tags:

views:

59

answers:

3
+5  Q: 

What's the best way to authorize a USB Key

We have an auto update for our software that is installed via USB key (with the auto run). If I wanted to ensure that only authorized USB Keys were used, what's the best way?

Our installer is already signed, and it won't run otherwise. But I'm more wanting to inspect the USB Key for a signed installer, and if it's not there, just ignore, or even "Eject" the USB device.

And I should be able to tell the difference (in code) between a usb storage device, and say a camera, or keyboard.

I'm only wanting to disable non-authorized storage devices.

Thank you for your ideas.

+4  A: 

non-authorized storage devices? This depends on how secure you want it to be. For the most secure level, it would consist of:

  • special firmware written to the flash drive to get extra "meta info" (read: expensive custom manufacturing of flash drives)
  • special windows driver to read that meta info from the flash drive
  • your program talking to that device driver to confirm it's authorized.

Or to the least secure level you have these options:

  • using a hidden file and a special key(possibly hashed time of last filesystem modification or something?) (dd breakable)
  • dropping below the filesystem level and recreating your own very simple filesystem.. (more security through obscurity though and dd could break that)

Also, for the "most secure" option, you really need a more secure way of running the program than auto-run and a device driver(which could be half-baked to make anything appear authorized). Why do you want it to only update from an authorized flash drive anyway?

Earlz  2010-04-13 19:29:27
I'm just trying to make sure the avg Joe can't stick a usb key in, and get an autorun window.In a perfect world, I could attach to a windows event of "New USB Device Found" whatever that is ... inspect the device, if it's storage look for a known signed piece of software and run it. If that software isn't found - just ignore the device.
ScottCate  2010-04-13 21:11:07
Yea, I'd go with that and/or @pkaeding's answer then. I wasn't sure on how secure you needed it to be.
Earlz  2010-04-13 21:46:06
+2  A: 

You might be able to read the USB drive's serial number (assuming you get USB drives that have serial numbers; not all do). Then your application could call home to get the latest list of authorized serial numbers, and check to see if there is a match.

pkaeding  2010-04-13 19:38:37
Thats a good "secure to most people" approach +1. (can always be faked with a microcontroller or custom device driver though)
Earlz  2010-04-13 19:42:06
A: 

Earlz response is good, though I don't think you'd need custom manufacturing of flash drives... you would just need flash drives with some sort of unique firmware encrypted identifier. Perhaps something in the Kingston Data Traveler Line might do the trick. (I've never actually used one of these encrypted usb sticks, so I'm a bit foggy on the actual implementation details).

Dan  2010-04-13 19:38:58

related questions

Join multiple XML files with xinclude tags into single file
Find all available JREs on Mac OS X from Java application installer
Microsoft SQL Server 2005 service fails to start
What could be good ways to deploy ASP.Net Web Applications?
How to add uninstall option in .NET Setup Project?
How do you find out the ProductCode from a .Net Installer class custom action
VS 2005 Installer Project Version Number
Why does Vista not allow creation of shortcuts to "Programs" on a NonAdmin account? Not supposed to install apps from NonAdmin account?
Uninstall Command Fails Only in Release Mode
Targeting with VS 2008 after installing SP1 of .NET 3.5
.Net 3.5 silent installer?
What does the EXE do in the Visual Studio setup project output
How to embed user-specific data in .NET windows setup app at setup download time?
custom action dll in managed code
stopping MSI from launching an EXE in the SYSTEM context
Python distutils - does anyone know how to use it?
What is the "best" simple install system for XP/Vista?
Pushing out MSI files
I/O permission settings using .net installer
How can in install VS 2008 without using ~6.5GB of space on my C drive?
Best Way To Determine If .NET 3.5 Is Installed
How do I make a custom .net client profile installer?
Add .NET 2.0 SP1 as a prerequisite for deployment project
What is the best choice for building Windows installers?
What is the best way to deploy a VB.NET application?