Review: SecBox - Biometrics Meets Encryption
Officially, SecBox is a hardware authentication and encryption device that strives to provide secure means of data transmission over insecure networks (which means any network, potentially).
The device offers several features. It can act as a worldwide private VPN. It also supports 4.5 Mbps encrypted data flow, but the vendor claims that the product can actually support up to 18 Mbps incoming or outgoing data stream. SecBox has built-in NAT and firewall functionality.
The device also uses TPM. Just like Mr. Phelps' tape, the SecBox's embedded TPM will self-destruct if tampered with (although it was not possible to confirm if that happens in five seconds). For extra protection, the electronics are completely housed in epoxy. SecBox uses a patented encryption technology called MVCN.
Suggested scenarios for use include: for extra security of an IP phone to IP phone call, creating secure connections for project development teams or providing secure access to a terminal server.
There are four ports on the device; a LAN Ethernet port, and Internet Ethernet port, and a USB A and USB port. The device can be powered via USB or with a DC 5v adapter.
For testing, the device's Internet port was connected to a switch on the test network and the LAN port was connected to a stand-alone laptop's Ethernet port. Power to the SecBox was provided by the laptop's USB. Windows' Hardware Wizard detects the device as an RNDIS/Ethernet gadget. Reviewers installed the SecBox's drivers which are on the CD shipped with the product.
The SecBox acts as a DHCP sever, dynamically allocating an IP address to the laptop. The laptop was able to connect to all resources on the test LAN, including a SAN and printer, and was able to use the test network's Internet access.
The device has an additional port to connect USB devices without the need to connect them to a machine. SecBox cannot mount USB devices without partition tables, however.
When the management GUI first starts up, the user is prompted to input a username. Next, the interface prompts for a fingerprint scan. The wizard displays a "scan complete" after the finger scan (three scans are needed). If the scan is not successful, there is the option the "Restart Scan."
This is where reviewers ran into a road block. After spending an hour scanning and using various Reviewer's fingers, still no luck. Even abiding by the user guide's list of "fingerprint scan rules," among them being scan must be perpendicular to the device, scan must be done fast and without hesitiation, and scan must be done with the device at room temperature, the SecBox was unable to processes the finger swipe.
Unfortunately, this is a required step to continue through the Web management interface setup, so needless to say, that setup was abandoned.
Test Center reviewers are still awaiting word from Navayo as to why the finger scan could not complete. This product has great potential as a cost-effective way to implement heightened security over networks, pairing an apparently strong encryption method with biometrics. However, the biometric portion has to work.