Combines protection for encryption keys, data, and device’s firmware into portable storage solution.
by StorageNewsletter.com
Portable storage solutions need to balance accessibility and security: They need to be simple to use and compact enough for the owners to carry around, but secure enough to prevent other people from simply picking it up and accessing its contents.
F-Secure Corp.’s Armory Drive aims to strike this balance by providing an encrypted storage solution that runs on the USB armory – a tiny secure-by-design computer.
The solution consists of 2 components: Firmware for the USB armory, and an iOS app. The firmware (a free download for current USB armory owners) adds Armory Drive functionality to the USB armory. The iOS app turns users’ iPhones into an authentication mechanism for data contained on microSD cards encrypted by the solution.
Click to enlarge
Access to the device owner’s iPhone and paired USB armory are required to access the contents protected by the system. These 2 components work together to prevent unauthorized access to data, even if the microSD card or USB armory is lost, or stolen by an experienced attacker.
The system also prevents exposing the solution’s encryption keys to laptops or desktops, which helps protect that information from untrusted or compromised computers.
“The USB armory has been embraced by companies, security professionals, and others with the technical expertise and need for a secure computing platform. However, everyone needs secure storage and providing it is well within the USB armory’s capabilities. F-Secure Armory Drive makes those capabilities accessible to anyone looking for secure, portable, limitless storage,” said Andrea Barisani, head, hardware security,.
While other secure USB drives include protection for data and encryption keys, the introduction of measures to secure the system’s firmware is one of Armory Drive’s more unique strengths. Barisani and his team achieved this by combining the USB armory’s Secure Boot capabilities with a Google transparency framework (*) – one of the first implementations of this framework for binary transparency.
Thanks to this innovation, any firmware update pushed to the USB armory undergoes additional authentication by both the desktop installer as well as the device itself. The additional authentication protects the system from compromise via a malicious update – a common tactic in supply chain attacks.
“F-Secure’s adoption of Firmware Transparency sets a great example of how device manufacturers can proactively help mitigate supply chain risks,” said Ryan Hurst, product manager, Google.
In addition to USB armory’s existing features, Armory Drive’s capabilities and benefits include:
- Control multiple units from a single mobile device
- Runs on any desktop or laptop without additional drivers or software
- Combination of multifactor authentication and full-disk encryption protects data on lost or stolen units
- Encrypt (AES) an unlimited number of microSD cards, providing unrestricted secure storage capability through one device
- Out-of-band unlock with authenticated, encrypted Bluetooth session prevents exposure of encryption keys, even to compromised or untrusted computers