|
|
Software Based
Encryption |
Hardware Based
Encryption |
Smart Card Based
Encryption |
|
Bruteforce Attacks
(including
parallel attacks) |
Difficult to prevent |
Prevented by blocking
copying of data in its encrypted form from the device to the host
memory. |
Immune to attack as
encrypted data is never copied the device to the host memory. |
|
Security of
Encryption Key at rest/after operation
(e.g. resistance to
Cold Boot Attacks) |
Can be prevented if
secure memory is available on the PC |
Prevented by not
using RAM or other common memory space to store encryption keys, and by
the fact that the keys never leave the USB flash drive |
Immune to attack as
encryption keys are generated and stored on tamperproof smart card and
never leave the USB flash drive |
|
Security of
Encryption Key in operation
(e.g. resistance to fault attacks, decompiling, dumping, debugging etc.) |
Encryption key can be
access through various software attacks |
Encryption key can be
accessed through various hardware attacks (Controller Memory could be
dumped; Controller software could be reversed etc.) |
Encryption key cannot
be accessed as it is copied from SC to controller memory only, after
user is successfully authenticated |
|
Attacks on
Authentication Counter leading to Bruteforce Attacks |
Not applicable |
Resistant to software
attacks.
Possible physical attacks on auth counter management (dump / restore
after decrement, fault attack on decrement etc.) |
Software and hardware
attacks Prevented by EAL4+ tamper resistant storage location. Cannot be
compromised and counter decrement cannot be avoided |
|
Malicious code |
No way to prevent if
the PC and its OS are infected |
Prevented by using a
security system independent of the PC and its OS |
Prevented by using a
security system independent of the PC and its OS |
|
Always-on Encryption |
Can be disabled by
user or attacker |
Built into device.
Encryption is automatic |
Built into device.
Encryption is automatic |
|
Performance |
Slower, since
existing processing capacity is used |
Fast, since dedicated
hardware is used for encryption processes |
Fast, since dedicated
smart card hardware is used for encryption processes |
