27-09-2016, 10:26 AM
1456292968-our.docx (Size: 80.66 KB / Downloads: 4)
Abstract— The portable storage market environment is rapidly changing due to the emergence of USB memory. USB memory is used as a portable storage device by many users. However, due to the high portability of USB memory, there are many problems where personal identifiable information data and corporate confidential affairs are leaked to the public in case of loss, theft, or capture of the portable device. Therefore it is very important to develop various kinds of authentication solutions to protect the confidential information against unauthorized access.
In this paper we present the implementation of system that limit access and manage identity for endpoint protection and data theft prevention from USB and external devices to maintain information security in a corporate environment.
I. INTRODUCTION
With the advancement of Smartphone’s technologies and ever increasing ubiquitous access and advances of storage technologies, the corporate and personal data are becoming more vulnerable. The usage of portable devices like iPods, USB sticks, PDAs is becoming commonplace in our society. Also, businesses are embracing new technologies and integrating with World Wide Web to increase productivity. Therefore corporate data are becoming more mobilized and distributed and hence increasing security risk for enterprises. To maintain a rigid protection against data theft in a corporate or personal environment, employee or user behavior must be handled with a highest degree of care.
Therefore it is very important to develop various kinds of authentication solutions to protect the confidential information against unauthorized access. The common way is to take off the USB port from the computer to prohibit the use of USB storage devices.
II. PROCESS DESCRIPTION
The vision of this project is to develop various kinds of authentication solutions which will track record and limits the use of USB devices in a secured environment (network) thus maintains confidentiality and integrity to meet information security standards and protect the confidential information against unauthorized access. We are proposing to keep a centralized database of allowed devices such as USB key board, printer, mobile devices and mouse etc. based on organization’s security standards [11]. Along with centralized repository, system should keep a distributed repository of devices in each local system, and it should be keep up to date by sync mechanism to let system work if central repository is not reachable (system is off line).
The process flow of system is shown in following figure for hardware detection is given by following algorithm
3. Device Identification:
Every USB device comprises a set of VID (Vendor ID) and PID (Product ID). These ID’s are 4 characters hexadecimal ID; e.g. a typical VID looks like VID_xx and PID looks like PID_yy, where xx and yy are hexadecimal number.
4. Device authentication
Devices are authenticated by a Whitelist (a list of authorized USB devices) located on a remote server database. In online mode devices should authenticated directly from server whitelist. If device is offline it should keep a local copy of remote whitelist in encrypted format to authenticate devices and maintain security. This authentication process is called 2-way authentication.
5.
At this place we take decision to block \ allow USB device to communicate with workstation.
IF VID ≠ 0 and PID ≠ 0
List L: List of all white listed USB devices
FOR EACH item in L (|L| >= 1), do
IF item [VID] == VID and item [PID] == PID then
B ←Authorize
else
B ←Un-Authorize
Return B