“COMPANY CARELESSLY LOSES PRIVATE CUSTOMER DATA... FILM AT 11”

Are you already bored reading headlines like that? I know I am. It seems as though the cliché With Monotonous Regularity was invented for exactly this situation.

What often seems to happen is that an employee innocently takes home a copy of the data on some sort of USB storage device, which he then carelessly loses. Cue much tut-tutting and head-shaking among the data-security cognoscenti. “How hard can it be to encrypt the data?” they wail.

In the real world, it turns out, for most users the answer is “pretty hard.” In that case, why didn’t the IT department ensure that data going outside were encrypted? I’d argue that this is the question we should be asking.

So here’s how to do just that — enforce encryption on all removable drives — without losing your sanity.

Problem: Users Take the Path of Least Resistance

To summarize the summary of the summary: people are a problem.
—Douglas Adams: The Hitchhiker’s Guide to the Galaxy, Fit the Twelfth, 1980

The sad fact is this: For most users, encryption for portable devices is simply too difficult. And for “too difficult,” read: “Didn’t use.”

Yes, despite IT departments and CSOs setting policy that people should only use encrypted media, it’s simply too easy for those pesky users to quietly slide an insecure USB flash drive into their PC.

The simplest and most transparent way for users to securely use portable storage is by using whole-disk encryption. This way, users don’t have to worry about remembering to encrypt data; they just plug in the storage device, authenticate, and use the disk volume as normal.

But even software-based whole disk encryption is fraught with difficulties, which only encourages users to do the wrong thing.

They just want to take their stuff home to work on. But it’s unlikely that the version of Windows they have at home includes BitLocker, Microsoft’s native Windows disk encryption scheme. Windows Vista doesn’t support it for removable drives, the Home editions of Windows 7 don’t have it, Windows XP’s never heard of it, and, of course, neither has Mac OS.

The alternative is to use third-party software, such as TrueCrypt, CheckPoint, or SecureDoc. But even this can be too much of a roadblock for normal users, not to mention the additional hassle of providing remote support for a wide range of unknown PC configurations at employees’ homes.

Solution: Hardware Encryption

A better solution is automatic, hardware-based encryption. In these drives, the cryptography is performed in hardware, inside the device itself.

The most useful types of these devices require no additional software to be installed on the user’s PC. Because it presents itself to the computer as a standard USB 2.0 or 3.0 mass storage device, these devices should be compatible with any currently-supported version of Windows, Mac OS, or Linux.

They work identically to conventional USB hard drives, but with the addition of some means to authenticate the user, effected within the storage device.

Authentication and Authorization

A hardware-encrypted drive needs some way to authenticate (identify) users. It does this to ensure the user is authorized (allowed) to read and write data to and from the drive. After the user plugs in the drive, she must successfully authenticate before the drive becomes ready for use by the host PC.

The devices on the market today authenticate using one of several different methods, without requiring additional driver or other software to be installed. They include:

• Password or PIN: These drives have a small keyboard or touch-screen built-into the case. Users type in their password to be authenticated.
  
  IMAGE SOURCE: Data Locker, Inc.
  
  
• Biometrics: These drives identify the user by measuring something unique to the user’s body. This is most commonly accomplished using a fingerprint reader; the user swipes a finger to be authenticated.
  
  IMAGE SOURCE: Apricorn, Inc.
  
  
• Two-factor authentication (2FA): As with the password-protected drive, the user types in a code to authenticate. However, the code is not in this case a static password; instead, it’s a frequently-changing code, generated by a 2FA device, such as an RSA SecurID fob.
  
  IMAGE SOURCE: EMC Corp.
  
  
• Smartcard: Another form of 2FA; the drive requires the user to insert an identifying card into a slot and enter a passcode. This smartcard is highly resistant to copying, using technology similar to GSM mobile-phone SIM cards.
  
  IMAGE SOURCE: High Density Devices AS
  
  

In many device types, more than one user can be authorized to use the drive. Some also allow an administrator additional capabilities — e.g., enrolling users and revoking their access.

Myths about Fingerprint Scanners

Biometric fingerprint scanners used to have a bad name, thanks to security researchers such as Tsutomu Matsumoto. In 2002, a team led by Matsumoto-shi at the University of Yokohama showed that the scanners available at the time could be fooled by impressions of the user’s fingerprint embossed into gelatin — the so-called Gummi Bear hack.

The fallout from this nine-year-old research still haunts today’s fingerprint scanners. However, modern sensors have overcome these shortcomings. They typically use a capacitive, transdermal sensing technique, which requires the presence of an actual, live finger.

Enforcing the Use of Encrypted Drives

So how can IT prevent the use of non-blessed drives? Many operating systems allow a centralized IT function to push policy-based restrictions to desktops.

The general idea is to prevent all removable storage devices, except those enumerated by the IT department. This has the added benefit of preventing users from inadvertently bringing in malware on USB sticks, a common infection vector.

For example, in Windows Vista and Windows 7, this Group Policy Object (GPO) controls removable device installation:

System\Device Installation\Device Installation Restrictions

To restrict devices to only those you permit, configure these policies:

• Prevent installation of devices not described by other policy settings
• Allow installation of devices that match these device IDs
• Allow installation of devices for these device classes
• Allow administrators to override device installation policy

Do not be distracted by the Removable Storage Access policy settings; these aren’t flexible enough to support whitelisting of devices.

These policies work at device installation, so they won’t affect devices users may already be using. For more details, see Microsoft TechNet.

You may also find that you’re already using a Data Leakage Protection (DLP) suite that can enforce such a policy; it may also offer more fine-grained rules. However, be wary of the near-magical claims made by many DLP vendors. DLP is not the silver bullet it’s often made out to be; you can’t simply assume it’ll perfectly enforce anything but the simplest policies.

Internal Encrypted Drives for Laptops

A similar threat to data-at-rest lies in the hard drives in your users’ laptops. These also need to be encrypted, assuming they could contain confidential information.

Many laptops manufactured in the past few years support a “pre-boot authentication” BIOS extension. As its name suggests, this authenticates the user — e.g., with a password or smartcard — before booting the laptop’s operating system. Many hard drives can encrypt data written to the disk, integrating with the BIOS extension to control access to the encrypted data. In this way, an encrypted drive that’s removed from its laptop is unreadable, even using low-level forensic techniques.

Some desktop PCs and hard drives also support this encryption mechanism, which can be useful to mitigate risks from burglary and other scenarios where data-at-rest in PCs are vulnerable.

If you use this technique, be aware that many PCs do not prompt the user for a password if the machine is resumed from a suspended state (e.g. ACPI sleep state S3). I recommend you test your laptops to find out how yours behave. If it doesn’t authenticate the user, the risk is that the laptop may fall into unauthorized hands while sleeping, which would not protect your data. If you believe this problem presents an unacceptable risk, you may decide to reconfigure your laptops to only ever hibernate (ACPI S4).

128- or 256-bit Key Length?

Most encrypted drives use the Advanced Encryption Standard (AES) algorithm to encrypt the data. This is a mature, well-proven method, adopted by the U.S. Government (U.S. FIPS PUB 197). Some drives use a key length of 128 bits, some 256 bits.

The larger the key, the more difficult it is for a bad actor to decrypt your data by brute force — i.e., trying every possible key. Doubling the key size from 128 to 256 bits doesn’t just double the difficulty of cracking the key; it theoretically makes it more than a thousand-million-million-million-million-million-million times more difficult (2¹²⁸, or 3 × 10³⁸).

That’s not to say it’s in any way “easy” to crack a 128-bit key by brute force with today’s technology. However, if you assume that the expected lifetime of an encrypted drive is three years, you might conclude that a 128-bit device will be unacceptably insecure in 2014. If so, paying extra for a device with a 256-bit key might be a good idea. Note that the tradeoff with larger keys may be a slightly lower laptop battery life.

In summary: Full-disk encryption on portable drives is a great idea to protect data-at-rest, but beware of the hidden costs of software solutions. A much better idea is to use hardware-encrypted drives, with built-in authentication, because they don’t need additional software. It’s also advisable to set and enforce a policy that users may only plug in these types of drives.