SlingSecure USB Eng


Published on

SlingSecure, is proud to offer our one-of-a-kind device for data protection and for sending encrypted e-mail for the following reasons:

The encryption for the protection is done entirely via hardware and not via the usual software you are running on your computer (in an unprotected environment).

The coding system is attack proof and saves the data on a removable MicroSD memory card.

The device comes in the form of a normal USB stick which can be inserted into any computer / OS (e.g. Windows XP, Vista, 7, GNU Linux, Apple MAC OS X) without requiring drivers thus leaving no trace of use or footprints.

SLINGSECURE USB can protect as many MicroSD cards as the user desires and has two levels of authentication; the first is the password to use SLINGSECURE USB and the second to access each MicroSD.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SlingSecure USB Eng

  1. 1. UST   USB  Security  Token  
  2. 2. SlingSecure  S.r.l.   SlingSecure   S.r.l.   concentrates   its   activity   on   the   development   of   hardware   and   software   platforms   designed  to  support  integration  and  custom  developments  for   Mobile  and  Fixed  networks   Security     OEM  
  3. 3. SlingSecure  Secure  Environment   SlingSecure   Secure   Environment   product range is based on a proven security architecture designed to deliver high-end performances to integrators and developers
  4. 4. SlingSecure  Secure  Environment   SlingSecure  range   ü  ESE  -­‐  Embedded  Secure  Engine     ü  mSE  -­‐  Micro  Secure  Environment     ü  UST  -­‐  USB  Security  Token  
  5. 5. E  S  E  Embedded  Secure  Engine   Technical  Features   ü  Cryptographic  Libraries   -­‐        AES  (128,192,256)   -­‐        DES/3DES   User Application -­‐        IMAC/HMAC/CMAC  NIST  800-­‐38B   -­‐        SHA1,  SHA256   -­‐        AES/DES  variaCons  and  Custom  Algorithms  on  demand   -­‐  ü  ü  ü  ü  ü  ü  ü  Up  to  4  concurrent  cryptographic  sessions   Physical  Random  Noise  Generator  FIPS  140-­‐2   Unique  Serial  Number/ID   Local/Remote/Auto/Manual  ZEROIZE     Keys  Secure  Repository   Keys  GeneraCon  &  Management   Administrator/User  profiles     Encrypted  CommunicaCon  APIs   ESE Communication Library Encrypted Communication Channel Crypto Core Policies Over Ciphered Keys Data Base Custom Algorithms (up to 6 Variants) Unique ID Serial Number EMBEDDED SECURE ENGINE
  6. 6. E  S  E  Easy  HW/SW  IntegraCon   ü   ANSI  C  SoVware  Library   -­‐        Micro  Controller  Independent   Oscillator PCysicaJ   RNG -­‐        Several  Compilers/IDE  supported   UAAT (Rx/Tx)   Syste m ü  Serial  Com  Channel  (RX/TX  up  to  450  Kb/s)   ü  USB  Channel  (up  to  11  Mb/s)   ü  Power  Management   -­‐        Frequency  management   -­‐        Three  power  modes  supported:   -­‐        50mA  (3V)  @  58.924MHz   -­‐        12mA  (3V)  @  14.7456MHz   -­‐        2mA  (3  V)  @  Idle  state   ü  Small  Package  (9x9x0.85mm)   ü  Single  Power  Supply  (2.9V-­‐5V)   ü   Physical  Random  Noise  Generator  FIPS   140-­‐2   SP1 SO Card or SP1 Ftash USB   interface  ready  
  7. 7. m  S  E  micro  Secure  Environment   All  the  SlingSecure  features  in   a  MicroSD   ü  ü  ü  ü  ü  ü  HW  crypto  engine   Standard  and  custom  algorithms   SD  card  interface  (up  to  450Mb/s)   Integrated  memory  (up  to  4  GB)   Internal  keys  database   Suitable  for  Mobile  Applica3ons   ASIC 512KByte FLASH 2xUART 96KByte RAM 32bit MCU ♦6xDMA+lnt Ctrl SD Ctrl SE Engine 2xUSB HS 2xSP I Ext BUS SPI or BUS NAND Flash Available 2Q 2011
  8. 8. UST  USB  Secure  Environment   USB  security  adapter  for   ü  microSD card encryption ü  secure mass storage Authentication and Encryption ü  security operations -­‐        file encryp3on   - strong authen3ca3on   - digital signature   MicroSD - running secured  OS   - running secured  applica3ons   vs**?'   NO  drivers   NO  soKware  installed  on  PC  
  9. 9. UST  Typical  USE   ü  MicroSD  EncrypCon   •        Secure  and  hide  enPre  parPPons  on  microSD  cards   ü   Host   •  EncrypCon   data  (files,  documents,  etc.)  stored  on  PCs  or  Servers        Secure  any   using  one  or  more  access  passwords   ü  Secure  Data  Sharing  (or  sending)   •        Encrypt  data  and  share  (e-­‐mail,  file  sharing,  Vp,  etc.)   •        Based  on  symmetric  access  keys,  PKI  can  be  supported   ü  Physical  Data  Shipment   •        Encrypt  the  enPre  microSD  using  a  shared  access  key  and  ship  the  card  (the  microSD   will  only  show  the  clear  parPPon  to  unauthenPcated  accesses)   ü  Running  secured  applicaCons  and   •  OS  oot  and  run  complete  OS  or  specific  applicaPons  from  the  UST        B memory   •        Run  Secure  Virtual  Machines  
  10. 10. One  UST  adapter  ...  mulCple  SD  cards   Many  microSD  cards  One  UST   Adapter   ü  Several  microSD  cards*  can  be  plugged  and   encrypted  with  a  single  UST  adapter   one  at  a  time   * ü  Two  authenCcaCon  levels  available   •        UST  adapter  access  password   •        MicroSD  access  password   ü  Switch  from  an  encrypted  card  to  another  by   simply  using  the  access  password  of  each   microSD   MicroSD cards
  11. 11. UST  USB  Secure  Environment   ü  Hidden  secure  microSD  parCCon   ü  Hardware  format  and  zeroize   ü  Fully  compaCble  with   •        MicrosoV  Windows  XP/Vista   •        Apple  Mac  OS  X   •        GNU  Linux   Authentication MicroSD
  12. 12. UST  OperaCng  Modes   The  UST  adapter shows different partitions according to the operating mode ü  Clear  ParCCon  (default)   •        AutomaCcally  shown  aVer  USB  inserCon   •        Contains  User  applicaCon  and  Admin  (if required) ü  Secure  ParCCon   •        AcCve  only  aVer  successful  authenCcaCon   ü  Only  one  ac3ve  par33on  at  a  3me  
  13. 13. UST  EncrypCon  Technique   The  microSD  secure  parCCon  is  fully  encrypted   v  Standard  or  custom  encrypCon  algorithm  or   v  OFB  mode  256  bit  key,  128  bit  Init  Vector   v  Both  file  allocaCon  table  and  data  sectors  are   encrypted   v    IniCal  Vectors  (IV)  are  generated  separately   for  each  microSD  sector   •  IV  stored  in  special/unaccessible  area   microSD  Sectors   1  sector  contains  32  IVs   v  UST  exclusive  security  features  
  14. 14. UST  Smart  Card  Extension   ü  UST  device  supports  plug-­‐in  Smart  Cards   Smart Card UST Device ü  High  Level  HW  and  SW  security  (up  to  EAL5+   CC)   ü  Dynamic  UST  device  customizaCon   ü  AddiConal  encrypCon  algorithms  and   funcCons   ü  Extended  UST  Libraries  to  export  Smart  Card   funcConaliCes  for  host-­‐side  secure   applicaCons   MicroSD Authentication NO  PC/SC  drivers  on  PC  PKI   Infrastructure  enabled  Mul3   Factor  Authen3ca3on  
  15. 15. UST  USB  Secure  Environment   UST  interface  main  elements   1. Display 2. microSD slot 3. Trackball 4. Smart Card slot 5. Zeroize button
  16. 16. UST  Hardware  Architecture   ü  SlingSecure   •        micro  controller  centric  architecture   internal microSD Read Only ü  FPGA   Display •        scalable  for  specific  requirement  and   customisaPon   •        standard  250.000  gates   •        up  to  1.000.000  gates   trackball ü  microSD  -­‐  Read  Only   •        for  applicaPons  and  OEM  SW   •        Extended  internal  keys  database   •        standard  size  2GB   SS   Micro ü  microSD  -­‐  removable   •        Clear  +  Secure  parPPon   •        standard  size  4GB   ü  Smart  Card   •        ISO7816  interface   •        plugin  form  factor   ü  Display  &  trackball   •        for  direct  password  inserPon   Smart Card removable microSD
  17. 17. HOST  Libraries   Custom  ApplicaCons   Crypto  Library   CommunicaCon   Library   HOST  Drivers   UST  Firmware   UST  Hardware   UST  Secure   Drive   Secure  MicroSD   Library   UST  Secure   Document   USE  PC  Test   U S E R N G   Evaluator   Card  Access   Library   S m a r t   C a r d   APDU  Library   Card   Access   Library   AdministraCon   Library   Smart   Card   APDU   Library   Standard  USB  Mass  Storage  Drivers   STD  Crypto   Library   MicroCTRL   RNG  Library   Physical  RNG   SlingSecure   provided   Coprocessor   Library   Custom   HW   (FPGA)   Hardware  Peripherals   User  Interface   Library   Display   &   Trackball   MicroSD   HOST  OS  provided   Smart  Card   USR  provided   CORE  SDK   HOST  Apps   HOST  SDK   BASIC  APPS   UST  SDK  &  Development  Libraries  
  18. 18. UST  Crypto  Libraries   UST  based  Secure  ApplicaCons  can  be  easily   developed  using  libraries   • Host  Libraries   -  Provide  UST  device Communication -  Export internal  UST  secure capabilities •        Core  Libraries   -  -  -  -  -  -  Encryption/Decryption Management Key Management microSD Secure Management Users Management Anti tampering Management Custom Secure Functions & Algorithms PC/ Host Host Secure Application Host Libraries Core Libraries UST  
  19. 19. UST  Security   Key s •        Master  Key  (Km)  -­‐  internally  generated  -­‐  one  for  each  device  -­‐  using  USE   RNG   •        SD  Key  (Ksd):  generated  when  microSD  is  formaled   •        Admin  Key  (Ka):  Customer  generated  used  inside  admin  soVware   •        Remote  Management  Keys  (Ke,  Ks):  generated  by  key  management   system   Encryption Algorithms •        Customer  developed  encrypCon  algorithms   •        AES256  (with  custom  SBOX1)  used  to  encrypt  microSD  FAT  and  Data   •        CMAC  with  AES256  (with  custom  SBOX2)  used  for  authenCcaCon   •        AES256  (with  custom  SBOX2)  used  to  cipher  communicaCon  protocol   •        SHA256  used  for  digest  funcCons   Algorithm  structure  can  be  fully  customised  on  request  
  20. 20. UST  Key  Repositories   Any  USE  device  supports  two  key  repositories   •        Manual  Keys   •        Can  be  added/deleted  by  the  user   •        Can  be  imported/exported   •        Can  be  generated  using  USE  internal  RNG   Keys are encrypted by means of an unique Over-Ciphering Key Manual Keys •        Remotely  Managed  Keys   Managed Keys •        Can  be  generated  exclusively  by  Key  Remote  Management  system      •        Can  be  imported  only  to  the  designated  USE  device      •        Cannot  be  exported  by  the  user   Key  Repositories   Key ID (4 bytes) Attributes/Policies Encrypted Key Value (16 Bytes) IN Over-Ciphering Key AES   256   OUT Clear Key Value (16 Bytes) UST  2  
  21. 21. UST  -­‐  Manual  Keys   Manual  keys  are  managed  by  the  User   • Enabled only if defined in the USE device policies • Can be exported/imported (manual backup, manual transfer) • Can be generated manually or by means of the USE physical RNG • Under the User responsibility UST  1   Export   Encrypted Key Export/Import  process   Signature Import   • To export one or more manual keys the public identifier (public key) of the destination USE device is required • • The exported key is encrypted and signed using a public key algorithm A family key can be used to limit the manual key export process UST  2   (closed group) • The process can be used for manual key backup (export to itself) Export/Import   Process  
  22. 22. UST  Backup   Keys are encrypted by means of an unique Over-Ciphering Key UST  can  produce  encrypted  backups   readable  by   ü  same  UST   ü  "rescue"  UST   Full Data and Manual Key Backup •        Manual  Keys  only   •        Public  and  Private  data   •        KRM  managed  keys  backup  up  on  KRM  server   UST   Backup  data   Encrypted Keys and Data Signature Backup DataBase Backup   microSD   Backup  CD  
  23. 23. UST  KRM  -­‐  Keys  Remote  Management   UST  devices  can  be  remotely  managed  if  two  special  keys   are  provided  at  IniCalizaCon  Time   •        KRM  AuthenWcaWon  Key   Managed •        KRM  EncrypWon  Key   The  keys  above  are  univocally  generated  by  the  Key   Remote  Management  (KRM)  Server   •        One  KRM  pair  per  UST  device   •        The  KRM  pairs  are  stored  both  in  the  UST  device  and  in   the  KRM  server   UST   M a n a g e d   Win/Linux   K e y   M a c O S   Database   Server   Key  Remote  Management  (KRM)  Server   The  KRM  Server  generates  operaConal  keys  for  any  UST   device   •        Every  operaWonal  key  is  encrypted  and  signed  for  the   specific  UST  device   •        The  generated  key  is  imported  by  the  user  and  stored  in   the  internal  UST  Remote  Managed  Key  repository   GeneraCon   Encrypted Key Import   Remotely  Managed  Keys  cannot  be  exported   UST   Signature
  24. 24. KRM  Security   KRM  Security  Engine   •  KRM Key generation •  KRM Authentication and Encryption •  Administrator Authentication KRM  System  scalability   Managed Keys W i n / L i n u x   MacOS  Server   Key  Remote  Management  (KRM)  Server   •  One UST adminsupports  UST  network Growth •  1MB memory manages over 1500  UST   devices Managed  Key   Database   GeneraCon   Encrypted Key Import   UST   Signature
  25. 25. UST  Firmware  Update   UST  Firmware  updates  are   OEM   ü  Encrypted  for  each  single  device   ü   Signed  by  the  OEM   * J   ^ USEpro FW Update SN:  none  -­‐  APP:  none  -­‐ Firmware  Update   A d m i Password   Admin  Login   n   Upload  New  Firmware   WaiPng  for  device..,   UST  Administrator  Login  is   required  for  firmware  update   Encrypted Firmware Firmware  1   Signature Encrypted Firmware Signature Firmware  2...N  
  26. 26. UST  Standard  ApplicaCons   Standard  UST  comes  with  a  simple  and  effecCve  soVware   simple  and  effecPve  soVware  that  allows   ü  access  to  the  private  secure  area  of  the  memory  card   ü  file  and  folders  encrypCon  with  simple  drag and drop ü  basic  key  management  funcCons   Professional  soVware  tools  include   ü  UST  Test  Toolkit   ü  RNG  Test  tool   ü  Custom  developed  tools  and  SW  for  specific  requirement  
  27. 27. UST Security Suite Suite is the simple and effective software that allows UST Security ü  access to the private secure area of the memory card ü  file and folders encryption with simple drag and drop ü  basic key management functions
  28. 28. UST  Off-­‐line  EncrypCon/DecrypCon   •        Drag  and  Drop  your  files   •        Secure  Documents  will  recognize  the   crypto  acPon  automaPcally   •        Select  the  encrypPon  key  from  your   internal  UST  Keys  Database   •        Your  keys  will  never  come  out  of  your  UST   device   •        Auto  Key  generaPon  using  FIPS  140-­‐2   random  noise  generator   Off-­‐line  crypto  opera3ons  allow  you  to   protect  any  files  stored  on  internal  or   external  media  
  29. 29. UST  Test  Toolkit   UST  Test  Tool   kit  allows   professional   users  and   developers  to   test  and  verify   internal  HW   funcPons.  
  30. 30. UST  RNG  Test  Tool   RNG  Test  Tool  allows   professional  users  and   developers  to  test  and   verify  internal  Random   Noise  Generator   performances  and  FIPS   compliance.  Random   stream  export  funcCon   for  external  test  or  use   within  custom   applicaCons.  
  31. 31. SlingSecure  Custom  tools  and   SW   SlingSecure cryptographic functions can be exported to the Host Custom  Algorithms  and  FuncCons   ü  Tool  Suite  for  custom  algorithms  and  funcCons  design   Off-­‐line  EncrypCon/DecrypCon   ü  SlingSecure  devices  can  be  used  as  a  secure  engine   to  encrypt/decrypt  files  and  documents  on  the  Host   System   Crypto  Libraries   ü  Internal  security  funcCons  can  be  exported  and   used  on  the  Host  System  by  means  of  specific  crypto   libraries  
  32. 32. SlingSecure  Service  &  Support   SlingSecure  products  are  backed  up  by  the  support  of   the  engineering  and  design  team  for   ü  Cost  effecCveness     ü  Smooth  system  integraCon   ü  Timely  soluCon  delivery   The  high  level  service  &  support  for  all  SlingSecure  View   products  allows  the  Customer  to  reach  the  desired  result  with   the  best  cost  to  performance  raPo  
  33. 33. Contacts   SlingSecure  InternaPonal   30' Kenilworth/1 Sir Augustus Bartolo Street Ta' Xbiex, Malta