Abstract
USB memory devices are both portable and easily accessible, and have thus become one of the most popular forms of external storage device. However, if a USB device is lost, stolen, or hacked, it may lead to leakage of critical information. It is a logical outcome that malicious individuals will try to steal their colleagues' USB memories. Consequently, various USB products with built-in security functions have been developed. To our knowledge, there has been little or no security analysis and comparison of these devices. This paper explores technological and architectural approaches to secure USB memories while analyzing their vulnerabilities, especially for resistance to reverse engineering attacks on the authentication protocols and data decryption. In this analysis, we classify vulnerabilities of these devices into 12 categories to summarize the current security situations on USB memories. Additionally, we derive a more secure authentication protocol based on our analysis. It is expected for secure USB products, including USB memory devices, to be revised with enhanced authentication protocols as a result of this effort. Copyright © 2012 John Wiley & Sons, Ltd.