USB Armory is the Swiss army knife of security devices

A USB-stick computer built around a processor with strong security capabilities

Inverse Path's USB armory is a secure computer squeezed onto a USB device

Inverse Path's USB armory is a secure computer squeezed onto a USB device

"Where's Andrea?" That was the question on the lips of attendees at this week's No Such Con security conference.

They were looking for Andrea Barisani, Chief Security Engineer of Italian security consultancy Inverse Path, and more precisely the prototype USB security device he was carrying.

USB Armory looks like a fat USB memory stick, but it contains security features enabling it to act as a self-encrypting data store, a Tor router, a password locker and many other things.

Barisani arrived in Paris with five of the thumb-sized circuit boards but said he expects to go home to Trieste empty-handed, as interest in the USB Armory has been so high here. Each board contains a socket for a microSD card, an i.MX53 processor from Freescale Semiconductor, half a gigabyte of memory, and a row of gold-plated contacts in the form of a USB connector.

The miniature computer is about as powerful as the now-ubiquitous Raspberry Pi, he said. However, it has no connections for a screen, keyboard or power supply: just the bare minimum of processor, memory and storage. It relies on a host PC to provide power and communications through the USB connector, and loads its operating system from a microSD card. "We use Debian or Ubuntu by default," Barisani said.

The key to the device's power -- and what sets it apart from the many other USB stick computers out there -- is the choice of processor: the i.MX53 includes ARM's TrustZone trusted execution environment.

"It has a number of security properties, including secure boot," Barisani said.

The processor also has a trusted store for encryption keys, making it possible to turn USB Armory into a self-encrypting USB stick that can wipe the encryption keys if plugged into an unauthorized computer. The encrypted memory needn't appear as a local disk drive: "We can emulate a network device over the USB connection so we can communicate with it like any network drive," he said.

That network emulation has other security applications too, including providing secure access to remote computers over SSH or a VPN -- even from untrusted machines -- or allowing anonymous browsing over Tor without the need to install a Tor client on the PC.

"If I'm using an Internet kiosk I don't trust, I can't SSH into my system at home because I don't trust it with my password, and I don't have any keys on it. But I can plug this in and connect to it with a one-time password, and then SSH home from it using the stored key," explained Barisani.

Using the USB Armory as a Tor or VPN client involves routing traffic to the device. "It's pretty easy on Linux or Windows," he said.

Two such devices could be paired by exchanging encryption keys between them. Then their two owners would be able to encrypt and exchange files. "We could be communicating securely in a drag-and-drop way," he said.

"The idea is to provide a secure platform for personal security applications," he said. "Hopefully people will want to build apps on this in the same way they do for Arduino, Raspberry Pi and so on," he said.

While five lucky attendees of No Such Con will be heading home with a prototype USB Armory to play with, the rest of us will have to wait. Barisani expects to receive samples of the release candidate in two to three weeks, and Inverse Path will soon be taking pre-orders for the initial production run of a thousand or more, with delivery planned around the end of this year.

The notion of a secure USB device seems somehow incongruous in the light of the revelations at the BlackHat 2014 conference in July. There, Karsten Nohl of SR Labs demonstrated "BadUSB," a technique for reprogramming certain USB controller chips so they could infect PCs with malware. In early October other researchers released code that can replicate the BadUSB attack. Since then many USB devices have become suspect, as traditional security software running on host PCs cannot detect the attack, and there is no simple way to identify which devices may be vulnerable or untrustworthy.

Yet although USB Armory can be programmed to emulate all sorts of USB peripherals in software, it's invulnerable to the BadUSB attack, Barisani said. That's because once its OS and applications have been cryptographically signed, the processor's secure boot function can reject modified or unsigned code. With great power comes great responsibility, however: USB Armory's flexibility means it could be programmed to perform BadUSB attacks itself, or any number of other nefarious functions useful to white-hat pen testers and black-hat hackers alike.

Another key way in which USB Armory differs from vulnerable USB devices is in the supply chain bringing it to end users. What makes BadUSB such a threat is that its hard to tell what controller chip a USB device contains, or where the components came from, so you never know whether to trust a given USB device. Barisani, though, intends to be transparent about USB Armory's components: Inverse Path is offering the design as "open hardware," so if you don't trust the company's manufacturer, you can build a one for yourself using components from sources you do trust. The prototype USB Armory design files are on Github, and Inverse Path plans to post files for the production version as soon as it's ready for manufacturing.

Peter Sayer covers general technology breaking news for IDG News Service, with a special interest in open source software and related European intellectual property legislation. Send comments and news tips to Peter at peter_sayer@idg.com.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hardware systemslaptopsAccess control and authenticationDesktop securityInverse PathAndrea Barisani

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Peter Sayer

Peter Sayer

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?