Adding security to portable USB hard drives
Fingerprint detection is an economical data protection solution
BY MARK SCHULTZ
Cypress Semiconductor
San Jose, CA
http://www.cypress.com
As portable media proliferates into more and more consumer products, data security is becoming increasingly important. An array of new portable consumer products using hard-disk-drive (HDD) mass storage need to protect confidential personal and business information from theft.
A USB-to-ATA bridge chip like the Cypress FX2LP can connect to an HDD and a fingerprint sensor.
Biometric security offers an economical solution that does not add significant user burdens such as extra passwords or additional log-in steps. Possible methods include fingerprint sensing, retina and iris scanning, signature analysis, and hand geometry. With fingerprint sensing, a simple swipe of a finger can authenticate a user.
Identification and security issues
These days, there is a password for everything. Passwords must be remembered and usually involve storing them somewhere, which can pose a security risk. Dongles can be used, but they are expensive and prone to being misplaced. Biometric applications need no passwords, require small and relatively inexpensive hardware, and fingerprints are never lost.
Once the identification issue has been handled, there are various ways to keep data secure from an unauthorized user. Two often-used methods are encryption and drive manipulation. Encryption comes in two forms: Hardware encryption adds cost and size to a design, and software encryption is slow when used on large amounts of data.
Drive manipulation involves hardware locking of the drive. One such locking mechanism that is available on all new HDDs is ATA Security, which involves a 32-byte password being sent to the drive electronics to put it into “Secure” mode.
After being power cycled, the drive comes up in a locked state until a password is provided. Since only the microcontroller in the enclosure knows the password, moving the drive to an unprotected enclosure does not make the drive readable, and security is maintained.
Biometric sensor types
Some sensor solutions require image processing on the PC while other solutions have a coprocessor to handle image data. Sensor communication with the PC in our case is accomplished via a native USB Class interface, thus making device driver installation unnecessary.
On the hardware side, various interfaces range from SPI to parallel bus. The type and speed of interface is related to the method of image processing. The sensor with the coprocessor requires only a few hundred kilobits per second, while the sensor that uses the PC for image processing requires a 6.5-Mbit/s throughput.
System requirements
Portable storage generally uses a 2.5-in. or smaller HDD, an enclosure, a power supply and a USB-to-ATA bridge. Adding a fingerprint sensor, such as the Authentec AES2510 slide type sensor, to an existing USB mass storage device is easily accomplished.
This sensor does not have a coprocessor, so the interface between it and the USB controller needs to support data burst rates up to 6.5 Mbits/s to keep up with the data during a finger swipe. We will be using the Cypress FX2-LP USB-to-ATA bridge IC, which can keep up with HDDs using UltraDMA-100 transfer rates.
Since the image processing will be done on the PC, there will be instances where the USB controller will be required to rapidly switch its interface back and forth between an ATA interface and a fingerprint sensor interface. This is easily accomplished by modifying the FX2-LP's interface on the fly (see Fig. 1 ).
Fig. 1: A USB-to-ATA Bridge can switch rapidly between a fingerprint sensor and ATA interface.
mplementation
The sensor interface will be added to a standard USB-to-ATA Bridge reference design. The FX2-LP contains a USB 2.0 serial interface engine, an enhanced 8051 microprocessor, and a general-purpose interface (GPIF).
The GPIF is a proprietary state-machine-based interface capable of data transfers of up to 96 Mbits/s and can be configured for various interfaces including ATA, NAND, Utopia, EPP, and Compact Flash. Since the GPIF is a RAM-based state machine, multiple sets of control waveforms can be copied in and out, making it reconfigurable under firmware control. Since the interface is directly connected to the FX2-LP's USB FIFOs, there is no need for firmware to do any data manipulation on the sensor data stream.
For this design, the GPIF waveforms will include parallel I/O read and write as well as Ultra DMA read and writes for the ATA interface. Additional waveforms for reading from and writing to the fingerprint sensor will be added to the project. The firmware for the HDD functionality comes from the FX2-LP chip's mass storage reference design and firmware for the fingerprint sensor comes from an Authentec supplied code library.
The AES2510 sensor is available with either an SPI or a parallel bus interface. Our HDD uses a parallel interface, so we will use the parallel version. I/O requirements include an 8-bit data bus, plus six control bits�RD, WR, CS, A0, INT, and PWR CTRL. The lower byte of the ATA bus can be shared for data if we are careful with the chip-select inputs to both the sensor and the ATA bus. Port C of the FX2-LP chip can be used for the control and status.
Communication between the sensor and the application software is accomplished via a Pass Thru extension to the Windows Mass Storage Driver. Use of Pass Thru commands enables the sensor to use the same USB interface as the Mass Storage Device, so no additional device drivers are required.
When a Pass Thru command is received, the firmware (from the sensor library) processes the command. The first thing that the firmware does is to overwrite the GPIF waveform memory, replacing the ATA waveforms with sensor waveforms.
Then the firmware acts upon the Pass Thru command performing the required reads and writes to the sensor. When the Pass Thru cycle is complete, the ATA waveforms are copied back into GPIF memory.
User interface
A typical secure drive has three partitions. One partition contains the biometric application software, which usually emulates a CD-ROM because it offers a better AutoRun response than a disk drive in Windows and it is write protected so our biometric application cannot be accidentally erased.
One partition will be for unsecured storage that the user can access at any time. The last partition will contain the protected data. The user will not be able to access the data in this partition without first verifying ownership via his or her fingerprint.
The application will Auto-Run from the emulated CD-ROM partition on drive start up and will process fingerprint image data sent via the Pass Thru interface for the purposes of both user enrollment and user verification. Verification is based on a comparison of the user's swiped fingerprint to their enrolled fingerprint image.
Once the user is verified, the public partition will be “unlocked” and its data will be available to the user. If the drive is disconnected from USB or if power is removed, the protected area will once again become inaccessible.
The flexibility of the FX2-LP chip makes adding biometric verification a pretty easy task. With some additional proprietary firmware, full drive security can be realized.
The cost of components to add biometric security is under $7 and similar solutions for other media such as NAND-flash are currently under development.