Drive manufactures created small, stand-alone, proprietary applicationsproprietary applications which could be run from the UFDswhich could be run from the UFDs
Today, Today, Portable Working EnvironmentsPortable Working Environments enable us to install enable us to installand run a wide variety of programs from our UFDsand run a wide variety of programs from our UFDs
FutureFutureMy data My data →→ my data and apps my data and apps →→ my data and apps and OS my data and apps and OS
UFDs: Protecting Data UFDs: Protecting Data And Enhancing StorageAnd Enhancing Storage
Martin FuruhjelmMartin FuruhjelmDesign ManagerDesign ManagerEnterprise and OEM ProductsEnterprise and OEM ProductsLexarLexar
USB Lockable StorageUSB Lockable Storage
PurposePurposeUSB-IF Implementers Forum international USB-IF Implementers Forum international standard-royalty freestandard-royalty free
Extend USB Mass Storage ClassExtend USB Mass Storage Classto allow hosts and devices to lockto allow hosts and devices to lockand unlock storage, without breakingand unlock storage, without breakinglegacy behaviors that exists todaylegacy behaviors that exists today
Key ScenariosKey ScenariosProtect for loss/theftProtect for loss/theft
Ensure privacy of dataEnsure privacy of data
What Is USB Lockable Storage?What Is USB Lockable Storage?
Legacy / Impersonal Legacy / Impersonal ModeMode
USB Locking User ExperienceUSB Locking User Experience
Plug-inPlug-in Successful Successful PassphrasePassphrase
USB Lockable Storage USB Lockable Storage Feature NegotiationFeature Negotiation
Feature negotiationFeature negotiationNo impact on legacy systemsNo impact on legacy systems
Lockable Storage InterfaceLockable Storage InterfaceExtension Descriptor (LSIED) Extension Descriptor (LSIED)
USB parser already knows how to handle USB parser already knows how to handle Extension Descriptors from HID devicesExtension Descriptors from HID devices
Allows future features to be addedAllows future features to be added
USB Lockable Storage USB Lockable Storage Command SetCommand Set
Nine new USB commands specifiedNine new USB commands specifiedStore, match, and change PassphraseStore, match, and change Passphrase
Erase Passphrase (return to Impersonal)Erase Passphrase (return to Impersonal)
Electronic unplugElectronic unplugOriginally used to update firmwareOriginally used to update firmware
Now we change PIDs to unlockNow we change PIDs to unlock
Compelling Technology Compelling Technology Design ConsiderationsDesign Considerations
Personal storage device environmentPersonal storage device environment
Integrating support intoIntegrating support intothe Windows Storage Stackthe Windows Storage Stack
PC OEM and Enterprise concernsPC OEM and Enterprise concerns
Value add opportunitiesValue add opportunities
Reusable architectureReusable architecture
The Personal Storage The Personal Storage Device EnvironmentDevice Environment
Legacy OSLegacy OS
New OSNew OS
1998 – 20051998 – 2005
LegacyLegacy“MSC Device”“MSC Device”
2006 – 20xx2006 – 20xx
NewNew“Personal Storage “Personal Storage
Device”Device”
11 22
33 44
Window’s USB Stack ChangesWindow’s USB Stack Changes
A new Device ClassA new Device ClassRequires additional driverRequires additional driverfor locked devicesfor locked devices
Launches Windows “Found New Hardware” Launches Windows “Found New Hardware” experience if locked and no driverexperience if locked and no driver
When device is unlocked we switchWhen device is unlocked we switchback to USBSTOR.SYSback to USBSTOR.SYS
USBSTOR.SYSUSBSTOR.SYSStandard Windows driverStandard Windows driverfor USB mass storagefor USB mass storage
USB.SYS
Hardware Device
User
Application
Vendor Unique
USB.SYS
User
Lexar’s PSD-Lock™
USBSTOR.SYSLocked
Device driver
Window’s USB Stack ChangesWindow’s USB Stack Changes
Provided by
Microsoft
ISV
IHV
USB.SYS
Std. Device
User
Application
USBSTOR.SYS
Lexar
Windows InboxWindows Inbox
Technology BenefitsTechnology Benefits
Open architectureOpen architectureHigh percentage of end-userHigh percentage of end-userlost/theft scenarios addressedlost/theft scenarios addressedNo additional system/device overheadNo additional system/device overheadEnables features for all marketsEnables features for all marketsConsumer level locking Consumer level locking withoutwithoutadditional costadditional costExtensible architecture for moreExtensible architecture for morecomplex locking policiescomplex locking policiesNo licensing feesNo licensing fees
Added Value OpportunitiesAdded Value Opportunities
Easy to Use
Low Cost Highly Secure
USBLockableStorage
Password strength protectionPassword strength protectionmechanisms Biometricsmechanisms Biometrics
Add HW Encryption Add HW Encryption
Integrate into CentrallyIntegrate into CentrallyManaged softwareManaged software
Harden saved passwords in WindowsHarden saved passwords in Windows
Continued standards activityContinued standards activity
Built-in Windows Shell supportBuilt-in Windows Shell support
Continued standards activityContinued standards activity
PC Industry adoption PC Industry adoption
Continued standards activityContinued standards activity
Built-in Windows driver supportBuilt-in Windows driver support
USB Lockable StorageUSB Lockable Storage
Pat LaVarrePat LaVarreDesign EngineerDesign EngineerOEM ProductsOEM Products
Future Lexar TechnologiesFuture Lexar Technologies
Solutions ForSolutions ForA Reusable ArchitectureA Reusable Architecture
Locking otherLocking otherUSB “Things”USB “Things”
Discourage theftDiscourage theft
AuthenticationAuthenticationDevice to HostDevice to Host
Host to DeviceHost to Device
Fixing USB flash card readersFixing USB flash card readersWhich drive did I insert my media into?Which drive did I insert my media into?
Call To ActionCall To Action
OEMs, ODMs, IHVs, and ISVsOEMs, ODMs, IHVs, and ISVsSupport USB Lockable StorageSupport USB Lockable Storage
Send feedback to Microsoft at Send feedback to Microsoft at
MicrosoftMicrosoftProvide Windows logo requirementsProvide Windows logo requirementsfor USB Lockable Storagefor USB Lockable Storage
Provide inbox support for USB Lockable Provide inbox support for USB Lockable Storage in Windows VistaStorage in Windows Vista
hec6stor @ microsoft.comhec6stor @ microsoft.com
Additional ResourcesAdditional Resources
Web ResourcesWeb ResourcesJoin USB-IF Join USB-IF http://www.usb.orghttp://www.usb.org AuthenticationAuthentication
IEEE 1667 IEEE 1667 http://standards.ieee.org/announcements/pr_p1667.htmlhttp://standards.ieee.org/announcements/pr_p1667.htmlTCG TCG https://www.trustedcomputinggroup.org/groups/storage/https://www.trustedcomputinggroup.org/groups/storage/
MicrosoftMicrosoftWindows Logo Program 3.0Windows Logo Program 3.0http://www.microsoft.com/whdc/winlogo/HWrequirements.mspxhttp://www.microsoft.com/whdc/winlogo/HWrequirements.mspx
Lexar White PapersLexar White PapersUSB Flash Drives to revolutionize Removable Storage in Personal USB Flash Drives to revolutionize Removable Storage in Personal Computing Computing www.lexar.comwww.lexar.com
Related SessionsRelated SessionsSession name: Personal Storage: Opportunities and Challenges Session name: Personal Storage: Opportunities and Challenges for Pocket-Sized Storage Devices in the Windows Worldfor Pocket-Sized Storage Devices in the Windows World
Email alias Email alias Winhec2006 @ lexar.com
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.