Browse > Article
http://dx.doi.org/10.13089/JKIISC.2007.17.6.99

Analysis on Vulnerability of Secure USB Flash Drive and Development Protection Profile based on Common Criteria Version 3.1  

Jeong, Han-Jae (Sungkyunkwan University Information Security Group)
Choi, Youn-Sung (Sungkyunkwan University Information Security Group)
Jeon, Woong-Ryul (Sungkyunkwan University Information Security Group)
Yang, Fei (Sungkyunkwan University Information Security Group)
Won, Dong-Ho (Sungkyunkwan University Information Security Group)
Kim, Seung-Joo (Sungkyunkwan University Information Security Group)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.17, no.6, 2007 , pp. 99-119 More about this Journal
Abstract
The USB flash drive is common used for portable storage. That is able to store large data and transfer data quickly and carry simply. But when you lose your USB flash drive without any security function in use, all stored data will be exposed. So the new USB flash drive supported security function was invented to compensate for the problem. In this paper, we analyze vulnerability of 6 control access program for secure USB flash drives. And we show that exposed password on communication between secure USB flash drive and PC. Also we show the vulnerability of misapplication for initialization. Further we develop a protection profile for secure USB flash drive based on the common criteria version 3.1. Finally, we examine possible threat of 6 secure USB flash drives and supports of security objectives which derived from protection profile.
Keywords
Secure USB Flash Drive; Common Criteria; Protection Profile;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 McAfee Threat Center, http://www.mcafee.com/us/threat_center
2 Blackhat (http://www.blackhat.com)
3 Jan Axelson, USB Complete 3rd, 2005
4 Radia Perlman, 'Secure Deletion of Data', International IEEE Security in Storage Workshop, 2005
5 이준호, 김영태, 이완석, '네트워크 스팸메일 차단시스템 보호프로파일 개발에 관한 연구, 한국 정보처리학회 추계학술발표대회 논문집 제13권 제2호', 한국정보처리학회, 2006. 11
6 홍원순, 김영태, 이완석, '기업용 바이러스 차단 소프트웨어 보호프로파일에 대한 연구, 한국정보처리학회 추계학술발표대회 논문집 제13권 제 2호', 한국정보처리학회, 2006. 11
7 http://msdn.microsoft.com
8 http://www.national.com
9 http://www.wikipedia.org
10 MITRE, http://cve.mitre.org
11 JISEC Threats Database, www.ipa.go.jp/security/jisec/vuln_tool_200508.html
12 http://www.perisoft.net
13 ZDNet, http://www.zdnet.com
14 김윤구, 이기동, 'USB의 데이터 송수신 성능향상을 위한 적응성 통신방식', 한국통신학회논문지, 31, pp. 996-1002, 2006   과학기술학회마을
15 Kingspin, 'Attacks on and Countermeasures for USB Hardware Token Devices', Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation, pp 35-57, 2000, Oct
16 http://www.usb.org
17 http://www.atpinc.com
18 Nikolai Joukov and Erez Zadok, 'Adding Secure Deletion to Your Favorite File System', Proceedings of the Third IEEE International Security in Storage Workshop, 2005
19 고찬, 박연, 'RSSS 방식에 의한 USB Driver의 보안기능 강화', 2005
20 IT 보안성 평가를 위한 공통평가기준 Version 3.1 개정1판, CCMB-2006-09
21 http://www.sec.co.kr
22 Mark G. Graff, Kenneth R. van Wyk, Secure Coding: Principles and Practices, ISBN: 0-596-00242-4
23 Security News Portal, http://www.securitynewsportal.com