Secure Portable Storage Drive: Secure

Information Storage

Ashish Dhiman1, Vishal Gupta2, and Damanbir Singh3(&)

1
BITS Pilani, Pilani 333031, Rajasthan, India
ashishdhiman.delhi@gmail.com
2
Jangoo Technology, Vasant Kunj, New Delhi 110070, India
vishal258120i@gmail.com
3
Software Data India Ltd, Noida 201301, India
damanbirs@gmail.com

Abstract. The aim of this paper is to propose a design for a prototype device,
which can further be developed and used to replace existing commercial USB
storage media with a secure data access mechanism that is intended to be used in
a confidential environment, such as defense establishments. The prototype
construction involved configuration of target microcontroller board as a Full
Speed USB 2.0 Mass Storage Class Device and MicroSD Card as storage media
with read/write speeds of 9 Mbps/7 Mbps respectively. Realization of two
independent, non-overlapping critical/non critical storage areas has been
explained. Password based Login procedure to enable critical storage area using
Keypad has been showed. Password Management using 256-bit SHA-2 HASH
function has been explained. Functionality to erase data from critical storage
area in emergency conditions through a hardware erasure switch has been
explained. As a proof of concept, encryption using stream cipher RC4 generated
key stream has been presently implemented to ensure confidentiality of data
being stored. Choice of best suited encryption algorithm for the given purpose is
an independent research on its own, hence, integration of custom encryption
algorithm for enhanced security would be considered for future improvement.
Thus, this in-house designed and developed hardware authentication based
encrypted storage device can be used to manage critical data securely and safely
in confidential work environments.

Keywords: Embedded system
Encrypted drive
Hardware erasure switch

Encryption
FAT filesystem
Microcontroller
MicroSD
Multiple LUNs
RC4
Secure portable media
SHA2
STM32
USB
Information security and cryptography

1 Introduction

We typically rely on Commercial-Off-the-Shelf (COTS) products such as USB Portable

Pen Drives, USB External Hard Disks and other Mass storage devices to perform tasks
of data transfer and temporary storage of data. Portable Storage media available from
various manufacturers cannot be trusted in a confidential work environment to have the
correct authentication techniques implemented or an assurance of absence of back door

© Springer Nature Singapore Pte Ltd. 2019

S. Verma et al. (Eds.): CNC 2018, CCIS 839, pp. 308–316, 2019.
https://doi.org/10.1007/978-981-13-2372-0_27
 Secure Portable Storage Drive: Secure Information Storage 309

or some pre-installed Trojans, etc. The relevance of an in-house developed Secure

Storage Drive is that there exists no such indigenously developed trusted product that
can meet the current requirements of a security overlay of authentication and confi-
dentiality. The objective of the project is to design and develop a device which can act
as a replacement of currently used COTS portable storage media. The end product is
aimed at serving as a portable secure storage media which can essentially incorporate
features like Access by Authentication, storage separation of critical viz-a-viz non-
critical data, encryption of stored data, one-touch erasure of critical data in emergency
situations, and finally, efficiency in terms of data transfer speed.

2 Related Work

With the advent of computers and information technology, came the problem of
sharing data. USB storage drives are one of the most used and preferred storage
mediums. USB storage drives are designed for the same purpose as floppy disks and
optical disks i.e. for storage, data back-up and transfer of data. They merit against
counter-parts as they are smaller, faster, and more durable and reliable. Floppy disk
drives have been abandoned due to their lower capacity compared to USB flash drives.
In 2010, Sony stopped the production of Floppy Disk. USB mass storage standard is
supported in almost all modern OS natively. First USB drives were sold by Trek
Technology under the brand name Thumb Drive and IBM’s “DiskOnKey” manufac-
tured by M-Systems [1].
As the popularity increased the threats also increased. As of 2011, according to the
ESET’s [2] Global Threat Report of 2011, 9 out of 10 of the top ten computer threats
embedded in software files in world spreads through removable storage media such as
USB storage drives.
Also, there have been increased reports of Trojans, virus and spy programs
embedded in hardware., More recent times have seen the emergence of what has been
dubbed by some as the “Silicon Trojan”, these Trojans are embedded at the hardware
level and can be designed directly into chips and devices.
During the early 80s, there was a big focus on secure operating system (OS). Large
investments were made in adapting UNIX to mil-grade security models. The most
famous of the assurance criteria used was the Orange Book. A US Army’s effort to
evaluate a version of UNIX cost rose from an extra US$640 per line of code (loc) has
risen to $1000 per loc. This rising cost and cheap microchips and COTs products from
economies like China makes risk of inclusion of untrusted risky components in the
current infrastructure high. The threat becomes more tangible if the resource of a nation
state which manufactures vast numbers of the products is applied to the task for
espionage purposes. The report recommended efforts to counter Trojans developed in
the design process, and inserted during the manufacture process. This resulted in both a
“Trusted Foundry Program” used for security critical ICs, and a DARPA program to
examine trust in ICs created by untrusted processes. Currently, there is no such pro-
gram in our country. Also, a distributed denial of service kind of attack will be targeted
upon low cost, trailing edge general purpose circuits integrated into a wide range of
systems and peripherals. Physical layer chips like Ethernet PHY chips, USB
310 A. Dhiman et al.

transceivers used in NIC cards, USB storage devices etc. These facts were discussed in
details by Anderson, North and Yiu [3].
One case of silicon embedded backdoor inserted into the Actel/Microsemi ProA-
SIC3 chips which was discovered by differential power analysis (D P A) techniques is
studied by Skorobogatov and Woods [2]. Also many other articles over web discussed
and raised this incident [4–6].
These research and findings motivates us to use trusted components with indige-
nous designs and discourages the use of COTs products wherever viable in confidential
environment.
Even FIPS 140-2 Level 2 Certified encrypted USB Memory Stick tends to be
unreliable since there is no assurance of implementation of correct access authentica-
tion techniques. One such case happened in early 2010 when SySS security experts
found a flaw in authorization procedure of password entry mechanism and almost all
encrypted drives at that time used the same technique. For a successful authentication
event, a fixed string was passed irrespective of password entered on to the encrypted
drive which initiates the process of decrypting the data on disk as requested by OS. So,
Syss security experts wrote a small tool which modified active password entry pro-
gram’s RAM which always made sure that the appropriate string was sent to the drive.
The following drives were said to be effected:- Kingston Data Traveler Black Box, the
SanDisk Cruzer Enterprise FIPS Edition and the Verbatim Corporate Secure FIPS
Edition. This incidence was discussed in many web security articles [7–9].
A whitepaper published by SanDisk suggests that attacks like Brute force attacks,
Cold boot attack, Malicious code, Dependence on OS security are more efficiently
tackled in using Hardware Based Encryption and keeping the Access by Authentication
procedure on Storage Drive only [10].
So, this motivated us to design an in-house designed, developed and authorization
techniques implemented in a proper manner secure portable storage device which
allows hardware encryption.

3 Materials and Methods/Our Approach

3.1 Basic Working
As represented in Fig. 1, STM32F407ZG is the heart of the system, and communicates
to the host PC by getting detected as a USB device in mass storage class. On detection
for the first time, since the user is not authenticated, only the non-critical storage area is
mounted. As soon as the user authenticates itself by punching the correct password, the
LOCK/UNLOCK LED glows and the critical storage area is made available. Multiple
Logical Storage Units (LUNs) has been implemented over the SD Card which has
enabled realization of two independent, non-overlapping storage devices (critical/non-
critical storage space). The data residing in critical and non-critical region is inherently
encrypted by a crypto engine configured in the controller itself. Currently, as a Proof of
Concept, stream cipher RC4 [11, 12] encryption algorithm has been used for
encryption/decryption. Study on choice of stream/block cipher and the appropriate
 Secure Portable Storage Drive: Secure Information Storage 311

cipher itself is beyond the scope of this project and shall be taken up as a future scope
of work.

4x3 Matrix
Keypad

USB2.0
SDIO I/O
Host
STM32F407
HOST PC Microcontroller Micro SD

USB2.0 Erase Encrypted

Device Switch Data

Lock/Unlock LED

Fig. 1. Architecture block diagram

An ERASE SWITCH has been provided, which can be used in emergency situa-
tions to erase all data in a single touch. The device is required to be powered up by
connecting to a PC and the user can initiate the emergency erasure by pressing the
emergency erasure switch post authentication.

3.2 Development Environment

An appropriate microcontroller ST Microelectronics STM32F407ZG was chosen to
accomplish the above said goals. Features of the microcontroller [13] are as follows:-
• clock speed up to 130 MHz
• 1 MB of Flash memory
• 192 + 4 KB of RAM
• USB 2.0 high-speed/full-speed device/host/OTG controller with dedicated DMA
having on-chip full-speed as well as support for external ULPI chip for high speed
USB 2.0 operation mode and many more features
The development board chosen for this purpose was Olimex’s STM32H407 [14]. It
is based on the same microcontroller STM32F407ZG. The board has a slot for
Micro SD CARD which is being used as a storage memory, a full speed USB2.0 OTG
connector, lots of exposed GPIOs etc. The debugger used was Olimex’s ARM-USB-
Tiny-H [15] along with OPEN OCD as the debugger control software.
The OS for development was UBUNTU 12.04. CODE SOURCERY TOOL-
CHAIN for ARM. The development IDE was Eclipse Luna.
312 A. Dhiman et al.

3.3 Secure Authentication Protocol Password Management

Here, when being connected to host PC, initialization routine of USB device library
begins in which a special global flag SEC_AREA_EN is set to FALSE. So, the device
further initializes with this specific flag value as false and responses to the HOST PC’s
inquiry of max. no. of LUNS available with device that there is only one storage device
(i.e. max. no. of LUNs = 1) available and allows only the initialization of LUN 0
storage device. Initialization of other LUN, i.e. LUN 1 is hardcoded restricted under the
scenario when flag SEC_AREA_EN is set to FALSE. The password entered by user
can be a minimum of 8 numeric characters and max. 16 numeric characters with range
“0”, “1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”, “9”. The “#” key is treated as enter key. “#”
and “*” keys are not allowed to include in passwords. The password is not stored in
plain. Since, plain stored password can be recovered from the microcontroller flash
memory easily. So, we have followed some of the secure practices followed in security
world. Password’s HASH can be taken through 256-bit SHA-2 [8]. But, it is still
vulnerable to brute-force attacks, rainbow table, look-up table attacks etc. [16]. SALT
is added before HASH of password is calculated. There are at least two types of SALT
that needs to be added to the password before HASH could be stored as suggested by
Manber [16]. There are two types of salt added:-
Fixed Salt: - 256 bytes of fixed salt is concatenated before the password. This fixed
salt is hardcoded in the firmware.
Random Salt: - 256 bytes of random salt is generated by on-board hardware RNG
every time the password is changed. This random salt is concatenated before Fixed
Salt. Then, the HASH is calculated:-

HASHVALUE ð256byteÞ ¼ HASH ð½RANDOM SALT

ð1Þ
½FIXED SALT½PASSWORDÞ

The controller’s programmable Flash area is written by the random stream gen-
erated through on-board hardware RNG. Then at a pre-defined memory location the
previously generated HASH VALUE is written. Then, at another pre-defined memory
location the Random Salt is written.
When the user enters the password, the Fixed Salt is concatenated before password
and Random Salt is picked up from the pre-defined location to be concatenated before
Fixed Salt. Then, HASH is calculated and compared to the HASH VALUE stored at
the predefined location. If a match is found out the user has entered the CORRECT
PASSWORD, otherwise the password entry is considered as WRONG PASSWORD.
Upon user’s entry of password, a routine check password is initiated:-
(1) CORRECT PASSWORD: Upon entry of correct password starts a special re-
initialization routine of USB device library which in turn sets up the special global
flag SEC_AREA_EN to TRUE. So, the device re-initializes with this specific flag
value as TRUE and responses to the HOST PC’s inquiry of max. no. of LUNS
available with device that there is two storage devices (i.e. max. no. of LUNs 2)
available and allows the initialization of LUN 0 storage device and LUN 1 storage
device.
 Secure Portable Storage Drive: Secure Information Storage 313

(2) WRONG PASSWORD: Upon entry of correct password, the device discards the
password entered and waits for re-entry of password by user. It also maintains a
consecutive wrong password counter, which keeps a tab of consecutively wrong
password entered and upon 5 consecutive wrong entries, de-initializes the USB
device library and requires a power cycle to the device to continue working.
This is required to avoid attacks when attacker tries to make an automated brute-
force attack by somehow gaining access to the keypad lines for entering password.
Initially, the user is provided with a default password of “012345678” and is required
to change it as soon as possible.

3.4 Separation of Critical and Non-critical Data Area

To create two separate and independent data areas over the same memory device,
concept of multiple LUN was used. For multiple LUNs, in the definition of Disk
operation functions shown in table, the return value of function STOR-
AGE_GetMaxLun () is kept as N (No. of LUN,2 in our case). Apart from this, since
both the diff LUNs in our case refers to the diff. storage areas of the same storage
device, we need to modify the default definition of few functions in table.
As soon as the device gets enumerated in the host in Mass Storage Class, the host
through diff callbacks tries to know max. No. of LUNs (i.e. no. of diff. Logical storage
devices), then we ask for the storage medium capacity? We calculate the max. No. of
blocks present on the medium and returns half the max. No. of blocks denoted by
block_num for both LUN = 0 and LUN = 1.
In the STORAGE_Read_HS and STORAGE_Write_HS,
Conditional response has been applied based on the LUN value in the argument. if
argument is LUN = 0, the function call is treated for the non-critical area and being the
first LUN write address will range from 0 to block_num ((max. no. of blocks)/2). Now,
for LUN = 1, it will be treated as critical area and to avoid overlap of non-critical area,
an Increment of block_num ((max. no. of blocks)/2) in the write address. So, the first
half gets dedicated to non-critical area and second half gets dedicated to critical area.
Same is performed in STORAGE_Read_HS for LUN = 0 and LUN = 1 values. The
host treats them both as separate STORAGE devices and sends the write or read
addresses ranging from 0 to block_num ((max. no. of blocks)/2) but due to the hard
coding area definition in microcontroller code never gets overlapped and are com-
pletely independent.

3.5 Encryption over SD Card

For added security, encryption at the SD Card access layer is implemented by modi-
fying the BSP Layer API to fit in the encryption in read and write cycles.
A randomly pre-generated 128-bit key from the microcontroller’s in-built RNG is
hardcoded in the firmware. This key is given as an input to the RC4’s key scheduling
algorithm, which generates an 256-byte state. This state is given to the function
responsible for the key stream generation. Starting 4096 bytes are discarded since there
is a known weakness in the first 256-byte of key stream generated as suggested by
314 A. Dhiman et al.

Mironov [17]. Since the standard sector/block size in our case is 512 bytes, 512 bytes
are taken after discarding initial 4096 bytes and are saved in a temp. variable for
encryption or decryption by XOR-ING the temp. variable with the data to be enc/dec.
Now, decryption is implemented just after read from the SD Card.
Decrypted Data = Data Read from SD Card (Encrypted Data) xor RC4 key stream.
Encryption is implemented just before write on the SD Card.
Encrypted Data = Data to be written over SD Card (Plain Data) xor RC4 key
stream.

3.6 Design and Implementation of One Touch Erasure Mechanism

There are situations where we require erasing data due to an emergency situation and
we do not have enough time to log on to a machine and do a quick format by HOST PC
software. So, we have provided a hardware controlled mechanism to quickly erase the
data by just connecting the device to any powered up machine, punching in the
password, authenticate by entering the correct password and an erase sequence. The
user needs to press the erasure switch for 2 s. The user LED will blip two times once
the erasure is completed.
If an erase sequence is initiated without authentication, the LED will not blimp and
the erasure request will be discarded. There are two types of hardware controlled
erasures:-
(3) Soft Erasure:- Here, we do an internal quick format by just erasing the MBR (first
512 bytes) and re-writing it with a fat32 partition table entry. The erase sequence
is “*”, “1”, “*”, “#”.
(4) Hard Erasure:-Here, we do an internal full erasure by erasing and re-writing
every sector by a random 512-byte generated by on-board RNG. The erase
sequence is “*”, “2”, “*”, “#”.
Hardware erasure switch is used to generate an interrupt, which is detected by the
microcontroller when pressed for 3 s. Upon detection, the interrupt generated in
microcontroller makes program start a routine. This routine checks the authentication
of user and initiates the erasing procedure as requested. i.e. either a SOFT ERASURE
or a HARD ERASURE.

3.7 Results
The identified target microcontroller is configured as a USB Mass Storage Class Device
and use MicroSD Card as storage media. So, STM32F407ZG variant 144 pin was
identified as a suitable 32-bit target microcontroller. SDIO interface is configured to
read/write on MicroSD Card. Multiple Logical Storage Units (LUNs) are implemented
over the SD Card which acts as two independent, non-overlapping storage devices.
FatFs Open Source library was configured and integrated to provide microcontroller the
ability to manage/erase storage areas over the storage medium. Keypad and LED is
integrated to accept/change password and know the result and initiate the erase
sequence. Password based Login procedure to enable/disable critical/non-critical
storage area using Keypad and LED is incorporated. Password Management using
 Secure Portable Storage Drive: Secure Information Storage 315

recommended practices was implemented using trusted public domain hash algorithm
256-bit SHA-2. Functionality to erase all data from critical storage area in emergency
conditions through a hardware emergency erasure switch is incorporated. Encryption
using stream cipher RC4 generated key stream is implemented at SD Card Level to
demonstrate a custom encryption implementation in future.
The printing area is 122 mm  193 mm. The text should be justified to occupy the
full line width, so that the right margin is not ragged, with words hyphenated as
appropriate. Please fill pages so that the length of the text is no less than 180 mm, if
possible.
Use 10-point type for the name(s) of the author(s) and 9-point type for the address
(es) and the abstract. For the main text, please use 10-point type and single-line
spacing. We recommend the use of Computer Modern Roman or Times. Italic type
may be used to emphasize words in running text. Bold type and underlining should be
avoided.
Papers not complying with the LNCS style will be reformatted. This can lead to an
increase in the overall number of pages. We would therefore urge you not to squash
your paper.

4 Conclusions and Future Work

The final aim of designing and developing a microcontroller based Secure Portable
Storage Drive with the following features was achieved:-SD Card based secure storage
having hardware-based encryption.
• Separation of critical and non-critical storage space
• Emergency erasure of data in critical storage area
• Keypad base authentication to access critical storage space is implemented on
device itself without any requirement of any software
The device works in USB 2.0 Full SPEED mode. After testing practically it pro-
vided read throughputs of 9mbps with RC4 implementation of encryption and write
throughputs of 7mbps with 10Mbytes of single file.
Currently at the prototyping level, device is working in Full Speed mode, but our
microcontroller and the USB Device library supports USB 2.0 High Speed Mode
operation using a ULPI [10] Transceiver.
So, with current speeds, the targeted use of operation is for general office envi-
ronment use, where the majority of usage involves transferring files of small sizes like
presentations & documentation.
There are following points for future work:-
• Since, this is the work done at the prototyping level. The production level can have
a ULPI transceiver to enable microcontroller work in USB HIGH SPEED MODE.
• The production version will be targeted to feature the microcontroller from the same
family but with the encryption standard like AES-256 as ASIC implemented on-
board. So, on top of the Standard encryption, a layer of custom encryption could be
316 A. Dhiman et al.

carried out. The current version is a proof of concept for implementation of light
weight custom encryption.
• Implementation of dynamically monitoring and policing of storage of files with
allowed file extension by reading their extension signatures.
• Include a battery for RTC support and implementing emergency erasure without
requiring connecting to a HOST PC

References
1. USB flash drive. http://en.wikipedia.org/wiki/USB_flash_drive
2. Global threat report, December 2011. http://www.eset.com/us/resources/threat-trends/
Global_Threat_Trends_December_2011.pdf
3. Anderson, M.S., North, C.J.G., Yiu, K.K.: Towards Countering the Rise of the Silicon
Trojan, vol. 11, pp. 2–5. Australian Government DoD-DSTO (2008)
4. Backdoor Found (Maybe) in Chinese-Made Military Silicon Chips. https://www.schneier.
com/blog/archives/2012/05/backdoor_found.html
5. Backdoors Embedded in DoD Microchips From China. http://www.scribd.com/doc/
95282643/Backdoors-Embedded-in-DoD-Microchips-From-China
6. Proof That Military Chips From China Are Infected? http://defensetech.org/2012/05/30/
smoking-gun-proof-that-military-chips-from-china-are-infected/#ixzz3IZntQYTYDefense.
org
7. FIPS 140-2 Level 2 Certified USB Memory Stick Cracked. https://www.schneier.com/blog/
archives/2010/01/fips_140-2_leve.html
8. Flash drive manufacturers warn: Hackers can decrypt ‘secure’ USBsticks. https://
nakedsecurity.sophos.com/2010/01/05/flash-drive-manufacturers-warn-hackers-decrypt-
secure-usb-sticks/
9. Decrypting USB flash drives is easy. http://blog.erratasec.com/2010/01/decrypting-usb-
flash-drives-is-easy.html#.VF9qfVdYsvK
10. SanDisk: Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB
Flash Drives (2008)
11. RC4. http://en.wikipedia.org/wiki/RC4
12. Stallings, W.: The RC4 Stream Encryption Algorithm (2005). http://www.st.com/web/en/
resource/technical/document/datasheet/DM00037051.pdf
13. STM32-H407 development board USER’S MANUAL. https://www.olimex.com/Products/
ARM/ST/STM32-H407/resources/STM32-H407.pdf
14. ARM-USB-TINY-H ARM JTAG DEBUGGER USER S MANUAL. https://www.olimex.
com/Products/ARM/JTAG/_resources/ARM-USB-TINY_and_TINY_H_manual.pdf
15. Patel, P., Patel, J., Virparia, P.: A cryptography application using salt hash technique. Int.
J. Appl. Innov. Eng. Manag. (IJAIEM) 2(6), 1 (2013)
16. Manber, U.: A simple scheme to make passwords based on one-way functions much harder
to crack. Comput. Secur. 15, 4 (1996)
17. Mironov, I.: (Not so) random shuffles of RC4. In: Yung, M. (ed.) CRYPTO 2002. LNCS,
vol. 2442, pp. 304–319. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-
9_20