Vendredi, Mai 18, 2012
   
Text Size


ban_safetogo


 bout_ns247

PDFImprimerEnvoyer


Which chip (micro processor) is used for encryption ?
The chip is BM7741 (BlockMaster chipset 77 version 41) which is based on an Intel 8051-archictecture. BM7741 handles all security processes such as password validation, streaming encryption, key handling onboard the USB drive outside the host-computer.

Does SafeStick have a timer lock-down (timeout/lock) feature ?
Yes, it is administrator or user configurable. If SafeStick is left behind or forgotten when unlocked it will automatically lock down after preset time interval.

How does SafeStick brute-force protection work ?
If a SafeStick is subjected to a intrusion attempt that tries numerous passwords SafeStick will lock-down or factory reset (dependant on SafeConsole settings). The counter of faulty passwords cannot be reset and is handled within the embedded system onboard the SafeStick. There are no possibilities to tamper with this from a host computer.

How does SafeStick protect against physical tampering ?
The circuitry of SafeStick is covered with environmentally friendly epoxy which means that tampering will be extremely time-consuming. Tampering by any means is result-less as all processes and data are encrypted.

How are the SafeStick encryption keys generated and stored ?
The encryption keys (standard based AES256 CBC) are generated and stored securely onboard the embedded system. No copies or duplicates are kept anywhere else and cannot by any means be regenerated.

Why should the AES256 algorithm be used instead of AES128 ?
SafeStick uses AES256 to encrypt your information. AES 256-bit encryption is 340,282,366,920,938,000,000,000,000,000,000,000,000 times as secure as 128-bit. 256-bit AES is the square of the strength of 128-bit encryption.

Can the SafeStick host application be manipulated ?
No, it is encrypted at runtime and is bit sensitive. All security is handled in the embedded system but this helps to assure the solution integrity.

Is it possible to eavesdrop on SafeStick ?
No the stream of data through the port is encrypted (RSA1024).

Software-encryption of USB memory is cheaper (or even free like TrueCrypt). What is wrong with these solutions ?
Software encryption of portable USB storage, using file containers or file level encryption schemes, has multiple inherent problems that can prove very troublesome. Some of these can be security flaws, file corruption, high support costs, usability issues and that admin user rights are often required. The white-paper “7 Major Weaknesses of software-based USB security” outlines a selection of these flaws.

Where are the PKI-certificates stored that are used for the SafeStick feature ZoneBuilder ("Trusted zones") and Password reset ?
The certificates are stored encrypted and hidden outside the normal file system but are considered public information in data security terminology. The certificates cannot be used to access any information on the drive. The only token that can be used to access the device when performing a password reset or using ZoneBuilder is the private key that corresponds to the specific certificate. This private key is never stored on SafeStick but on a computer (SafeConsole server or trusted client computer for ZoneBuilder)