Hard Drives, iPhones And Fingering Security

RSS

Apple's latest iPhone 5S lets you unlock it using your fingerprint (see Apple Launches New iPhone 5S and 5C). It is a neat implementation but biometric security is not new. It has been built into laptops and even removable hard disk drives like Apricorn Aegis Bio - USB 3.0 (see Checking Out Biometric Security). The advantage of these two platforms (Fig. 1) is that access requires the proper finger to be available to use the device.

The technology does work and it is handier than trying to remember a complex code sequence but there are issues. In the iPhone's case, it is simply an addition to the existing security access mechanisms. It does not use fingerprint recognition exclusively and that is good and bad. On the good side, it means that access can be gained using the alternate means if the fingerprint recognition does not work. The bad side is the access can be gained using the alternate means so security is no better than the least protected means of access.

On the other hand, the Apricorn Aegis Bio is only accessible via fingerprints. It can recognize up to five fingerprints. They recommend that at least two different fingers be programmed for each user and that two or three people be set up to unlock the system. My fingerprints worked nicely with this hard drive and it has been very reliable in terms of access but it was not as kind with my wife's fingerprints. That can definitely be a downer when trying to get access to important information but newer fingerprint sensors are more accurate. The problem of false negatives is less annoying when trying to use your iPhone because the alternative access methods are available to you.

Also, don't try programming the Aegis Bio without the instructions. It uses flashing LEDs and it only allows a limited number fingerprints to be stored. Resetting the system trashes the contents of the hard drive.

This is one reason I prefer the new Aegis Padlock Fortress (Fig. 2). It is also a USB 3.0 drive so it is fast. Dropping video files on this storage device is a quick. Right now it is my preferred system because it supports an admin passkey along with multiple keys. The system is FIPS 140-2 Level 2 validated. Its 256-bit AES-XTS hardware encryption means transfers run at line rates limited more by the disk drive than the encryption.

The Aegis Padlock Fortress is available as a hard drive and there is also a solid state disk version. One neat feature is a self destruct PIN. Of course, you don't ever want to use it accidentally because it essentially trashes the entire contents of the drive with no recovery possible. The drives are in a rugged, rubberized (actually an epoxy resin) version as well as a crush resistant aluminum enclosure version for those that really want to protect their data.

One feature I would have really liked with the Apricorn drives would be a way to split the drive with separate keys for each partition. Having both partitions accessible at the same time would be preferable but with different keys for unlocking each.

Another alternative I use is the USB 3.0 Aegis Portable 3.0 (Fig. 3) that does not have the built-in encryption support. They are less costly but they can still be used to store data in encrypted form using your favorite operating system or application that supports encrypted files and directories. My favorite is the open source TrueCrypt. It uses encrypted files to create logical volumes that can be accessed by the operating system and then by any application once the files are unlocked. It does much more but check out the site for the details. Better yet, download a copy and try it.

The solid state drive Aegis Portable 3.0 has a transfer rate of 360 Mbytes/s compared to the 100 Mbytes/s for the hard drives. As with the other drives, these are USB powered and they are compatible with Windows, the Mac and Linux (although they don't state the later).

One of the main advantages of the encrypted Apricorn drives is that the keys are entered using an out-of-band mechanism that cannot be compromised by the computer. Someone can watch you enter a key or try to copy your fingerprint but that is something that requires local circumvention. Compare this to encryption done through an application or driver that can be compromised by software. It is definitely not easy but possible. These days it pays to be paranoid.

I have not switched from my Android phone to an iPhone yet but I have been taking advantage of the Apricorn drives.

Newsletter Signup

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems

Contributors

William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×