Encryption, the process of scrambling data to a level where only the correct key or device can decrypt the message. Encryption of USB devices is integral in boosting the security process of transferring data and the right level of encryption can be the difference between a secure file and leaked data.
In this guide, we run through the basics of encryption with the help of our Tech Experts at Kingston and give you the lowdown on how to get the most out of your USB security, the different levels of protection and how to select the security you need.
Introduction to Encryption
So first off what are the advantages of encryption?
“Encryption essentially scrambles data to human unreadable format, which prevents unauthorized access to the content. Only authorized users (ie the one with the encryption/decryption key) can access the content.
“Encryption is often used in data in transit and data at rest situations, ranging from protecting network traffic, operating systems and data on mobile devices such as removable devices.
“Encryption on our many USB drives, including Kingston’s’ is transparent to the user, and cannot be disabled (either maliciously or accidentally). This helps in adopting the technology as it’s easy to understand and get started with.”
Why should a business look encrypt their data?
“This decision is primarily based on placing a value on the data belonging to the business, and the cost incurred when a breach happens.
“If the employees tend to carry company data outside the organization, it makes sense to place emphasis on data protection on the devices used. This applies to laptops (BitLocker, TCG Opal, and other full disk encryption methods), mobile phones (complex PIN, device encryption) and mass storage (encrypted CD/DVD, encrypted USB drives). There are lots of examples of the cost of data loss, here’s a useful site I found which catalogues some of the loss/data figures.
“In some circumstances, it’s required to have an admin override, master password or other ways to access encrypted content for law enforcement, forensics or data loss/theft investigation purposes. However, some countries set a maximum encryption level to allow import of products.”
A Consumer Necessity?
Isn’t encryption ‘Overkill’ for consumers?
“There will always be a market for entry level, or personal encrypted devices. Though consumer content has lower repercussions to data loss (think intellectual property, HR material, financial reports), encryption and password protection on USB drives is equally important as having a PIN or fingerprint password on a typical consumer mobile phone.”
Does Encryption cost money (and are Encrypted Flash drives more expensive)?
“Encryption itself doesn’t cost per se, but yes, encrypted USB drives tend to be a little costlier than un-encrypted standard USB drives.
“Standard drives don’t require any ‘on board’ security so costs are attributed to the additional encryption and engineering.
“For those debating if the cost is worthwhile, consider if what your data is ‘worth’. A couple of pictures from a holiday or notes from a lecture may not be as valuable as say financial details, raw data files or company data. Also consider not just the theft of said files, how about if your files were deleted, corrupted or manipulated, additional security would stop data from being tampered with.”
What are the different levels of encryption, and how does that equate to a business or consumer use?
“There are a lot of technology and terminology behind encryption on USB drives. First, we start with the encryption algorithm.”
“This is the current standard feature on Kingston encrypted drives. 256 bits defines the encryption key size.There are also different modes of AES encryption
“There are also different modes of AES encryption, ECB, CBC and XTS.
“XTS is currently the most sophisticated encryption mode, well suited for USB drives. We use XTS on our encrypted drives. Encryption and encrypted drives can also be certified to meet certain standards, which there are many. We currently have FIPS 197 and FIPS 140-2 level 3 drives.
“FIPS essentially means Federal Information Processing Standard publication (followed by a number), established by NIST of US government.
“FIPS 197 defines the encryption algorithm. FIPS 140-2 level 3 contains more advanced levels of certifications, namely requiring the device to have physical tampering barriers in place. There’s a lot more to the standards, including several levels of certification under FIPS 140-2.
“Essentially FIPS 140-2 drives are required at higher business levels; military, government, financial, and in other similar sectors. We expect non-FIPS 140-2 drives to meet the requirements for the rest of the market, including consumers.”
A guide to levels:
Level 1: No physical security mechanisms are required in the module beyond the requirement for production-grade equipment.
Level 2: Tamper evident physical security or pick resistant locks. Level 2 also provides for role-based authentication.
Level 3: Tamper resistant physical security. Level 3 provides for identity-based authentication.
Level 4: Physical security provides an envelope of protection around the cryptographic module and protects against fluctuations in the production environment.
How To Choose?
How should I select what level of security I need?
“In short, the level of security depends on what value you place on your data.
“Data protection is easily overlooked on USB drives; in contrast on a daily basis, we carry mobile phones, laptops, and tablets that all have authentication enabled, whether it’s a PIN, fingerprint or a pattern. Our encrypted drives offer the level of security most suitable for given circumstances.
“Work out how valuable your data is, or if you have any legal obligation (for business practice) and measure from there. Sure Encrypted devices may cost more, but they literally offer better protection.”
Are encrypted devices immune from USB passed viruses/malware?
“Malware, viruses and other malicious software evolve over time, so USB drives are not invulnerable across the board, but they are far stronger than a standard USB.
“Many of our encrypted drives have a read-only switch, which prevents harmful operations on the drive taking place. This feature is useful when drives are used in libraries, internet cafes or other systems with suspect protection.”