Volume 3 - Issue 3 - 4
Vulnerability to Flash Controller for Secure USB Drives
- Jaein Kim
Soonchunhyang University, Asan, Republic of Korea
boxbop@sch.ac.kr
- Youngjun Lee
Soonchunhyang University, Asan, Republic of Korea
dogehk@sch.ac.kr
- Kyungroul Lee
Soonchunhyang University, Asan, Republic of Korea
carpedm@sch.ac.kr
- Taeyoung Jung
Soonchunhyang University, Asan, Republic of Korea
jtyworld@sch.ac.kr
- Dmitry Volokhov
Soonchunhyang University, Asan, Republic of Korea
dmitry@sch.ac.kr
- Kangbin Yim
Soonchunhyang University, Asan, Republic of Korea
yim@sch.ac.kr
Keywords: Vulnerability Analysis, Secure USB drive, Flash Controller
Abstract
This paper analyzes a vulnerability in the flash controller for secure USB drives, which is meant to
enable secure USB drives to prevent unauthorized access to the data stored on them. This controller
divides a driver into several partitions, one of which is configured as a secure area to store secret
information. Generally, secure USB drives supporting multiple partitions may have three different
areas, such as a CD-ROM area, a secure area, and a hidden area. The CD-ROM area stores the ap-
plication software that manages security functions, the secure area stores the data that users wish to
protect, and the hidden area stores secure information for user authentication. In this environment, it
is a requirement that no one can access the data stored in the secure area when the user authentication
fails. Nevertheless, attackers can access the secure area if they manipulate a vulnerability in the flash
controller within the USB flash drive. In this paper, we analyze and verify this vulnerability. We
expect our results will provide manufacturers with useful information for making a more secure USB
flash controller.