This web site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To find out more and change your cookie settings, please
Full computer on a USB stick
Provides a separate, portable operating system
Enterprise: Secure portable thin client environment
Most attacks to steal crypto keys / sensitive data won't work
Encrypted storage for general users
Open hardware/ active community
Consumer level features aren't available yet
Requires technical acumen (currently in Alpha)
Extremely bright flashing LED
Attack surface is tight, but not airtight
Limited out-of-the-box uses
App development is mostly in 'idea' stage
($130) is a little USB stick with an entire computer onboard (800MHz ARM processor, 512MB RAM), designed to be a portable platform for personal security applications.Crowdfunded in January 2015, it received
from security professionals and enthusiasts hoping the device would live up to its pre-launch aspirations to be "the Swiss Army Knife of security devices." It released shortly afterward, and was quickly considered the 'real deal' in opposition to the market rush of crowdfunding campaigns for dubious and fraudulent security devices hurrying to cash in on consumer hunger for a security-in-a-box solution.
If you see these claims, run.
This week,
for the conference's 2015 briefings, raising the device's profile even higher.Inverse Path's Andrea Barisani reached out to me in April, to say that the armory was almost ready for the first release of , the first USB armory app, for file system encryption.Barisani explained, "The application allows to use the USB armory for storing, encrypting/decrypting files with either OpenPGP or symmetric AES cipher executed directly on the USB device." He added,
Advanced capabilities such as disposable passwords further enhance the use of the USB armory for private and confidential open source encryption in a compact and portable device.As far as we know this is the first and only device that enables such functionality with 100% open hardware and open source software in such a compact form factor.Inverse Path then sent me one USB armory, with a pre-imaged microSD card with the INTERLOCK application, for review.First Impressions
In truth, I wasn't the first in my house to engage with the USB armory. The first one to try out the device was my 5-month-old kitten, who stole the device off my desk in the night and tested it as a cat toy.I found the armory with little chew marks and scratches from being batted around on hardwood floors. Stealing my armory became a fascination for the kitten, a worry with its exposed board.Later, I was pleased to discover that despite it not having an enclosure, the device showed no adverse affects of Max's untoward, though no doubt well-intentioned, affections. The .
For future enterprise users, once the right web apps are written, the USB armory can be a portable thin client environment.
My very first impression of the USB armory, after wrangling it for longer than I'll ever admit just to get it open, is that it's not yet ready for "normal" people -- and this is disappointing for consumers who need plug-and-play security solutions (such as those listed ).If and when these things do happen with the USB armory (and for me, this can't happen fast enough), this device will change the security landscape as we know it, forever, and in ways that could rock the current manipulations of corporations and governments alike to their very foundations. And I mean that in the best way possible for the empowered netizen, one who wants to personally protect and control their personal digital privacy and security -- carrying their data and apps around with them on a secure stick.In its current state, it's pretty dreamy for most hackers and infosec pros (it's especially sexy for pentesters), but right now it's too deep for non-technical people. It's not "Tor in a box" -- though it's set to absolutely be way, way more than that.Its new
makes it great for easy file encryption and general encrypted file storage, and I found out that it'll be out of Beta soon.At Black Hat USA 2015 (August 1-6), Barisani told me that when he gives his talk, "," Inverse Path will publish the first official INTERLOCK release.Barisani added that their next project set includes, "Textsecure/Signal protocol integration, so that the device can also be used for encrypted communication as well."USB Armory Documentation ; Board schematics, layout, supportSpecifications USB armory hardware design uses the Freescale i.MX53 processor, supporting secure boot and ARM TrustZone.The USB armory hardware is supported by standard s it runs vanilla Linux kernels and standard distributions.Freescale i.MX53 ARM Cortex-A8 800Mhz, 512MB DDR3 RAMUSB host powered (&500 mA) device with compact form factor (65 x 19 x 6 mm)ARM(R) TrustZone, secure boot + storage + RAMmicroSD card slot5-pin breakout header with GPIOs and UARTcustomizable LED, including secure mode detectionexcellent native support (Android, Debian, Ubuntu, Arch Linux)USB device emulation (CDC Ethernet, mass storage, HID, etc.)Open Hardware and SoftwareDigging InAs I mentioned, the USB armory is a full computer on a wee tiny USB stick. This means that when you plug the armory into a powered USB port running any operating system, the chip on the armory will boot and run the operating system written to the SD card plugged into the SD card slot.It provides a separate operating system (and can be a different OS) from the one on your desktop, laptop, or server.
Why do many boards leave IT security primarily to security technicians, and why can’t techies convince their boards to spend scarce cash on protecting stakeholder information? We offer guidance on how to close the IT security governance gap.
This is useful if you want to segregate duties and provide separate (more secure) environments for development, or in many cases, services of different security levels.Built-in proxies can be run separate from the main operating system to make sure when connecting to the internet you can limit what information is shared about you (though this requires technical setup at this time).The USB armory I received had an early version of INTERLOCK on board, an encrypted storage and app system viewed by web browser over an SSL connection with a locally encrypted (SSL) certificate.This limits many (but not all) types of attacks between the user's computer and the armory.All you need is a standard browser to use INTERLOCK; users don't have to worry if it's a Mac, Linux or Windows OS -- the USB protocol is standard.A regular user (one who's not technically competent) can plug the armory into a USB port on their computer, and navigate to this web address:
to the log-in page. After logging in, users see a dashboard reminiscent of Google Drive in its very early days.On the INTERLOCK page, users can upload files (up to the size max on their SD card), and these files are encrypted upon upload. Users can also zip or unzip files,
or encrypt or decrypt files further.Because of the segregation of hardware and operating system (to a specific degree), many types of attacks to steal crypto keys and sensitive data will not work. An attacker could, if designed right, have a very limited attack surface here.Keylogging on whatever current keyboard you're plugged into could still happen: Your password can be captured, but the separate (very long) keys stored on the armory won' an attacker still has to get them from the device, meaning that even with keylogging, Armory communications are still secure.
1 - 5 of 6
Although the software is in Beta state, the USB armory is relatively easy to use and shows great promise -- especially when web app development gets going within the armory's already enthusiastic communities.Because it's a complete operating system under the hood, anyone can write a web-based application and run it directly on the USB armory -- and not connect to the internet, or only do so to gain access to services you use.For instance, easily within reach would be an out-of-the-box PGP email experience that would allow users to manage encrypted messages over email with simple to follow dialogue boxes (for, say, our wonderfully paranoid friends who don't want to store their encryption keys on a laptop, and keep it on a separate piece of hardware).For future enterprise users, once the right web apps are written, the USB armory can be a portable thin client environment. So if something happens to an employee's laptop on a trip, they'd just plug the armory stick into a new laptop or kiosk. and they'd have their entire work environment right there, secure and ready to go.As it's a full computer, users can install a LAMP stack and WordPress on the device, and do all your web testing without ever having to run your server on the internet.The armory could also double as a cold storage Bitcoin wallet. The possibilities here are really remarkable.
Kick off your day with ZDNet's . It's the freshest tech news and opinion, served hot.
Virtualization
Please review our terms of service to complete your newsletter subscription
I agree to the ,
I understand I will receive a complimentary subscription to TechRepublic's News and Special Offers newsletter, and the Daily Digest newsletter (you can opt out at any time).
ACCEPT & CLOSE
You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the .USB Armory is the Swiss army knife of security devices | ITworld
Insider email
USB Armory is the Swiss army knife of security devices
A USB-stick computer built around a processor with strong security capabilities
Use commas to separate multiple email addresses
Inverse Path's USB armory is a secure computer squeezed onto a USB device
IDG News Service/Peter Sayer
More good reads
"Where's Andrea?" That was the question on the lips of attendees at this week's No Such Con security conference.They were looking for Andrea Barisani, Chief Security Engineer of Italian security consultancy Inverse Path, and more precisely the prototype USB security device he was carrying. looks like a fat USB memory stick, but it contains security features enabling it to act as a self-encrypting data store, a Tor router, a password locker and many other things.Barisani arrived in Paris with five of the thumb-sized circuit boards but said he expects to go home to Trieste empty-handed, as interest in the USB Armory has been so high here. Each board contains a socket for a microSD card, an i.MX53 processor from Freescale Semiconductor, half a gigabyte of memory, and a row of gold-plated contacts in the form of a USB connector. The miniature computer is about as powerful as the now-ubiquitous Raspberry Pi, he said. However, it has no connections for a screen, keyboard or power supply: just the bare minimum of processor, memory and storage. It relies on a host PC to provide power and communications through the USB connector, and loads its operating system from a microSD card. "We use Debian or Ubuntu by default," Barisani said.The key to the device's power -- and what sets it apart from the many other USB stick computers out there -- is the choice of processor: the i.MX53 includes ARM's TrustZone trusted execution environment."It has a number of security properties, including secure boot," Barisani said.The processor also has a trusted store for encryption keys, making it possible to turn USB Armory into a self-encrypting USB stick that can wipe the encryption keys if plugged into an unauthorized computer. The encrypted memory needn't appear as a local disk drive: "We can emulate a network device over the USB connection so we can communicate with it like any network drive," he said. That network emulation has other security applications too, including providing secure access to remote computers over SSH or a VPN -- even from untrusted machines -- or allowing anonymous browsing over Tor without the need to install a Tor client on the PC."If I'm using an Internet kiosk I don't trust, I can't SSH into my system at home because I don't trust it with my password, and I don't have any keys on it. But I can plug this in and connect to it with a one-time password, and then SSH home from it using the stored key," explained Barisani.Using the USB Armory as a Tor or VPN client involves routing traffic to the device. "It's pretty easy on Linux or Windows," he said.Two such devices could be paired by exchanging encryption keys between them. Then their two owners would be able to encrypt and exchange files. "We could be communicating securely in a drag-and-drop way," he said."The idea is to provide a secure platform for personal security applications," he said. "Hopefully people will want to build apps on this in the same way they do for Arduino, Raspberry Pi and so on," he said.While five lucky attendees of No Such Con will be heading home with a prototype USB Armory to play with, the rest of us will have to wait. Barisani expects to receive samples of the release candidate in two to three weeks, and
for the initial production run of a thousand or more, with delivery planned around the end of this year.The notion of a secure USB device seems somehow incongruous in the light of the revelations at the BlackHat 2014 conference in July. There, Karsten Nohl of SR Labs demonstrated . In early October other . Since then many USB devices have become suspect, as traditional security software running on host PCs cannot detect the attack, and there is no simple way to identify which devices may be vulnerable or untrustworthy.Yet although USB Armory can be programmed to emulate all sorts of USB peripherals in software, it's invulnerable to the BadUSB attack, Barisani said. That's because once its OS and applications have been cryptographically signed, the processor's secure boot function can reject modified or unsigned code. With great power comes great responsibility, however: USB Armory's flexibility means it could be programmed to perform BadUSB attacks itself, or any number of other nefarious functions useful to white-hat pen testers and black-hat hackers alike.Another key way in which USB Armory differs from vulnerable USB devices is in the supply chain bringing it to end users. What makes BadUSB such a threat is that its hard to tell what controller chip a USB device contains, or where the components came from, so you never know whether to trust a given USB device. Barisani, though, intends to be transparent about USB Armory's components: Inverse Path is offering the design as "open hardware," so if you don't trust the company's manufacturer, you can build a one for yourself using components from sources you do trust. The prototype , and Inverse Path plans to post files for the production version as soon as it's ready for manufacturing.Peter Sayer covers general technology breaking news for IDG News Service, with a special interest in open source software and related European intellectual property legislation. Send comments and news tips to Peter at .
The hit list
Start your new computer off right with solid security tools, productivity software, and other programs...
Newsletters
Sign up and receive the latest news, reviews and trends on your favorite technology topics.
Get our Daily News newsletter
Computerworld readers rate AT&T, Sprint, T-Mobile and Verizon on network speed, reliability, value and...
Amazon's Echo, Echo Dot and Tap devices can do more than just check the weather and sling playlists. We...
Start your new computer off right with solid security tools, productivity software, and other programs...
Plug in a Wemo Switch, download the free app, and start controlling your lights and appliances from...
Put down that lab-grown meat burger and slimy Soylent shake. Silicon Valley has a better idea than...比特客户端
您的位置：
详解大数据
详解大数据
详解大数据
详解大数据
USB军火库――安全设备中的瑞士军刀
关键字：USB 安全设备 产品
　　上周在巴黎举办的2014“天下无欺”国际大会(No Such Con )上，由意大利逆径安全咨询公司(Inverse Path)的首席安全工程师安德里亚?巴利桑尼(Andrea Barisani)带来的一款USB安全设备――USB军火库(USB Armory)轰动全场，受到了极大的关注。这个小小的东西看起来就像一个U盘，但却集成了自加密、Tor、密码保险箱等诸多安全特性。在 其只有拇指大小的电路板上，集成了microSD卡槽、i.MX53以及USB插头。
　　像树莓派(Raspberry Pi)这样的小微计算机如今已经非常强大，然而这个USB军火库却既不能连接显示屏，也不能连接键盘或电源，除了微处理器、内存和存储空空如也。它依赖 USB插头连接的主机为其供电和进行通讯，并从microSD卡上加载，使用的是Debian或系统。它和其他USB微机的不同之 处，在于其选择的是包含有’s TrustZone可信执行环境技术的i.MX53处理器。该处理器具备包含安全启动在内的一系统安全特性。
　　该处理器还可以实现加密密钥的可信存储功能，这就让USB军火库变成了一支自加密的优盘，而且还可以实现在其插入未经授权电脑时清除加密密钥。加密数据也无 须存储在本地存储，完全可以通过USB连接，模拟设备，实现与所有网盘一样的通讯。网络模拟还包含其他一些安全应用程序，可以让不受信任的机器通过或安全地接入远程计算机，也可以通过Tor进行匿名浏览而不必在电脑上安装Tor客户端。
　　巴 利桑尼解释说，“如果我使用的是不受信任的网络，我就不能通过SSH连接到我家里的电脑，因为我担心密码泄露，而且我也没有密钥。那我就可以插入USB军 火库，用一次性密码进行连接，使用存储在上面的密钥通过SSH连接到我家里的电脑。将USB军火库作为Tor客户端或VPN客户端使用，就像使用路由一 样，无论是还是Windows都非常简单。”
　　两个USB军火库还可以通过交换加密密钥进行配对，配对后两个USB军火库的所有 者就都能够进行加密和交换文件，通过拖放的方式进行安全的通讯。“我们的理念就是要为个人安全应用程序提供一个安全平台，希望人们可以像在 Arduino、树莓派上一样构建应用程序，”巴利桑尼说。
　　参加大会的与会者将会有五个人有幸将USB军火库的原型带回去把玩，剩下的人就只能等了。巴利桑尼有望在两到三周内获得即将公布的样机模型，逆径公司也将很快就能接受到上千个甚至更多的最初预订，预计在今年年底左右就可以交付。
　　因 为七月举办的2014黑帽子大会的曝光，安全USB设备的概念似乎受到了一定程度的不利影响。大会上，德国安全公司SR实验室(SR Labs)的卡斯滕?诺尔(Karsten Nohl)展示了一种名叫“BadUSB”的可以通过对特定USB控制器进行重新编码而让电脑感染恶意软件的技术。十月初，有研究人员发布了可以复制 BadUSB攻击的代码。从那这后，许多USB设备都成了嫌疑，因为运行在主机电脑上的传统安全软件无法检测到该攻击，也没有简单的方法来识别哪些设备可 能会有漏洞或不可信任。
　　虽然USB军火库可以通过软件编程模仿成各种各样的USB周边设备，但在BadUSB攻击面前还是无懈可击的。这 是因为其操作系统和应用程序一旦经过加密认证，处理器的安全引导功能就可以拒绝对源码进行修改或认证去除。然而，能力越强，责任越大，对于白帽子渗透测试 人员来说，USB军火库的灵活性意味其可以通过编程来自己实现类似攻击的BadUSB攻击或很多的其他攻击。
　　USB军火库与那些不堪 一击的USB设备与众不同的另一个关键点，在于其到达终端用户的供应链。造成BadUSB攻击威胁如此之大的根本原因，是因为你根本搞不清USB设备中集 成了什么控制芯片、组件来自何方，所以你永远都无法信任这样的一个设备。而巴利桑尼则于USB军火库组件的透明化，逆径公司提供的是“开源硬件”设计，如果你信不过该公司的制造商，你完全可以使用自己信任的组件重新打造一个。USB军火库原型的设计资料就放在开源代码库Github上，而根据逆径 公司计划，一旦满足生产条件，生产版本的相关资料也将第一时间发布。
相关文章：
[ 责任编辑：小石潭记 ]
去年，手机江湖里的竞争格局还是…
甲骨文的云战略已经完成第一阶段…
软件信息化周刊
比特软件信息化周刊提供以数据库、操作系统和管理软件为重点的全面软件信息化产业热点、应用方案推荐、实用技巧分享等。以最新的软件资讯，最新的软件技巧，最新的软件与服务业内动态来为IT用户找到软捷径。
商务办公周刊
比特商务周刊是一个及行业资讯、深度分析、企业导购等为一体的综合性周刊。其中，与中国计量科学研究院合力打造的比特实验室可以为商业用户提供最权威的采购指南。是企业用户不可缺少的智选周刊！
比特网络周刊向企业网管员以及网络技术和产品使用者提供关于网络产业动态、技术热点、组网、建网、网络管理、网络运维等最新技术和实用技巧，帮助网管答疑解惑，成为网管好帮手。
服务器周刊
比特服务器周刊作为比特网的重点频道之一，主要关注x86服务器，RISC架构服务器以及高性能计算机行业的产品及发展动态。通过最独到的编辑观点和业界动态分析，让您第一时间了解服务器行业的趋势。
比特存储周刊长期以来，为读者提供企业存储领域高质量的原创内容，及时、全面的资讯、技术、方案以及案例文章，力求成为业界领先的存储媒体。比特存储周刊始终致力于用户的企业信息化建设、存储业务、数据保护与容灾构建以及数据管理部署等方面服务。
比特安全周刊通过专业的信息安全内容建设，为企业级用户打造最具商业价值的信息沟通平台，并为安全厂商提供多层面、多维度的媒体宣传手段。与其他同类网站信息安全内容相比，比特安全周刊运作模式更加独立，对信息安全界的动态新闻更新更快。
新闻中心热点推荐
新闻中心以独特视角精选一周内最具影响力的行业重大事件或圈内精彩故事，为企业级用户打造重点突出，可读性强，商业价值高的信息共享平台；同时为互联网、IT业界及通信厂商提供一条精准快捷，渗透力强，覆盖面广的媒体传播途径。
云计算周刊
比特云计算周刊关注云计算产业热点技术应用与趋势发展，全方位报道云计算领域最新动态。为用户与企业架设起沟通交流平台。包括IaaS、PaaS、SaaS各种不同的服务类型以及相关的安全与管理内容介绍。
CIO俱乐部周刊
比特CIO俱乐部周刊以大量高端CIO沙龙或专题研讨会以及对明星CIO的深入采访为依托，汇聚中国500强CIO的集体智慧。旨为中国杰出的CIO提供一个良好的互融互通 、促进交流的平台，并持续提供丰富的资讯和服务，探讨信息化建设，推动中国信息化发展引领CIO未来职业发展。
IT专家新闻邮件长期以来，以定向、分众、整合的商业模式，为企业IT专业人士以及IT系统采购决策者提供高质量的原创内容，包括IT新闻、评论、专家答疑、技巧和白皮书。此外，IT专家网还为读者提供包括咨询、社区、论坛、线下会议、读者沙龙等多种服务。
X周刊是一份IT人的技术娱乐周刊，给用户实时传递I最新T资讯、IT段子、技术技巧、畅销书籍，同时用户还能参与我们推荐的互动游戏，给广大的IT技术人士忙碌工作之余带来轻松休闲一刻。
微信扫一扫
关注Chinabyte