New USB stick comes with built-in PIN keypad

A US company has come up with an original take on ultra-secure portable storage, fitting a full PIN entry keypad to a USB stick.

The LOK-IT Secure Flash Drive from Systematic Development Group comes in two versions, the simpler of which allows five-key PINs to be entered to gain access, with a more sophisticated version featuring 10 keys.

Apart from both using 256-bit AES encryption to secure data, both drives remain encrypted until the correct PIN code is entered at the point it is inserted into the PC, which can be Windows, Mac or Linux. Each drive supports two keys, one for the user and one for an admin.

The drive design resists physical attacks by surrounding the chip on which the encryption PIN is held in an epoxy resin that breaks the chip if tampered with. Brute force PIN hacking is blocked by a maximum of ten logins attempts after which the drive has to be reformatted.

In other respects, apart from its aluminium case and dust and water resistance, the drive is identical to any other USB stick, coming in 2GB, 4GB, 8GB and 16GB capacities.

According to Systematic Development’s John Tate, most customers are plumping for the most secure, 10-digit model, attracted by the design’s different take on USB stick security. The majority of the company’s rivals used a design that involved authenticating a user’s login using a driver layer on the PC, something that was vulnerable to keyloggers, he said.

The LOK-IT’s design advantage over conventional encrypted USB keys is hard to argue with – the key remains inside the drive and is never transferred to the PC, which would be a theoretical moment of vulnerability.

Tate’s characterisation of rival designs as insecure is not entirely without supporting evidence. In January, three vendors of supposedly secure USB sticks admitted that the encryption on their drives was vulnerable to a theoretical attack that could render data insecure. Not all the products mentioned were current but the warning over design assumptions was clear.

A second bonus is the LOK-IT’s OS-independent design, which means it can be plugged into any computer that supports USB storage. That also rules out the need for additional software.

At first sight, a slight disadvantage appears to be awkwardness of plugging a PIN into a drive while it is docked with a PC, but Tate confirmed that the code can be entered in advance of mounting the drive. Interestingly, expense doesn’t seem to be a major issue – the 4GB drive costs $62 (approx £40), in line with other corporate-level encrypted USB sticks.

LOK-IT’s makers have posted a video on YouTube explaining the design and doing the dirty on some of its rivals.