Vulnerability to Flash Controller for Secure USB Drives – Journal of Internet Services and Information Security

Volume 3 - Issue 3 - 4

Vulnerability to Flash Controller for Secure USB Drives

Jaein Kim Soonchunhyang University, Asan, Republic of Korea
boxbop@sch.ac.kr
Youngjun Lee Soonchunhyang University, Asan, Republic of Korea
dogehk@sch.ac.kr
Kyungroul Lee Soonchunhyang University, Asan, Republic of Korea
carpedm@sch.ac.kr
Taeyoung Jung Soonchunhyang University, Asan, Republic of Korea
jtyworld@sch.ac.kr
Dmitry Volokhov Soonchunhyang University, Asan, Republic of Korea
dmitry@sch.ac.kr
Kangbin Yim Soonchunhyang University, Asan, Republic of Korea
yim@sch.ac.kr

DOI: 10.22667/JISIS.2013.11.31.136

Keywords: Vulnerability Analysis, Secure USB drive, Flash Controller

Abstract

This paper analyzes a vulnerability in the flash controller for secure USB drives, which is meant to
enable secure USB drives to prevent unauthorized access to the data stored on them. This controller
divides a driver into several partitions, one of which is configured as a secure area to store secret
information. Generally, secure USB drives supporting multiple partitions may have three different
areas, such as a CD-ROM area, a secure area, and a hidden area. The CD-ROM area stores the ap-
plication software that manages security functions, the secure area stores the data that users wish to
protect, and the hidden area stores secure information for user authentication. In this environment, it
is a requirement that no one can access the data stored in the secure area when the user authentication
fails. Nevertheless, attackers can access the secure area if they manipulate a vulnerability in the flash
controller within the USB flash drive. In this paper, we analyze and verify this vulnerability. We
expect our results will provide manufacturers with useful information for making a more secure USB
flash controller.

Date

November 2013

Page Number

136-145