[Secure USB Series ②] Types of Encrypted USB Flash Drives
written by Simon
Encrypted USB drives are categorized according to the way that they protect the information, by the software method, which uses an encryption software, and the hardware method, which embeds an encryption chip. Both methods encrypt the USB drive and set a password required for login so that only users with the password can access the information. However, the former implements a software, while the latter utilizes a hardware chip to encrypt the data.
Software for USB drive encryption ranges from freeware to commercial products, such as VeraCrypt, DiskCrypt, Rohos Disk Encryption, Gilisoft USB Stick Encryption, LaCie Private-Public, KakaSoft USB Security, and BitLocker To Go. Even the commercial software is generally offered at an affordable price, at less than $50. With a single software, a limitless number of average USB drives can be transformed into secure encrypted USBs. Also, you can encrypt only specific areas of the memory so that security sensitive files can be managed separately. In addition, USB drives with built-in encryption software, such as SanDisk Ultra USB 3.0 and Edge Disk Go Secure C2 are available as well. The software encryption method is mainly used for personal data protection since it is considered relatively less secure than hardware encryption.
Hardware encryption uses an encryption chip, which incorporates an internationally standardized 256-bit AES algorithm to automatically encrypt and decrypt data during transfer. In fact, the hardware encryption method shows quicker performance in data processing. In addition, it removes all the hassle of installing a separate driver or needing administrative privileges, making it simple and convenient to use. Unlike the software encryption method, which is prone to becoming the target of malicious attacks from remote sources, hardware encryptions can only be accessed physically, making it considerably more secure.
Representative products include SECUDRIVE USB Basic, Kingston DataTraveler 4000G2, Ironkey D300/S1000, DataLocker Sentry, and Kanguru Defender. Some products like the Kingston DataTraveler 2000, Apricorn Aegis are equipped not only with a hardware encryption chip, but also with a physical keypad for additional security.
Hardware-encrypted USB products are mostly used in enterprise environments. There are also military-grade products, which are made of durable metal materials and include water and shock-resistance features to protect it from external impact or pressure. Some products come with an internal anti-virus solution for cases where viruses are spread through infected files within a USB drive. In preparation of brute-force attacks, most products have the function to automatically destroy all data when the number of login attempts exceeds a set count. It is also common to use a centralized management service for secure USBs.
Also, in the US, the National Institute of Standards and Technology (NIST) recommends only using hardware-encrypted USBs that have been FIPS-140 validated in public and financial institutions. This shows how the use of such USBs is suitable for mission critical environments. Compared to software-encrypted USBs, it is much costlier, and the price varies by the hardware structure and the software function configuration. Therefore, the product should be selected reasonably depending on the purpose and budget.