IEEE 1667 is a standard published and maintained by the IEEE that describes various methods for authenticating transient storage devices such as USB flash drives when they are inserted into a computer.

Since the protocol is universal, it means that will be platform independent of operating system.

Implementations

On 25th November 2008 Microsoft

Microsoft

Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

 announced that IEEE 1667 will be implemented on Windows 7.

The IEEE 1667 Smart Card Transport Silo

Use IEEE 1667 to communicate with a secure module

What does it bring to IEEE 1667?

• Leverage Smart Cards use cases and standards
• Potential extension to an authentication silo

What does it bring to Smart Card systems?

• Leverage IEEE 1667 new transports
• Improves discovery mechanisms and integration in OS

Use cases: examples & standards

• Automatic login (PIV)
• Biometry / Fingerprint matching (ISO 19794-2& ISO 7816-11)
• PKI Cryptographic Services (PKCS#11 & CAPI)

Simple encapsulation transport

• Command / response nature of Smart Card exchanges maps well on P_OUT / P_IN pairs
• One command to encapsulate an existing command protocol: Message Exchange
• For flexibility, the silo supports different encapsulation protocols
• Additional commands to detect & manage silo capabilities: GetSCTS Transport Mode Description, Set SCTS Transport Mode
• Three transports encapsulation supported for now:
  • ICCD
  • CCID
  • “Raw” APDUs (An APDU is encapsulated in a transport protocol, itself encapsulated in an IEEE 1667 command)

The IEEE 1667 TCG Storage Silo

Provides an IEEE 1667 interface to a TCG storage device
http://www.trustedcomputinggroup.org

TCG Storage Silo functionality includes:

• Establish a communication channel to the TPer
• Obtain configuration information from the TPer
• Send TCG commands to the TPer
• Receive TCG responses from the TPer
• Reset TPer communications channel

TCG Storage Silo functionality can be implemented at multiple levels

• The Storage Device can natively include both the TCG Storage Silo and the TPer
• The Storage Device can include a bridge which:
  • supports a device which implements both the TCG Storage Silo and the TPer. This bridge passes IEEE 1667 commands to this device.
  • supports a device which implements a TPer, (but not the TCG Storage Silo). This bridge implements the TCG Storage Silo, passing TPercommands to the device, and/or
  • supports a device which implements neither a TPernor a TCG Storage Silo. This bridge implements the TCG Storage Silo and the TPer, not passing IEEE 1667 or TPercommands to the device

The IEEE 1667 Password Silo

Each device must have at least one ACT with at least one Authentication Silo

The Password Silo is an Authentication Silo initially developed to the External IEEE 1667 Silo guidelines

Password functionality includes

• Password storage with protected media access

• Single Password or Dual Password usage

• Device User and Device Administrator roles

• Authenticated command sequences to

• • Create, validate and remove passwords

• • Lock and unlock media access

• Command sequences for a silo to

• • Report silo cryptographic capabilities

• • Report silo status

• • A Mutual Challenge Handshake Authentication Protocol sequence

This silo uses simple cryptography:

• HASH algorithms (SHA)

• Random Number Generators

Figure from IEEE 1667-2009 specification

The Password Silo’s Mutual CHAP Sequence

In this sequence:

1. the host requests authentication from the device (stage 1 );
2. the host authenticates to the device (stage 2);
3. If the device authenticates to the host, a command is executed (stage 3)

The IEEE 1667 Certificate Authentication Silo (CAS)

Each device must have at least one ACT with at least one Authentication Silo

CAS functionality includes

• Certificate storage with protected access
• Commands to request, set, get, validate and delete X.509 certificates and certificate chains
• Command sequences for the CAS to:
  • identify silo Manufacturer,
  • set and validate Provisioners,
  • set and validate allowed Hosts,
  • report silo cryptographic capabilities, and
  • report silo status.

The IEEE 1667 External IEEE 1667™ Silos

External IEEE 1667 Silos are defined outside of the IEEE 1667 committee, while some behavior is constrained by the IEEE 1667 specifications:

• the functionality included in such silos may be proprietarily defined by the silo provider; and

• driver support may be proprietary

External IEEE 1667 Silo IDs can currently be requested from the IEEE 1667 committee, but this will be changing to the IEEE Registration Authority

Figure from IEEE 1667-2009 specification

The IEEE 1667 Probe Silo

• Each ACT must have one Probe Silo
• The Probe functionality allows a host to identify itself to the device
  • Host OS + Host OS version
  • Implemented IEEE 1667 version
  • The Probe Silo enumerates and identifies every silo in the ACT (including itself)
  • Silo Type Identifier
  • Implemented IEEE 1667 version
  • The Probe Silo enables a negotiation between the host and device for which IEEE 1667 version will be supported

Figure from IEEE 1667-2009 specification

External links

• Rich, Donald "Authentication in Transient Storage Device Attachments" ^{requires subscription}. In IEEE Computer.
• Standards Working Group Website http://ieee1667.com/