News

Encrypted USBs – Understanding the specs

09/02/2018

Encrypted

Encrypted USBs have definitely come to the forefront in recent years when it comes to data protection and the way that organisations go about sharing information. There is still, however, a stigma about wanting to invest in such devices due to the fact that not much is really known about their capabilities. What do they actually do differently to a regular USB stick and what do all the different specifications around them mean? Phrases like ‘256-bit AES XTS encryption,’ for instance, mean absolutely nothing to someone who has never bought an encrypted USB before: therefore, we’ve supplied some information to help individuals better understand the common specifications they will come across when they search for such devices.

AES encryption

AES stands for Advanced Encryption Standard and was first introduced back in 2001 by the US National Institute of Standards and Technology (NIST) as an algorithm designed to protect against various security attacks and hacking. The encryption is designed to “scramble” the contents of anything stored on the device, including personal data, in order to keep information secure from unauthorised personnel. It works like a padlock on the content, except to access it requires an individual to input a long string of characters.

padlock

There are 3 variations of AES encryption which offer different character lengths to access information: these are set at 128, 192, and 256 characters, with the latter being considered the best standard available.

So how does a cyber-criminal hack such a device? Well, technically it’s close to impossible, as without any prior information they would need to go through up to 2^256 key variations in order to successfully hack into a device. Therefore, when you see 256-bit AES Encryption anywhere, you can be guaranteed it will offer the best possible standard of security available.

Hardware Encryption

There are various ways in which you can encrypt a USB device so it cannot be accessed by someone else. Cryptography software, such as Windows BitLocker and Veracrypt, can be used to add additional security to devices. However, software encrypted devices are only as strong as the computer they are used on. If the computer or operating system is at all compromised, the security provided by the encryption code will also be at risk. The encryption software can also be quite difficult to configure, especially for beginners who have no prior knowledge of how encryption works.

In contrast, Hardware Encrypted devices use their own separate, integrated security to perform encryption and decryption. As it operates separately to a computer it requires no additional software to function, which essentially means it cannot become vulnerable from malicious attacks or viruses. It is therefore highly recommended for portable devices such as USBs, or laptops that are used to carry around sensitive information. Hardware encrypted devices in general also require less configuration, which could be considered easier if companies are looking to use them throughout their organisation.

Partitions

Put simply, partitions are pieces of information that have been grouped together into different areas on a drive so that they cannot be accessed all in one go. This is especially handy if you have more than one person using a single encrypted device and you do not want them to see all the information you have, and vice versa. It adds an additional layer of security, which means that even if a device is hacked not all the information may be compromised. For encrypted USBs, customers should look for devices which support multiple partitions wherever possible.

Partition

Anti Brute-Force Attack

A brute force attack is where a hacker or cybercriminal tries to discover a password by systematically trying every possible combination of letters, numbers, and/or symbols until they come across the correct combination. A password, in general, is never 100% secure, and given that many of us use something that is easily memorable to us, it becomes even more of an issue in modern society. Such attacks are easy to detect, but not as easy to prevent. This is where hardware encrypted devices come into their own, with many designed to automatically wipe the information on a flash drive after a failed number of password attempts has been reached. SafeToGo USBs, as one example, will delete the contents of a drive after 10 failed password attempts.

STG office shot

SafeConsole Compatibility

You may have seen this listed on some of our own encrypted devices. SafeConsole is a centralised management system designed to track all encrypted devices that an organisation may use. If, for example, you run a large national, or even international, organisation, SafeConsole will likely be beneficial in order to keep track of all data that is being shared or transferred among different users. The main benefit of this is that it offers complete control over encrypted devices, including how passwords are set-up, what content can be viewed and modified, and most importantly allow for such devices to be remotely wiped if they are ever lost or stolen, which in turn prevents data leaks from happening. The platform also enables you to ring-fence devices so that they can only be used within a certain area e.g up to 100 miles from the office base etc. Encrypted USBs such as SafeToGo are SafeConsole ready and therefore can be set up to work with this system.

Portal_1

FIPS Certification

FIPS stands for Federal Information Processing Standard. It is used in the US, Canada and the EU as a security standard against which software, hardware and firmware are measured, in regards to encryption. Currently, it is required by law that all US products used by the federal government for the purposes of cryptography (the official term) complete what’s called a FIPS 140-2 validation before they can be used. Essentially it just adds that extra layer of approval to a product and gives customers that extra peace of mind.

Within the FIPS validation process, cryptography applications are tested against a number of criteria which ultimately determine what security level within the certification it will achieve, which run from level 1-4. Level one validated products meet the basic security requirements while level 4 offers the highest form of security, offering protection against all types of unauthorized physical access – essentially the device is capable of detecting environmental fluctuations outside of its normal operating parameters, in terms of voltage and temperature, and will wipe itself clean if it meets one of the these criteria.

Most USB flash drives will rate at level 2 or higher on the FIPS validation if they are hardware encrypted.

Generally speaking, it is not uncommon to find devices that are advertised as FIPs compliant rather than actually being certified due to the fact that it is not an essential requirement that devices have to adhere to. As well there is an inherently large cost associated with getting a product certified in the first place, therefore it should not be considered the only measure that an encrypted USB is any good.

Make sure to take a look at USB2U’s comparison chart which shows how the SafeToGo USB shapes up against other devices on the market based on some of the above specifications.

Article courtesy of USB2U – https://www.usb2u.co.uk  

 

Cardwave and SafeToGo named finalists in the Techies Awards 2018

Cardwave has been named as a finalist in the Techies Awards 2018 in the Best Tech Security for our SafeToGo®  hardware encrypted ...

>Read more

Cardwave® launches ‘People’s data matters’ campaign

Over the last few months your inbox and social media feeds will probably have been overrun with stories, resources and ...

>Read more

Cardwave® launches SafeToGo® Solo, a new GDPR compliant hardware encrypted USB

Cardwave, a leading expert in flash memory technology solutions has expanded its SafeToGo® USB security range with a new GDPR ...

>Read more

Deciphering the importance of encryption

The first ever USB drive was sold by IBM back in December 2000 and what was then an innovative, valued ...

>Read more

Encrypted USBs – Understanding the specs

Encrypted USBs have definitely come to the forefront in recent years when it comes to data protection and the way ...

>Read more

Interview with Paul Norbury, Cardwave founder and CEO

At the end of 2017, Cardwave’s founder and CEO, Paul Norbury shared his thoughts, views and hopes about the EU GDPR ...

>Read more

A lesson in data protection

Organisations globally, including educational establishments, face fines of up to 4% of global annual turnover (or €20 million, whichever is ...

>Read more

Avoid huge fines and avert a financial crisis with SafeToGo®

With 2017 drawing to a close our thoughts turn to the New Year. The new year being 2018, the year ...

>Read more

Update 4.8.34 available

Update 4.8.34 is now available. You can update your USB by downloading the exe file linked under Question 12 in our support/FAQ ...

>Read more

Latest data breach stats from the ICO

With just over seven months to go until tougher data protection legislation becomes enforceable under the EU GDPR (General Data ...

>Read more

Data protection reform – the laws are changing but are data breach trends?

EU GDPR: We think we’re ready but are we really? With the enforcement of the new EU GDPR legislation now just ...

>Read more

Cardwave shares best practice in 2016/17 Parliamentary Review

Cardwave Services, based in Devizes, features alongside a select number of outstanding UK organisations in a publication that looks back ...

>Read more

Opportunity knocks for young film makers

Cardwave® Services Ltd in Devizes is delighted to share with you details of Take 2 of our exciting video advertisement competition which ...

>Read more

SafeToGo® named finalist in Computer Security Awards

Cardwave is delighted to announce that SafeToGo® has been shortlisted as a finalist in the 2017 Computing Security Awards under the ...

>Read more

Cardwave® achieves new ISO 9001:2015 Quality Management Systems Standards Certification

Cardwave Services Ltd, the global expert in flash memory specialising in removable and embedded solid-state storage system solutions, is proud ...

>Read more

Update 4.8.30 available providing McAfee anti-virus protection option

Update 4.8.30 is now available. This update gives the following benefits:- Integrated built-in Anti-Virus protection powered by McAfee by Intel Security. ...

>Read more

SafeToGo®: Helping UK businesses ensure EU GDPR compliance for data on the move

Sensitive data at risk as millions of USBs are lost/stolen every year At last month's Business Expo at STEAM in Swindon ...

>Read more

Win a SafeToGo® hardware encrypted USB drive

The latest statistics from the Breach Level Index show that data breach incidents are still on the rise, bad news ...

>Read more

Find out more about SafeToGo® at the South West Expo on 29th June

Interested in finding out more about SafeToGo and the other Business Solutions Cardwave offers? Why not pop along and see us ...

>Read more

EU GDPR: One year down, just one to go!

Are businesses on track for EU GDPR compliance? The new 2016 Breach Level Index reports a worrying 86% increase in the ...

>Read more

Competition Time!

For your chance to win a 4GB SafeToGo® hardware encrypted USB 3.0 flash drive simply share with us a photo ...

>Read more

USB drives…

Dated, novelty, giveaways? Or robust, secure solution for data on the move? Who can remember life before USB drives? Cast your ...

>Read more

EU GDPR: One year on and just one year to go

Are UK organisations any closer to being compliant? In April 2016, after four years of discussions the European Parliament finally approved ...

>Read more

Data breach baddies beware! There’s a new super hero in town

Protect your organisations data on the move from big bad fines with SafeToGo® The wonders and limits of modern technology Thanks to laptops ...

>Read more

Shortages of NAND Flash – customer update

I would like to take a moment of your time to give you an update on the supply problems that ...

>Read more

On Data Privacy Day – think and act now before it’s too late

Data Privacy Day is observed every January 28 as a reminder to protect and safeguard private data. Is your business ...

>Read more

Avert a medical data emergency by making sure you are SafeToGo®

Healthcare data breaches continue to rise The health sector handles some of the most sensitive personal data, and patients have the ...

>Read more

Resolve to keep your data secure in 2017

Protect your organisation and customers by building a security-minded staff culture Your company's security is an ongoing battle, loaded with ...

>Read more

Is your data safe to go?

Data breach incidents on the rise In recent years there have been numerous high profile data breach incidents, the severity and ...

>Read more

Cardwave Customer Questionnaire 2016

Cardwave customers were recently invited to share their experiences of working with the company via an anonymous online survey. We would ...

>Read more

Don’t be complacent with your data because of Brexit

Many people are still wondering what Brexit means for the implementation of the new EU GDPR in the UK, but ...

>Read more

Worrying statistics show businesses still without information security strategies

Information security remains a high priority for all organisations in 2016, both big and small. Data breaches continue to occur ...

>Read more

Origin Storage forms collaboration partnership with Cardwave

Origin Storage have become a Solutions Partner of SafeToGo® centrally managed encrypted USB’s by Cardwave. Mobile work forces are an important ...

>Read more

Data Security: Can your business afford to be complacent?

Your company's security is an ongoing battle, loaded with new challenges as technology changes. No company is immune to being ...

>Read more

Keep your course work safe at University

So you have just started university, there are lots of things you need to consider, including your course work safety ...

>Read more

2016 data security cases continue to rise

The Information Commissioner’s Office has reported a 22% increase in the number of data security cases received between April – ...

>Read more

Facing a data breach

The current average total cost per data breach stands at £2.57 million in 2016 - £200,000 more than it was ...

>Read more

Cardwave extend Team Partnership for 2016/2017

Cardwave are delighted to announce that our longstanding partnership with Swindon Wildcats Ice Hockey Team has been extended for yet ...

>Read more

Data Theft Affects You and Your Business Today

Data theft is not a new crime. For many years, there has been interest in our data and personal information ...

>Read more

Unsettling statistics about data breaches revealed

We’re halfway through the year, and the flood of data breaches shows no signs of stopping, leaving no industry sector ...

>Read more

Update 4.8.19 available

Update 4.8.19 is now available. You can update your USB by downloading the exe file linked under Question 12 in our support/FAQ ...

>Read more

Cardwave supports golf tournament to raise funds for Wiltshire Air Ambulance

Cardwave were really pleased to provide support to The Rotary Club of Chippenham at their annual Golf Tournament and Charity ...

>Read more

Cardwave scoops three awards in the Wiltshire Business Awards 2016, including Paul Norbury being crowned Business Person the Year

Cardwave founder and CEO Paul Norbury has been crowned Business Person of the Year at this year’s Wiltshire Business Awards. In ...

>Read more

EU Data Protection overhaul finally approved

After 4 years of discussions, the General Data Protection Regulation (GDPR) was formally approved yesterday by the European Parliament, meaning ...

>Read more

You don’t use secure USB drives? What could possible go wrong?

Over the years, we have repeatedly been alerted to stories of lost unencrypted USBs found storing sensitive data, and still ...

>Read more

Cardwave announces strategic expansion into the US

Cardwave is pleased to announce a strategic expansion into the US with the formation of a US company, Cardwave Inc, ...

>Read more

Survey reveals worrying facts around data breaches

A survey* carried out last month of the country’s top data protection professionals uncovered a worrying statistic that one third ...

>Read more

SafeToGo now compatible with Windows 10 and El Capitan with an upgrade to 4.8.16

SafeToGo is now compatible with Windows 10 and El Capitan with an update to version 4.8.16.  You can update your USB ...

>Read more

Apple El Capitan OS and Windows 10 platform compatibility notice

We are currently working on making SafeToGo compatible with Apple El Capitan OS & Windows 10. For current compatibility please ...

>Read more

The New EU Data Protection Regulations: An Update

A few months back, we took a look at the new regulations proposed for the EU to protect data. It’s ...

>Read more

Keeping your data safe at university

Here at Cardwave we’ve made a guide for students about data security and computer use whilst studying at university; take ...

>Read more

How safe is your data?

Preventing your data from loss or falling into the wrong hands should be a key part of every company’s IT ...

>Read more

Proposed Data Protection Regulations Update

Data protection should already be a priority for business. Now, the proposed EU Data Protection Regulations are set to raise ...

>Read more

Reasons to choose SafeToGo™

Safeguarding your data is critical to running your business and protecting intellectual property, as well as the privacy of employees ...

>Read more

Lucinda Fredericks joins forces with local firm Cardwave to protect her business and personal data with SafeToGo and ShieldToGo

Cardwave are delighted to announce a sponsorship deal with locally based Olympic equestrian eventer Lucinda Fredericks.  As a three day ...

>Read more

Data theft affects you and your business today

Data theft is not a new crime. For many years “they” have been interested in our data and personal information. ...

>Read more

Cardwave announces release of 64GB SafeToGo USB 3.0 Flash Drive at Infosecurity 2014

  Cardwave Services Ltd, one of the UK’s leading independent suppliers of  flash memory solutions is happy to announce the release ...

>Read more

Launch of hardware encrypted flash drive

Cardwave announces launch of USB 3.0, hardware encrypted flash drive, SafeToGo™ Devizes, United Kingdom - Cardwave are proud to announce the ...

>Read more