USB Armory is the Swiss army knife of security devices

A USB-stick computer built around a processor with strong security capabilities

Inverse Path's USB armory is a secure computer squeezed onto a USB device

Inverse Path's USB armory is a secure computer squeezed onto a USB device

"Where's Andrea?" That was the question on the lips of attendees at this week's No Such Con security conference.

They were looking for Andrea Barisani, Chief Security Engineer of Italian security consultancy Inverse Path, and more precisely the prototype USB security device he was carrying.

USB Armory looks like a fat USB memory stick, but it contains security features enabling it to act as a self-encrypting data store, a Tor router, a password locker and many other things.

Barisani arrived in Paris with five of the thumb-sized circuit boards but said he expects to go home to Trieste empty-handed, as interest in the USB Armory has been so high here. Each board contains a socket for a microSD card, an i.MX53 processor from Freescale Semiconductor, half a gigabyte of memory, and a row of gold-plated contacts in the form of a USB connector.

The miniature computer is about as powerful as the now-ubiquitous Raspberry Pi, he said. However, it has no connections for a screen, keyboard or power supply: just the bare minimum of processor, memory and storage. It relies on a host PC to provide power and communications through the USB connector, and loads its operating system from a microSD card. "We use Debian or Ubuntu by default," Barisani said.

The key to the device's power -- and what sets it apart from the many other USB stick computers out there -- is the choice of processor: the i.MX53 includes ARM's TrustZone trusted execution environment.

"It has a number of security properties, including secure boot," Barisani said.

The processor also has a trusted store for encryption keys, making it possible to turn USB Armory into a self-encrypting USB stick that can wipe the encryption keys if plugged into an unauthorized computer. The encrypted memory needn't appear as a local disk drive: "We can emulate a network device over the USB connection so we can communicate with it like any network drive," he said.

That network emulation has other security applications too, including providing secure access to remote computers over SSH or a VPN -- even from untrusted machines -- or allowing anonymous browsing over Tor without the need to install a Tor client on the PC.

"If I'm using an Internet kiosk I don't trust, I can't SSH into my system at home because I don't trust it with my password, and I don't have any keys on it. But I can plug this in and connect to it with a one-time password, and then SSH home from it using the stored key," explained Barisani.

Using the USB Armory as a Tor or VPN client involves routing traffic to the device. "It's pretty easy on Linux or Windows," he said.

Two such devices could be paired by exchanging encryption keys between them. Then their two owners would be able to encrypt and exchange files. "We could be communicating securely in a drag-and-drop way," he said.

"The idea is to provide a secure platform for personal security applications," he said. "Hopefully people will want to build apps on this in the same way they do for Arduino, Raspberry Pi and so on," he said.

While five lucky attendees of No Such Con will be heading home with a prototype USB Armory to play with, the rest of us will have to wait. Barisani expects to receive samples of the release candidate in two to three weeks, and Inverse Path will soon be taking pre-orders for the initial production run of a thousand or more, with delivery planned around the end of this year.

The notion of a secure USB device seems somehow incongruous in the light of the revelations at the BlackHat 2014 conference in July. There, Karsten Nohl of SR Labs demonstrated "BadUSB," a technique for reprogramming certain USB controller chips so they could infect PCs with malware. In early October other researchers released code that can replicate the BadUSB attack. Since then many USB devices have become suspect, as traditional security software running on host PCs cannot detect the attack, and there is no simple way to identify which devices may be vulnerable or untrustworthy.

Yet although USB Armory can be programmed to emulate all sorts of USB peripherals in software, it's invulnerable to the BadUSB attack, Barisani said. That's because once its OS and applications have been cryptographically signed, the processor's secure boot function can reject modified or unsigned code. With great power comes great responsibility, however: USB Armory's flexibility means it could be programmed to perform BadUSB attacks itself, or any number of other nefarious functions useful to white-hat pen testers and black-hat hackers alike.

Another key way in which USB Armory differs from vulnerable USB devices is in the supply chain bringing it to end users. What makes BadUSB such a threat is that its hard to tell what controller chip a USB device contains, or where the components came from, so you never know whether to trust a given USB device. Barisani, though, intends to be transparent about USB Armory's components: Inverse Path is offering the design as "open hardware," so if you don't trust the company's manufacturer, you can build a one for yourself using components from sources you do trust. The prototype USB Armory design files are on Github, and Inverse Path plans to post files for the production version as soon as it's ready for manufacturing.

Peter Sayer covers general technology breaking news for IDG News Service, with a special interest in open source software and related European intellectual property legislation. Send comments and news tips to Peter at peter_sayer@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Andrea Barisanisecurityhardware systemsAccess control and authenticationDesktop securityInverse Pathencryptionlaptops

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?