Cryptographic Protection of Removable Media with a USB Interface for Secure Workstation for Special Applications

Abstract

This paper describes one of the essential elements of Secure Workstation for Special Applications (SWSA) to cryptographic protection of removable storage devices with USB interface. SWSA is a system designed to process data classified to different security domains in which the multilevel security is used. The described method for protecting data on removable Flash RAM protects data against unauthorized access in systems processing the data, belonging to different security domains (with different classification levels) in which channel the flow of data must be strictly controlled. Only user authenticated by the SWSA can use the removable medium in the system, and the data stored on such media can be read only by an authorized user by the SWSA. This solution uses both symmetric and asymmetric encryption algorithms. The following procedures are presented: creating protected a file (encryption), generating signatures for the file and reading (decryption) the file. Selected elements of the protection systems implementation of removable Flash RAM and the mechanisms used in implementation the Windows have been described.