Browse > Article
http://dx.doi.org/10.7840/kics.2013.38B.12.944

The Authentication and Key Management Method based on PUF for Secure USB  

Lee, Jonghoon (숭실대학교 전자공학과 통신망보안 연구실)
Park, Jungsoo (숭실대학교 전자공학과 통신망보안 연구실)
Jung, Seung Wook (숭실대학교 정보통신전자공학부)
Jung, Souhwan (숭실대학교 정보통신전자공학부)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.38B, no.12, 2013 , pp. 944-953 More about this Journal
Abstract
Recently, a storage media is becoming smaller and storage capacity is also becoming larger than before. However, important data was leaked through a small storage media. To solve these serious problem, many security companies manufacture secure USBs with secure function, such as data encryption, user authentication, not copying data, and management system for secure USB, etc. But various attacks, such as extracting flash memory from USBs, password hacking or memory dump, and bypassing fingerprint authentication, have appeared. Therefore, security techniques related to secure USBs have to concern many threats for them. The basic components for a secure USB are secure authentication and data encryption techniques. Though existing secure USBs applied password based user authentication, it is necessary to develop more secure authentication because many threats have appeared. And encryption chipsets are used for data encryption however we also concern key managements. Therefore, this paper suggests mutual device authentication based on PUF (Physical Unclonable Function) between USBs and the authentication server and key management without storing the secret key. Moreover, secure USB is systematically managed with metadata and authentication information stored in authentication server.
Keywords
USB; Authentication; PUF; Encryption; Secret Key;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 National Industry Security Center, Indstrial Security Information, retrieved May, 10th, 2013, from http://service4.nis.go.kr/servlet/page.
2 National Intelligence Service, Security Management Guidelines for Auxiliary Storage Media (Translated), July 2007.
3 S.-H. Lee and I.-Y. Lee, "A study on security solution for USB flash drive," J. Korea Multimedia Soc. (KMMS), vol. 13, no. 1, pp. 93-101, Jan. 2010.   과학기술학회마을
4 S.-H. Lee, J. Kwak, and I.-Y. Lee, "The study on the security solutions of USB memory," in Proc. 4th Ubiquitous Inform. Technol. Applicat. (ICUT 2009), pp. 1-4, Fukuoka, Japan, Dec. 2009.
5 S. H. Chung, J. S. Lee, and D. K. Kim, "Analysis on vulnerability of secure USB flash drive and countermeasure using PUF," in Proc. Inst. Electron. Eng. Korea (IEEK) SoC 2011, pp. 16-17, Cheongju, Korea, Apr. 2011.
6 M. Kim, H. Hwang, K. Kim, T. Chang, M. Kim, and B. Noh, "Vulnerability analysis method of software-based secure USB," J. Korea Inst. Inform. Security Cryptology (KIISC), vol. 22, no. 6, pp. 1345-1354, Dec. 2012.   과학기술학회마을
7 M. Han, "Trends for security techniques of USB and products (Translated)," IITA Weekly Technol. Trends, vol. 1380, no. 1380, pp. 14-20, Jan. 2009.
8 H. Lee, C. Park, G. Lee, K. Kim, and S. Lee, "An analysis on secure USB at the point of forensic view (Translated)," in Proc. Korean Soc. Broadcast Eng. (KSOBE) Conf. 2008, pp. 63-65, Seoul, Korea, Feb. 2008.
9 G. E. Suh and S. Devadas, "Physical unclonable functions for device authentication and secret key generation," in Proc. 44th ACM Annu. Design Automation Conf. (DAC '07), pp. 9-14, San Diego, U.S.A., June 2007.
10 S. W. Jung, and S. Jung, "HRP: A HMAC-based RFID mutual authentication protocol using PUF," in Proc. Int. Conf. Inform. Networking (ICOIN 2013), pp. 578-582, Bangkok, Thailand, Jan. 2013.
11 J. Lee, M. Park, and S. Jung, "OTP-based transaction verification protocol using PUFs," J. Korea Inform. Commun. Soc. (KICS), vol. 38B, no. 6, pp. 492-500, June 2013.   과학기술학회마을   DOI   ScienceOn
12 S.-M. Yoo, D. Kotturi, D. W. Pan, and J. Blizzard, "An AES crypto chip using a high-speed parallel pipelined architecture," Microprocessors and Microsystems, vol. 29, no. 7, pp. 317-326, Sep. 2005.   DOI   ScienceOn
13 Wikipedia, TrueCrypt, retrieved May, 10th, 2013, from http://en.wikipedia.org/wiki/TrueCrypt.
14 H.-J. Jeong, Y.-S. Choi, W.-R. Jeon, F. Yang, S.-J. Kim, and D.-H. Won, "Analysis on vulnerability of secure USB flash drive and development protection profile based on common criteria version 3.1," J. Korea Inst. Inform. Security Cryptology (KIISC), vol. 17, no. 6, pp. 99-119, Dec. 2007.   과학기술학회마을