Stealth is all about prevention. This small-form-factor USB micro hard drive, roughly the size of a pack of cards and weighing approximately a third of a pound, is the latest in secured drive offerings from Memory Experts International (MXI). It uses biometric authentication and 256-bit AES (Advanced Encryption Standard) hardware encryption to keep data safe from prying eyes.
Portable biometric authentication is nothing new, but with MXI’s Stealth you can also move data from machine to machine fairly easily, as this drive works with hardware running Windows, Apple and Linux OSes that support USB 2.0. There are two caveats: small storage capacity and no easy way to share encrypted storage space.
The Stealth unit has ruggedized rubber edges, which are nice if you accidentally drop the drive, but they make it difficult to slide it into your pocket. The unit comes with two USB cables and a USB micro connector on one side; on the back of the drive is a power connector so you may plug in the Stealth if the USB port doesn’t provide adequate power.
The Stealth micro drive I tested had a storage capacity of 2GB, decent enough for quite a few data applications and documents, but not stellar. However, I really liked the fact that the Stealth drive has its own on-board CPU, drivers, and hardware-based cryptographic engine — this way, authentication occurs on, and will never leave, the drive itself.
Stealth’s ACCESS Console administrative utility makes it easy to manage fingerprints and passwords. The drive itself is a user-focused device, so I had to run the ACCESS Console software off the provided CD to create users, enroll their fingerprints and passwords, and set up disk partitions and sizes.
ACCESS Console allows you to configure up to five users with two fingerprints each. Two different fingertips for authentication are requested — in case one is injured or for some reason the biometric scanner can’t read it. (For those curious about such matters, a severed cadaverous finger will only work until it dries out.)
Because I was the first to enroll, I was assigned a level of Administrator, with the capability to manage biometrics and associated drive access privileges. General Users have access only to their partition and the public partition. The two primary user applications are ACCESS Status and ACCESS Unlock. Status shows the current status of the drive; Unlock allows you to prepare the drive for a finger impression.
After I enrolled the users and chose authentication methods (biometric, password, or both), the drive became accessible upon connection via USB. The user runs either Status or Unlock utilities off the drive and provides authentication to unlock his or her specific user partition.
I would have liked to have been able to set a timer on the partition, as once the user’s partition becomes available, that user must run Status to lock the partition again. Users also have to use the Status application to lock the device before running the Windows Safely Remove Hardware applet. Pulling the drive without locking it and safely removing it from Windows results in possible data corruption.
The FMR (False Match Rate) controls the granularity of the fingertip scanner. The scanner was accurate with even the default setting — it occasionally asked me to rescan my fingertip, but it never incorrectly authenticated a user or locked me out of the drive.
An individual user stores sensitive documents in his or her own secure partition or shares documents in the public folder. Partitions, unfortunately, are tied to users (except for public). There are ways to create a shared encrypted partition, including creating a common password between two users on a third user’s account or making a third user out of other users’ separate fingerprints, but these methods are inelegant. It would be good to have a method for creating a shared encrypted partition in the administrator’s console.
A nice addition to the drive are the encryptable, hardware-based public and private stores, which are not accessible to the file system but can be used with MXI’s SDK. These stores can be used to integrate with applications for PKI and single sign-on, and come in at over 300K per Stealth user. With this capability, the Stealth drive becomes an extensible authentication method for enterprise applications.
Although Stealth might not save an organization from a malicious insider, it’s very usable. If the drive offered a user share-able encrypted partition and a larger capacity, I would recommend it whole-heartedly. As it is, it doesn’t bowl me over.