Data is becoming much more portable these days with thumb drives and smart phones that can easily have
gigabytes of storage. While the portability and ease of transfer of this data is beneficial, it can cause problems
when it is lost or stolen. Traditionally securing data on a storage device is achieved using data encryption
techniques. This can be accomplished using an encrypted filesystem such as TrueCrypt or some on-device
encryption scheme such as that performed by IronKey’s secure flash memory devices. This thesis explores
an alternate technique to secure data within a storage device. More precisely, a technique to authenticate
each I/O (Input/Output) request issued to the storage device is explored. The device authenticates requests
and responds to the request only when the authentication step succeeds. While authentication can occur
with each request and is valid only for the individual request, various alternate configurations are possible
where authentication is performed for various subsets of the requests. For example, authentication can be
enforced only for data reads, data writes, for specific (block) address regions, and so on. For requests
that fail authentication, the device may be configured with a number of response mechanisms. While these
responses can be virtually anything, some notable response actions would be to: (i) act as a faulty device, (ii)
respond with fake data (possibly from some onboard response prepared storage area), or (iii) destroy/erase
the stored data rendering the data completely unavailable. Depending on the level of security desired, these
failure modes can be temporary or permanent. Lastly, this approach can decouple the act of building an
authenticable I/O request from the host and storage devices. More specifically, the I/O requests can be
transmitted from the host to a third party for translation to an authenticable form. The third party could
be an online server system or a nearby bluetooth device. Thus, a lost or stolen device is decoupled from
the platform that builds authenticable requests thereby disabling access to the information stored in a lost
device.
In this thesis, the specific authenticating mechanism studied is to add a nonce to all I/O requests and then
digitally sign/verify each I/O request. To demonstrate the use of this security scheme, a mechanism for attaching digital signatures to each USB request is constructed. A filter driver is added to aWindows platform
to capture block requests to the USB device and route them with a nonce to a bluetooth device for computing
the digital signature to attach to the request. The bluetooth device returns the signature and the filter driver
packages it with the USB request for transmission to the USB device. A mass storage USB device was
modified to receive and authenticate the USB packets. Unfortunately, the process of securing information in
this manner is not without cost. Additional time and resources are spent signing, encrypting, and verifying
the data. The time spent accomplishing these activities is affected by Bluetooth transfer rates and the microcontrollers on the devices. In particular, the implementation in this thesis impacts performance negatively due to the increase in time needed to apply and verify the security measures. In the worst case, the same actions with security measures enabled take three orders of magnitude more time. The critical performance bottleneck is in the verification step on the USB device. Thus, faster, more advanced, microcontrollers could substantially improve performance and reduce the performance impact to a more managable level.