How to Safely Store Information on a USB Flash Drive
A USB flash drive is a familiar and reliable medium of storing information. Even though cloud storage has been replacing them more and more recently, a lot of flash drives are still being sold and bought.
After all, not everywhere has a broad and stable internet connection, and in some places and institutions, the internet may be banned altogether. In addition, we must not forget that a significant number of people, for various reasons, are distrustful of various kinds of “clouds.”
Today, we’ll tell you about the real security of USB flash drives.
How to protect your data on the internet. Read more here.
USB flash drives: essentials
We have all been used to flash drives for a long time. Many of us remember how USB mass storage support timidly first appeared in Windows 2000, and then a little later on Windows Me. Many people understand how convenient it is to use flash drives now and remember how previously we all suffered with unreliable floppy disks and impractical optical disks.
Around 2004, the author of these lines was the happiest owner of a nice 128-megabyte USB carrier in the most fashionable case with a metal insert. It was my faithful companion and keeper of valuable information for many years, until I finally lost it along with a bunch of keys to which it was attached.
The loss of keys is a fairly ordinary event that probably happens to everyone, but it made me urgently change all the locks in the house.
The thing is, in the wilderness of files on my USB flash drive there were scans of my passport, made just in case (who knows when passport scans may come in handy?). And in combination with real keys to a real apartment, registration data turns into a tempting opportunity even for those people who may not have thought about apartment thefts before.
What did this incident teach us?
First, take care of your things. And secondly, any information that can be used to harm you in any way, even indirectly, must be protected.
What can flash drives offer in terms of protection?
The first, most obvious option, is flash drives with hardware protection and without external software control. They usually have a keyboard on the case and everything in them seems to be well protected, but they cost wild money for the most part, maybe due to their small-scale, or maybe the greed of the sellers. Obviously, due to the high cost, they did not find much distribution.
The second option is mounted software protection for a regular USB flash drive.
There are many options (they can be easily googled), but they all have a clear plus in the form of almost zero cost, along with the inevitable limitations associated with the need to install special software on a computer. But the main disadvantage of hinged protection is its weakness.
- What is the weakness, you ask?
The fact is that any program encrypting disks uses as an encryption key a sequence obtained by a special algorithm, for example PBKDF, from the password that you will use to unlock it. And something tells me it is unlikely that the password, which will have to be typed often, will be long and complex.
If the password is short and simple, then it will not be so difficult to pick it up from the dictionary.
An attacker, having taken possession of your encrypted flash drive, even for a short time, can copy a cryptographic container from it. You will think that the data is still safe. But in fact, all this time someone is strenuously picking the lock of your container and is getting closer to his goal by the minute.
Therefore, if you are not an enemy to yourself, then the password should be “persistent.” But since you then have to type the same “persistent” password repeatedly, this begins to contradict the statement in the previous line.
- What to do, you ask?
Is it possible to put hardware protection between the protected flash memory and the computer so that it is convenient, reliable, and more or less accessible? So at least it was possible to do without a monstrous case with hardware buttons.
A secure flash drive still exists
In Rutoken EDS 2.0 flash devices, flash memory is connected via a special protected controller, the firmware of which, the Rutoken card operating system, is entirely developed by the specialists of the Aktiv company.
A special control module is built into this firmware, which controls the data flows entering and exiting the flash drive.
Since the Rutoken card operating system has for centuries had functionality that provides access to cryptographic keys of an electronic signature by PIN codes, they implemented a kind of “gate” in it, which can be opened, closed, or opened in one-way mode (for example, read-only.) This valve is controlled by a PIN code. Without knowing the code, the valve cannot be turned.
Now imagine that such a valve is in the “closed” position by default. To open it, you need to present a PIN code that only you know. Moreover, the valve closes automatically when the device is removed from the computer. And the number of attempts to enter the wrong PIN is strictly limited. Moreover, the device is protected from physical hacking and extraction of the flash card.
It turns out to be a completely safe, reliable and convenient system. They implemented it in the form of a small control program called “Rutoken Disk.”
The flash memory of the Rutoken EDS 2.0 device, on which the Rutoken Disk runs, is divided into two areas: one for an emulating CD-ROM partition with a control program; the second for user data.
When you connect such a device to your computer, you will see two physical disks. The CD-ROM partition is immediately readable and automatically mounted, and a nice window pops up in Windows operating systems.
The protected partition looks like a memory card reader, but without a card inserted into it, there is no access to data.
However, by launching the application and entering a simple PIN code, you instantly get access to your files.
The token itself has been on sale for many years, and the possibility of implementing a protected flash drive was originally in it. The Rutoken application has been downloaded to the token to organize secure access.
If you trust your information to a regular flash drive, keep it as the apple of your eye. In the case of Rutoken, EDS 2.0 Flash and Rutoken Disk — you can be much calmer about the confidentiality of your data. Although you should never completely relax.
We will answer some questions in advance that someone may have:
- GUI for macOS and Linux — it will be.
- The ability to open a protected partition in read-only mode to safely shove the flash drive into the most unpredictable places will be.
A button for safely extracting the partition, so as not to poke the mouse into the tray — it will be.