USB Flash Drives: Protecting USB Flash Drives: Protecting Data And Enhancing StorageData And Enhancing Storage

Steffen HellmoldSteffen HellmoldVP and General ManagerVP and General ManagerUFD BUUFD BULexarLexar

Presentation OutlinePresentation Outline

History of UFD standardization History of UFD standardization

User’s security value metricsUser’s security value metrics

Advantages of standard security solutionsAdvantages of standard security solutions

Evolution of the UFD – a visionEvolution of the UFD – a vision

USB Lockable Storage Device specificationUSB Lockable Storage Device specification

Compelling technology design considerationsCompelling technology design considerations

Future Lexar technologiesFuture Lexar technologies

DemoDemo

Call to actionCall to action

Additional resourcesAdditional resources

History Of Lexar’s UFD History Of Lexar’s UFD Standardization EffortsStandardization Efforts

At WinHEC 2003 four aspects of USB flash At WinHEC 2003 four aspects of USB flash drives requiring additional standardizationdrives requiring additional standardizationwere identifiedwere identified

New category name for USB Flash Drive (UFD)New category name for USB Flash Drive (UFD)UFDA founded end of 2003, initially focused on establishing UFDA founded end of 2003, initially focused on establishing category name and educate consumers about UFDscategory name and educate consumers about UFDs

Physical Form Factor for USB Flash DrivePhysical Form Factor for USB Flash DriveUSB-IF approved the Series ‘A’ PlugUSB-IF approved the Series ‘A’ Plugform factor Guideline 1.0 – 2005form factor Guideline 1.0 – 2005

Bootability support for USB Flash DrivesBootability support for USB Flash DrivesWindows Vista “Core System” logo certificationWindows Vista “Core System” logo certificationrequirement (Consumer and Business SKUs)requirement (Consumer and Business SKUs)

Security for USB Flash DrivesSecurity for USB Flash Drives

Easy to Use

Low Cost Highly SecureSolution

User’s Security Value MetricsUser’s Security Value Metrics

Advantages Of Standard Advantages Of Standard Security SolutionsSecurity Solutions

No need to exploitNo need to exploit“Windows XP backdoors”“Windows XP backdoors”and use spoofing to launchand use spoofing to launchpassword systems softwarepassword systems software

Seamless integrationSeamless integrationinto Windowsinto Windows

Avoiding legacy issuesAvoiding legacy issues

Don’t need to use VendorDon’t need to use Vendorunique commands limitingunique commands limitingthe solutions to specific hardwarethe solutions to specific hardware

One UFD

Evolution Of The UFD – A VisionEvolution Of The UFD – A Vision

PastPastIn the beginning, USB Flash Drives (UFDs) enabledIn the beginning, USB Flash Drives (UFDs) enabledtheir users to take their users to take their datatheir data with them with them everywhereeverywhere

PresentPresentThen, USB Flash Drive manufactures created small, stand-alone, Then, USB Flash Drive manufactures created small, stand-alone, proprietary applicationsproprietary applications which could be run from the UFDswhich could be run from the UFDs

Today, Today, Portable Working EnvironmentsPortable Working Environments enable us to install enable us to installand run a wide variety of programs from our UFDsand run a wide variety of programs from our UFDs

FutureFutureMy data My data →→ my data and apps my data and apps →→ my data and apps and OS my data and apps and OS

UFDs: Protecting Data UFDs: Protecting Data And Enhancing StorageAnd Enhancing Storage

Martin FuruhjelmMartin FuruhjelmDesign ManagerDesign ManagerEnterprise and OEM ProductsEnterprise and OEM ProductsLexarLexar

USB Lockable StorageUSB Lockable Storage

PurposePurposeUSB-IF Implementers Forum international USB-IF Implementers Forum international standard-royalty freestandard-royalty free

Extend USB Mass Storage ClassExtend USB Mass Storage Classto allow hosts and devices to lockto allow hosts and devices to lockand unlock storage, without breakingand unlock storage, without breakinglegacy behaviors that exists todaylegacy behaviors that exists today

Key ScenariosKey ScenariosProtect for loss/theftProtect for loss/theft

Ensure privacy of dataEnsure privacy of data

What Is USB Lockable Storage?What Is USB Lockable Storage?

Legacy / Impersonal Legacy / Impersonal ModeMode

USB Locking User ExperienceUSB Locking User Experience

Plug-inPlug-in Successful Successful PassphrasePassphrase

USB Lockable Storage USB Lockable Storage Feature NegotiationFeature Negotiation

Feature negotiationFeature negotiationNo impact on legacy systemsNo impact on legacy systems

Lockable Storage InterfaceLockable Storage InterfaceExtension Descriptor (LSIED) Extension Descriptor (LSIED)

USB parser already knows how to handle USB parser already knows how to handle Extension Descriptors from HID devicesExtension Descriptors from HID devices

Allows future features to be addedAllows future features to be added

USB Lockable Storage USB Lockable Storage Command SetCommand Set

Nine new USB commands specifiedNine new USB commands specifiedStore, match, and change PassphraseStore, match, and change Passphrase

Erase Passphrase (return to Impersonal)Erase Passphrase (return to Impersonal)

Electronic unplugElectronic unplugOriginally used to update firmwareOriginally used to update firmware

Now we change PIDs to unlockNow we change PIDs to unlock

Compelling Technology Compelling Technology Design ConsiderationsDesign Considerations

Personal storage device environmentPersonal storage device environment

Integrating support intoIntegrating support intothe Windows Storage Stackthe Windows Storage Stack

PC OEM and Enterprise concernsPC OEM and Enterprise concerns

Value add opportunitiesValue add opportunities

Reusable architectureReusable architecture

The Personal Storage The Personal Storage Device EnvironmentDevice Environment

Legacy OSLegacy OS

New OSNew OS

1998 – 20051998 – 2005

LegacyLegacy“MSC Device”“MSC Device”

2006 – 20xx2006 – 20xx

NewNew“Personal Storage “Personal Storage

Device”Device”

11 22

33 44

Window’s USB Stack ChangesWindow’s USB Stack Changes

A new Device ClassA new Device ClassRequires additional driverRequires additional driverfor locked devicesfor locked devices

Launches Windows “Found New Hardware” Launches Windows “Found New Hardware” experience if locked and no driverexperience if locked and no driver

When device is unlocked we switchWhen device is unlocked we switchback to USBSTOR.SYSback to USBSTOR.SYS

USBSTOR.SYSUSBSTOR.SYSStandard Windows driverStandard Windows driverfor USB mass storagefor USB mass storage

USB.SYS

Hardware Device

User

Application

Vendor Unique

USB.SYS

User

Lexar’s PSD-Lock™

USBSTOR.SYSLocked

Device driver

Window’s USB Stack ChangesWindow’s USB Stack Changes

Provided by

Microsoft

ISV

IHV

USB.SYS

Std. Device

User

Application

USBSTOR.SYS

Lexar

Windows InboxWindows Inbox

Technology BenefitsTechnology Benefits

Open architectureOpen architectureHigh percentage of end-userHigh percentage of end-userlost/theft scenarios addressedlost/theft scenarios addressedNo additional system/device overheadNo additional system/device overheadEnables features for all marketsEnables features for all marketsConsumer level locking Consumer level locking withoutwithoutadditional costadditional costExtensible architecture for moreExtensible architecture for morecomplex locking policiescomplex locking policiesNo licensing feesNo licensing fees

Added Value OpportunitiesAdded Value Opportunities

Easy to Use

Low Cost Highly Secure

USBLockableStorage

Password strength protectionPassword strength protectionmechanisms Biometricsmechanisms Biometrics

Add HW Encryption Add HW Encryption

Integrate into CentrallyIntegrate into CentrallyManaged softwareManaged software

Harden saved passwords in WindowsHarden saved passwords in Windows

Continued standards activityContinued standards activity

Built-in Windows Shell supportBuilt-in Windows Shell support

Continued standards activityContinued standards activity

PC Industry adoption PC Industry adoption

Continued standards activityContinued standards activity

Built-in Windows driver supportBuilt-in Windows driver support

USB Lockable StorageUSB Lockable Storage

Pat LaVarrePat LaVarreDesign EngineerDesign EngineerOEM ProductsOEM Products

Future Lexar TechnologiesFuture Lexar Technologies

Solutions ForSolutions ForA Reusable ArchitectureA Reusable Architecture

Locking otherLocking otherUSB “Things”USB “Things”

Discourage theftDiscourage theft

AuthenticationAuthenticationDevice to HostDevice to Host

Host to DeviceHost to Device

Fixing USB flash card readersFixing USB flash card readersWhich drive did I insert my media into?Which drive did I insert my media into?

Call To ActionCall To Action

OEMs, ODMs, IHVs, and ISVsOEMs, ODMs, IHVs, and ISVsSupport USB Lockable StorageSupport USB Lockable Storage

Send feedback to Microsoft at Send feedback to Microsoft at

MicrosoftMicrosoftProvide Windows logo requirementsProvide Windows logo requirementsfor USB Lockable Storagefor USB Lockable Storage

Provide inbox support for USB Lockable Provide inbox support for USB Lockable Storage in Windows VistaStorage in Windows Vista

hec6stor @ microsoft.comhec6stor @ microsoft.com

Additional ResourcesAdditional Resources

Web ResourcesWeb ResourcesJoin USB-IF Join USB-IF http://www.usb.orghttp://www.usb.org AuthenticationAuthentication

IEEE 1667 IEEE 1667 http://standards.ieee.org/announcements/pr_p1667.htmlhttp://standards.ieee.org/announcements/pr_p1667.htmlTCG TCG https://www.trustedcomputinggroup.org/groups/storage/https://www.trustedcomputinggroup.org/groups/storage/

MicrosoftMicrosoftWindows Logo Program 3.0Windows Logo Program 3.0http://www.microsoft.com/whdc/winlogo/HWrequirements.mspxhttp://www.microsoft.com/whdc/winlogo/HWrequirements.mspx

Lexar White PapersLexar White PapersUSB Flash Drives to revolutionize Removable Storage in Personal USB Flash Drives to revolutionize Removable Storage in Personal Computing Computing www.lexar.comwww.lexar.com

Related SessionsRelated SessionsSession name: Personal Storage: Opportunities and Challenges Session name: Personal Storage: Opportunities and Challenges for Pocket-Sized Storage Devices in the Windows Worldfor Pocket-Sized Storage Devices in the Windows World

Email alias Email alias Winhec2006 @ lexar.com

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,

it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.