The Benefits of AES Hardware Encryption for Secure USB Flash Drives,
Hard Drives and Solid State Drives


Securing Important Information with AES Hardware Encryption

Kanguru Defender Hardware Encrypted USB drives are secureAES hardware encryption has been around for a while, but you may be wondering how it protects and secures important and sensitive data on USB flash drives, hard drives and solid state drives. Kanguru Defender® secure USB drives provide the very best in FIPS Certified AES hardware encryption to help organizations secure their information, comply with tight security regulations like HIPAA, SOX, GLBA, FINRA, FERPA, etc., and follow best practices for their valued clients and customers.  A good understanding of the benefits of hardware encrypted drives will help you in selecting and deciding the right data security products for your organization.

What is AES Hardware Encryption?

AES stands for Advanced Encryption Standard, and is a specification standard by the National Institute of Standards and Technology (NIST) for the security of data.  AES is a widely recognized and adapted cryptographic module used in the U.S., Canada and worldwide by military, government, financial institutions, and organizations all around the world as the standard for encrypting and decrypting of data.[1] There are different degrees of AES hardware encryption, for example 128-bit, 192-bit, and 256-bit, with each key size providing an increased level of protection and complexity.  Essentially, AES encryption is a block of algorithms that "scrambles" the data into unreadable code for transport, then when reconnected to the user, is unscrambled again by the same algorithm when the right keys are provided.  These algorithms are highly complex. To put it into perspective as one researcher at Leuven University puts it, “if a hacker were to attempt to “break the code” to gain access to an AES 128-bit encrypted flash drive, the number of steps he would have to take is an 8 followed by 37 zeros.  This would take a trillion machines, testing a billion keys per second, two billion years to uncover an AES-128 key.” [2]

The illustration below (Figure 1) demonstrates the encryption process in its simplest terms. The original, readable data is scrambled through an encryption algorithm so that the data becomes completely unreadable. The information can only be unscrambled or decrypted when a user enters the same encryption key, which is most often by password. This process can be done through either software encryption, or hardware encryption.

AES Hardware Encryption Process: How it works

 

Hardware Encryption VS. Software Encryption

For encryption security on USB flash drives, hard drives and solid state drives, two types of encryption methods are available: Software Encryption or Hardware Encryption.  Software Encryption is software based, where the encryption of a drive is provided by external software to secure the data. Software encryption options are available on the market as a cheaper alternative to hardware encryption, but the disadvantages tend to outweigh the benefits. It often requires numerous updates to keep up with hacking techniques, could be quite slow, and may require complex driver and software installations. Software encryption also may not provide the full security that businesses are expecting, to keep sensitive information from falling into the wrong hands. Though software encryption is better than having no encryption at all, it may still be vulnerable to user error, leaving data to fall through the cracks and be susceptible to potential thieves. Since software encryption requires users to follow certain procedures in order to secure the data, users may forget - or choose to ignore certain aspects of the encryption process.

With hardware encryption on secure USB drives, the AES encryption process is handled automatically, built right in with a small chip inside the drive itself. Once original data is encrypted, it becomes undecipherable in the background and is locked away under encrypted storage within the drive. If a thief were to try to gain access to the data without the password, the attempt is by all practical means impossible. But once the user enters their private password, the data is decrypted instantly, and made fully available to the user.

 

256-Bit AES Hardware Encryption on Kanguru Secure USB Drives

Kanguru Secure Set-Up Wizard for Defender secure flash drivesBecause of the potential vulnerabilities of software encryption, Kanguru strictly uses 256-bit AES hardware encryption for all Kanguru Defender secure USB flash drives, hard drives and solid state drives. Kanguru's hardware encrypted drives contain an "always-on" built-in random number generator that independently handles all of the security for the drive. When you plug the device into a USB port for the first time, a brief initialization set-up wizard will prompt you to assign a password for the device, along with a few simple questions of your preferences regarding features of the drive. Once you create your password, the encryption algorithms lock into place, and you can begin using your drive just as you would any other USB drive. The only difference you will notice is that you'll be required to enter your secure password when you plug the drive into a new machine to access your information.

 

Kanguru's Scalable / Flexible Solutions

256-bit AES hardware encryption provides by far the best level of protection for securing data on USB drives. The Kanguru Defender system of secure, hardware encrypted drives is a scalable solution that can be used by any sized company or organization, from individuals and small businesses, to large enterprise corporations, military and government alike. Whether you have a staff of 1, or a staff of 1000, you can secure sensitive data on USB flash drives, hard drives, and solid state drives anywhere and ensure its protection.

Guarding Against Brute-Force

Kanguru's secure measures do not stop there. To ensure the physical protection of the hardware encrypted chip inside, and guard against any brute force attempts that might try to gain access to the chip, Kanguru pursues a variety of world-renowned and widely-respected security certifications. These certifications are based on intense scrutiny of the best methods used to protect the encryption within the drive. For example, by achieving one of the highest levels of FIPS 140-2 Certification, at level 3, the Kanguru Defender 2000™ hardware encrypted secure flash drive demonstrates that it is the best in protecting against brute-force and any type of tampering. Most USB manufacturers tend to settle there, content with meeting the security requirements of physically protecting the hardware encryption of the drive. But Kanguru is devoted to offering the absolute best in USB security along with best practices for the highest quality encryption. By additionally pursuing Common Criteria testing and qualifications, Kanguru further demonstrates its commitment to excellence, and ensures its valued customers that their Kanguru Defender secure hardware encrypted drives will fully secure their important and sensitive data, to meet the highest level of security standards. Kanguru achieved Common Criteria certification in December 2014, now offering the world's only Common Criteria / FIPS 140-2 Certified secure USB flash drives. To learn more, see Highly Certified FIPS 140-2 and Common Criteria USB Flash Drives, or FIPS 140-2 and Common Criteria, Why It Matters.

Remotely Managing Kanguru Defender Hardware Encrypted, Secure USB Drives

Kanguru also offers a unique and robust solution for organizations to be able to monitor, manage, track and interact with assigned USB drives out "in the field". Available as either a self-hosted option or cloud-based secure service, Kanguru Remote Management gives IT administrators and managers the ability to:

  • Track And Manage Secure USB Drives Worldwide
  • Disable/Delete Lost Or Stolen Drives
  • Push Out Files and Messages to USB Drives
  • Set Up Online & Offline Permissions
  • Generate Reports
  • Export Audit Logs
  • Manage Passwords
  • Notify Users And Roll Out Policy Updates
  • Schedule Password Changes
  • Restrict IP Addresses and Domains
  • Enforce Policies

To learn more, see About Kanguru Central / Remote Management.

Visit Kanguru Defender® Secure USB Hardware Encrypted Flash Drives for more information.

 

 

Resources

1 Encyclopaedia Britannica; Advanced Encryption Standard, (AES)

[2] AgileBits Blog; AES Encryption Isn't Cracked, quoting an article by The Inquirer regarding Andrey Bogdanov, Researcher at Leuven University, August 18, 2011

 

Kanguru Defender 2000, Secure Hardware Encrypted USB Flash Drive, FIPS 140-2 Certified, Common Criteria

Kanguru Defender 3000™

• AES 256-Bit Hardware Encryption
• FIPS 140-2 Level 3 Certified
• SuperSpeed USB 3.0
• On-Board Anti-Virus
• Remotely Manageable
• Brute-Force Protection
• Rugged Alloy Housing

Organizations are challenged more than ever to protect their information and the sensitive data of their clients. Kanguru makes it easy for organizations to face those challenges with secure, hardware encrypted USB flash drives, hard drives and solid state drives. With solid AES 256-bit hardware encryption, remote management, robust on-board anti-virus, and the highest levels of certification, Kanguru ensures its encrypted USB drives comply with even the most demanding data security regulations worldwide.

concerned about badusb?  Don't be.  Kanguru Defender Series

Looking to meet specific data security standards for your industry?

See how Kanguru can assist with meeting data security complianceSee how Kanguru can assist you with meeting your data security compliance needs