Checking Out Biometric Security

RSS

I’ve be carrying Apricorn’s Aegis Bio - USB 3.0 (Fig. 1) for awhile and I have been pleased with its overall operation. It uses fingerprint biometrics to unlock access. The drive uses 256-bit AES-XTS hardware encryption so it can take advantage of USB 3.0 throughput.

The nice thing about these types of drives is that they operate with any operating system. I actually put a Windows, Linux ext4 and MacOS partition on the drive. Yes, the partitions do make a difference. The Mac only syncs with a MacOS partition and Windows wants an NTFS partition to maintain its attributes. Using the drive with any of the systems was a matter of plugging in the built-in USB cable and swiping a finger over the sensor.

The drive remembers up to five fingerprints but the only option to change them after five have been programmed requires a complete wipe of the hard drive. Of course, this is usually not necessary since one typically registers fingers once. It is recommended to have at least two or three fingers registered for the primary user. Using fingers on different hands is useful as well. Five fingerprints are sufficient for two people.

It is possible to use one fingerprint per user but recognition is not 100%. That is why having at least two per person helps. I usually got the system to recognize my primary finger after two swipes and have never used the backups except to occasionally test the system. On the other hand, the drive does have a more difficult time recognizing my wife’s fingerprint.

The registration process is a bit arcane since the only I/O consists of three colored LEDs, the fingerprint sensor and one button. Still, once the fingers are registered the system can be utilized easily. It is simply a matter of swiping a registered finger when the red LED is on until the finger is recognized and the green LED lights.

The advantage is that you do not have to remember or enter a code to gain access to the drive. I have also use Apricorn’s secure drive with that employs a keyboard for entering a password (see Secure USB 3.0 Hard Drive). This system does have the advantage of master passwords and more selective programming. I use a ten digit PIN so getting the system to work takes a bit more time and any error takes longer to correct. Failure to recognize a fingerprint takes less than a second so retries are fast.

Biometrics like fingerprints can be spoofed but not easily. Of course it does require access to one’s fingerprint and you need to know what fingers are registered. In general, these types of drives provide good protection if they are lost or stolen.

The one downside is that a drive can be reset thereby destroying all the data. It must be done deliberately. Unfortunately there is no indication that a drive has been reset and reprogrammed. This is true for most other drives of this type that I have seen including those using keypads. On the other hand, this would not be very different from someone erasing or formatting a conventional hard drive.

So far I find the Aegis Bio to be more convenient that the keypad-based sibling. I actually have to keep the PIN for the latter in a safe just in case. I tend forget it when I have not used the drive for awhile.

The Aegis Bio comes with a carrying case and an extension USB cable with dual plugs in case a single USB host connection does not provide sufficient power. Any USB 3.0 host will work nicely as will most USB 2.0 hosts.

As with any hard drive, you will want to have a backup. The security these drives provide is very good but security does not equate to data integrity. A file can be deleted or corrupted by an application or operating system by accident or on purpose and the encryption support will make no difference.

The Aegis Bio starts at $199 so security comes at a premium but still very affordable compared to unsecured drives. Software-based security is a lower cost option but it is not as secure and it can be harder to use especially if the drive is used with different systems. For the average user, the Aegis Bio makes a lot more sense.

Newsletter Signup

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems

Contributors

William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×