An Authentication Middleware for Prevention of Information Theft

Information theft or data leakage is a growing concern for companies as well as individual users. Intruders can easily copy huge amount of confidential data using hand-held devices such as USB flash drives, iPods, digital cameras or any other external storage devices. Data theft can simply occur through both insiders and outsiders of a corporation. It is becoming the biggest challenge for corporates, since the storage devices are becoming smaller in size, easier to use, have higher capacity and data transmission speed. Furthermore, these devices can easily be misplaced or stolen and sensitive data can easily be exposed. In this paper we present a multilevel password verification system for prevention of information theft by removable devices to protect data leakage by various portable devices. Our proposed system consists of three main modules: 1) portable storage device monitoring, 2) activity logging and data encryption, and 3) device authorization. These modules corporate with each other to provide required security, and prevent information theft from the individual users and companies.