Secure control protocol for universal serial bus mass storage devices

Jianghong Wei; Wenfen Liu; Xuexian Hu

Secure control protocol for universal serial bus mass storage devices

View Fulltext

Author(s): Jianghong Wei ¹ ; Wenfen Liu ¹ ; Xuexian Hu ¹
- Affiliations: 1: State Key Laboratory of Mathematical Engineering and Advanced Computing, Science Avenue No. 62, Zhengzhou, People's Republic of China
Source: Volume 9, Issue 6, November 2015, p. 321 – 327
DOI: 10.1049/iet-cdt.2014.0196 , Print ISSN 1751-8601, Online ISSN 1751-861X

Received 12/11/2014, Accepted 22/04/2015, Revised 09/04/2015, Published 03/08/2015

The universal serial bus (USB) has some advantages like high transmission speed, plug-and-play and hot swapping, and has become the most popular interface standard for peripheral connections. However, such features also make it easier for a malicious user to extract confidential files from computer systems via USB ports. Consequently, to control the potential security risks of USB interface, many workplace and commercial corporations have directly forbidden their employees from using USB devices. To provide a flexible way of using USB without compromising security, this study proposes a novel secure control protocol for USB storage devices. The device and the server are required to complete mutual authentication and establish a session key used to encrypt the transferred files. The details of each phase of the new protocol are given. Security analysis demonstrates that the proposed protocol conquers those security pitfalls existing in the available protocols and can resist various attacks. Performance discussion indicates that the new protocol is also efficient enough for practical applications.

References

1. 1)
  - 15. Dolev, D., Yao, A.C.: ‘On the security of public key protocols’. Proc. IEEE 22nd Annual Symp. on Foundations of Computer Science, Nashville, USA, October 1981, pp. 350–357.
2. 2)
  - 18. Chatterjee, K., De, A., Gupta, D.: ‘Mutual authentication protocol using hyperelliptic curve cryptosystem in constrained devices’, Int. J. Netw. Sec., 2013, 15, (1), pp. 9–15.
3. 3)
  - 19. Lee, C.C., Liu, C.H., Hwang, M.S.: ‘Guessing attacks on strong-password authentication protocol’, Int. J. Netw. Sec., 2013, 15, (1), pp. 64–67.
4. 4)
  - 14. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: ‘Examining smart card security under the threat of power analysis attacks’, IEEE Trans. Comput., 2002, 51, (5), pp. 541–552 (doi: 10.1109/TC.2002.1004593).
5. 5)
  - 7. Schnorr, C.P.: ‘Efficient identification and signatures for smart cards’, J. Cryptol., 1991, 4, (3), pp. 161–174 (doi: 10.1007/BF00196725).
6. 6)
  - 17. Liao, I.E., Lee, C.C., Hwang, M.S.: ‘A password authentication scheme over insecure networks’, J. Comput. Syst. Sci., 2006, 72, (4), pp. 727–740 (doi: 10.1016/j.jcss.2005.10.001).
7. 7)
  - 9. Yang, F.Y., Wu, T.D., Chiu, S.H.: ‘A secure control protocol for USB mass storage devices’, IEEE Trans. Consum. Electron., 2010, 56, (4), pp. 2339–2343.
8. 8)
  - 2. Fabian, M.: ‘Endpoint security: managing USB-based removable devices with the advent of portable applications’. Proc. Fourth Annual Conf. Information Security Curriculum Development, Lafayette, USA, October 2007, pp. 28–32.
9. 9)
  - 16. Zhu, J., Ma, J.: ‘A new authentication scheme with anonymity for wireless environments’, IEEE Trans. Consum. Electron., 2004, 50, (1), pp. 230–234.
10. 10)
  - 12. Huang, X., Xiang, Y., Chonka, A., et al: ‘A generic framework for three-factor authentication: preserving security and privacy in distributed systems’, IEEE Trans. Parallel Distrib., 2011, 22, (8), pp. 1390–1397 (doi: 10.1109/TPDS.2010.206).
11. 11)
  - 4. Das, M.: ‘Two-factor user authentication in wireless sensor networks’, IEEE Trans. Wirel. Commun., 2009, 8, (3), pp. 1086–1090 (doi: 10.1109/TWC.2008.080128).
12. 12)
  - 13. Kocher, P., Jaffe, J., Jun, B.: ‘Differential power analysis’. Proc. Advances in Cryptology – CRYPTO'99, CA, USA, December 1999, pp. 788–797.
13. 13)
  - 1. Alzarouni, M.: ‘The reality of risks from consented use of USB devices’. Proc. Fourth Australian Conf. Information Security, Perth, Western Australia, April 2006, pp. 312–317.
14. 14)
  - 11. He, D., Kumar, N., Lee, J.H., et al: ‘Enhanced three-factor security protocol for consumer USB mass storage devices’, IEEE Trans. Consum. Electron., 2014, 60, (1), pp. 30–37 (doi: 10.1109/TCE.2014.6780922).
15. 15)
  - 5. Juang, W., Wu, J.: ‘Two efficient two-factor authenticated key exchange protocols in public wireless LANs’, Comput. Electr. Eng., 2009, 35, (1), pp. 33–40 (doi: 10.1016/j.compeleceng.2008.03.002).
16. 16)
  - 10. Lee, C.C., Chen, C.T., Wu, P.H., et al: ‘Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices’, IET Comput. Digit. Tech., 2013, 7, (1), pp. 48–55 (doi: 10.1049/iet-cdt.2012.0073).
17. 17)
  - 3. Xu, J., Zhu, W., Feng, D.: ‘An improved smart card based password authentication scheme with provable security’, Comput. Stand. Interfaces, 2009, 31, (4), pp. 723–728 (doi: 10.1016/j.csi.2008.09.006).
18. 18)
  - 31. Diffie, W., Hellman, M.: ‘New directions in cryptography’, IEEE Trans. Inf. Theory, 1976, 22, (6), pp. 644–654 (doi: 10.1109/TIT.1976.1055638).
19. 19)
  - 6. Pointcheval, D., Zimmer, S.: ‘Multi-factor authenticated key exchange’. Proc. Sixth Int. Conf. Applied Cryptography and Network Security, Beijing, China, June 2008, pp. 277–295.

Login

Not registered yet?

Share

Tools

Login to add to favourites

Key

Secure control protocol for universal serial bus mass storage devices

References

Related content