SR Labs demonstrated a vulnerability in one USB device that allowed malicious code to be programmed into the USB controller through a firmware update process. In the event that no recovery PINs were set and both the User and Admin PINs are forgotten, the drive can be reset and used again but all of the device's data will be lost as a result of the reset.īadUSB is a theoretical exploit that was presented by SR Labs at the Black Hat conference in August of 2014. Additionally the Admin can generate a new User PIN(s) from within the Admin mode. If Recovery PINs were not created at initial setup, the Admin PIN can be used to unlock the drive and recover the data.
Once the new User PIN is set up, you will be able to unlock the drive and access your data. If your drive was issued by your workplace, your IT Administrator/Help Desk should be able to provide you the recovery PIN. If you forget your original user PIN, the recovery PINs will allow you to create a replacement User PIN. If your device has a “Configurable” symbol on it, up to 4 recovery PINs can be programmed onto the device (typically by the Admin during initial configuration). Follow the steps in the manual to remove the User PINs (which will also remove all recovery PINs and self-destruct PIN) and then add new User PIN(s). The FIPS module is a complete encryption system, and all CSPs never leave the boundary and are never shared with a host system.Īccess the drive using the Admin PIN. The epoxy coated boundary includes all encryption functions and all Critical Security Parameters (CSPs) such as PIN storage, encryption key generation and storage, random number and seed generators, all firmware storage, and device storage.
The Secure Key’s security policy is located on the NIST site at the following link. Tested and validated by the National Institute of Standards and Technology (NIST) for use by the Federal governments of the USA, Canada and others, the Aegis Secure Key 3 is based on Apricorn’s FIPS 140-2 Level 3 validated encryption module as indicated by certificate #2834. Available in four levels, the Aegis Secure Key’s FIPS 140-2 Level 3 validation encompasses both the Aegis Secure Key’s physical tamper-resistant features as well as its identity-based authentication.
The Aegis Secure Key’s FIPS 140-2 validation covers 11 areas of its cryptographic security system, including physical security, cryptographic key management and design integrity.
NIST FIPS 140 is the cryptography standard program required by the US federal government for protection of sensitive data. government standards for information technology and computer security.
0 kommentar(er)
