USB armory Mk II: A secure computer on a USB stick featuring open source hardware design
The hardware security professionals at F-Secure have created a new version of the USB armory – a computer on a USB stick built from the ground up to be secure.
USB armory Mk II
The USB armory Mk II entrenches security in its lowest levels and is suitable for a wide range of applications – such as custom hardware security modules, cryptocurrency wallets, secure authentication and licensing tokens, and more – that need the efficiency and flexibility of an embedded computer without sacrificing security.
The team designed the device in response to security problems encountered when hardware begins to overlap with firmware. As a result, the device represents state-of-the-art orchestration between software, firmware and hardware, while offering a wide variety of security features and high computational power in the smallest of form factors.
“We routinely provide our customers with security reviews and security engineering services, which makes us both breakers and makers of technology. This gives us the ability to provide state-of-the-art security in our consulting practice. The USB armory’s hardware and software implementation clearly demonstrates this,” says F-Secure Head of Hardware Security Andrea Barisani. “Our continuous research into systems and methods to advance the state of embedded computing security has driven the development of the USB armory, which in turn allows us to build all kinds of secure systems for our customers.”
Security features
The USB armory Mk II’s security features include internal and external cryptographic coprocessors, a true random number generator, secure boot capabilities, and more. These features harden the device against a variety of attacks, including physical tampering techniques that can compromise low-level processes like boot protocols.
It’s the extra attention paid to these security issues that make the USB armory uniquely suitable for processing information critical to the integrity of a system.
“The USB armory’s emphasis on using hardware and software to protect data critical to a system’s foundation, such as authentication keys for boot processes, is why it’s ideal for use as a cryptocurrency wallet, data storage unit, hardware security module, or other application where security and system integrity are the most important considerations,” says Barisani. “We’re seeing more embedded computers with unpatchable, exploitable hardware issues. I feel very strongly that the capabilities the USB armory gives companies address a very real, and potentially very serious, security problem.”
Open source ecosystem
Furthermore, Barisani says the USB armory’s open source ecosystem ensures that the platform can evolve and grow to support an ever-expanding range of uses, and cites his recently announced TamaGo project as an example of how the platform is evolving.
“Our new TamaGo project enables the USB armory, and in the future more platforms, to run bare metal applications written entirely in Go, therefore without the burden of an underlying OS. We’re hoping this supports the creation of pure Go firmware for all kinds of system-on-chips, dramatically reducing the attack surface and eliminating the need for any C code,” Barisani explains.