KiwiVault: Encryption Software for Portable Storage Devices

Florence, Trevor Bradshaw

19 August 2009

While many people use USB flash drives, most do not protect their stored documents. Solutions for protecting flash drives exist but inherently limit functionality found in unprotected drives such as portability, usability, and the ability to share documents between multiple people. In addition, other drawbacks are introduced such as the possibility of losing access to protected documents if a password is lost. Assuming protecting portable documents is important, in order for people to be willing to protect their documents they should be required to make as few sacrifices in functionality as possible. We introduce KiwiVault, a USB flash drive encryption solution that retains more of the functionality found in unprotected storage devices than preceding solutions. In addition, this thesis reviews encryption solutions appropriate for portable data storage, reviews security components used by KiwiVault, discusses the design and implementation of KiwiVault, discusses a user study and threat analysis conducted to validate KiwiVault as a solution, and proposes future work.

security

portable storage

privacy

file encryption

computer science

Computer Sciences

Data Security Architecture Considerations for Telemetry Post Processing Environments

Kalibjian, Jeff

10 1900

Telemetry data has great value, as setting up a framework to collect and gather it involve significant costs. Further, the data itself has product diagnostic significance and may also have strategic national security importance if the product is defense or intelligence related. This potentially makes telemetry data a target for acquisition by hostile third parties. To mitigate this threat, data security principles should be employed by the organization to protect telemetry data. Data security is in an important element of a layered security strategy for the enterprise. The value proposition centers on the argument that if organization perimeter/internal defenses (e.g. firewall, IDS, etc.) fail enabling hostile entities to be able to access data found on internal company networks; they will be unable to read the data because it will be encrypted. After reviewing important encryption background including accepted practices, standards, and architectural considerations regarding disk, file, database and application data protection encryption strategies; specific data security options applicable to telemetry post processing environments will be discussed providing tangible approaches to better protect organization telemetry data.

encryption

key management

data security

disk encryption

file encryption

database encryption

application encryption

Hardware Security Module

FIPS 140-2

Common Criteria

tokenization

Format Preserving Encryption (FPE)