The USB armory from Inverse Path is an open source hardware design, implementing flash drive sized Full blown computer (800MHz ARM® processor, 512MB RAM) in a tiny form factor (65mm x 19mm x 6mm USB stick) designed from the ground up with information security applications in mind. Not only does the USB Armory have native support for many Linux distributions, it also has completely open hardware design and a breakout prototyping header, making it a great platform on which to build other hardware.
Last time I got the chance to ask Andrea Barisani, the Co-Founder of Inverse Path about the USB armory stick and its applications. Inverse Path the company behind making this tiny USB stick is an international consultancy that provides information technology consulting from hardware design (automotive, avionics and industrial systems) to low level web applications. As I asked Andrea Barisani about how the idea of making a secure USB stick started she said:
The idea started with the simple need of a customizable USB device, that could be used for open source encrypted storage. There are a lot of “black box” commercial solutions that claim to provide secure and hardware encrypted USB drives, however the vast majority of such solutions is either vulnerable to simple hardware attacks or not transparent enough in credential/keys protection.
Further development of the concept raised more and more the idea that a generic Linux based environment is great asset on such a compact device, being able to present more “rich” interfaces while being 100% customizable.
The device was funded through a CrowdSupply campaign and they raised an amount of $130,000, the Co-founder of Inverse path said that the campaign helped them in visibility and in understanding how much interest there were in the USB armory.
Why do I need USB armory?
The main purpose of the USB armory is to be a bootable device, however its OS environment can be configured to emulate arbitrary USB devices, including a mass storage device.
The USB armory is a platform that provides an extremely convenient development environment, as it is standard Linux device, therefore it can serve all kinds of server applications.
As an example, INTERLOCK application provides a file encryption front-end developed, but not limited to, usage with the USB armory.
The file manager allows uploading/downloading of files to/from the encrypted partition, as well as symmetric/asymmetric cryptographic operations on the individual files. Additionally, secure messaging and file sharing is supported with an optional built-in Signal/TextSecure client.
The company focus mainly on security, promoting its use for encrypted storage, HSM and so on, and users are utilizing it for all kind of purposes such as Tor routers, password managers, Bitcoin wallets…
With the use of the host adapter the USB armory can also be used stand-alone, meaning that it becomes easy, with a USB hub, to use it as a Wi-Fi router.
Additionally, some people are using it for non-security applications, leveraging on its small form factor and openness as a generic embedded device.
How does the Encryption work inside the USB?
The USB armory of course can only be as secure as the code that is executed on it. We emphasized the need for a familiar and commonly used environment, such as full blown Linux OS, to avoid custom developed encryption code/firmware. The encryption that is promoted with tools such as INTERLOCK, leverages on the standard Linux Unified Key Setup (LUKS), which is the same framework that
encrypts root filesystems on Linux machines.
USB device emulation:
We leverage on the Linux-USB Gadget API Framework which is included in the vanilla Linux kernel.
This Linux-USB API easily expose RNDIS/Ethernet Gadget interfaces, which emulate a network card over USB, making accessing the USB armory just like connecting to a TCP/IP server. The framework has predefined gadgets for emulating devices such as serial adapters or mass storage drives, alternatively custom modules can be added to emulate arbitrary devices. This also makes the USB armory as a great tool for USB testing and fuzzing, in fact we routinely use it in our penetration testing with very effective results.
Anybody can code applications for it whether high or low level. We had users that contributed code ranging from high level applications, such as a password manager, to low level OS support, such as the recent support on the XNU kernel.
Again we praise the fact that the USB armory is a standard Linux device with support of major distributions, therefore it is quite easy to develop for it.
Features and Specifications:
- Freescale i.MX53 ARM® Cortex™-A8 800MHz
- 512MB DDR3 RAM
- USB host powered (<500mA)
- Dimensions : 65mm x 19mm x 6mm
- user-controllable LED
- 7-pin breakout header [pinout of GPIOs, UART, and power]
- microSD card slot
- 100% open source hardware [source files and wiki]
The USB Armory hardware is supported by standard software environments and requires very little customization effort. In fact, vanilla Linux kernels and standard distributions run seamlessly on the tiny USB Armory board:
- boots off of microSD card [or via USB serial downloader]
- native support for Android, Debian, Ubuntu, FreeBSD
- USB device emulation [CDC Ethernet, mass storage, HID, etc.]
- High Speed USB 2.0 On-The-Go (OTG) with full device emulation
- full TCP/IP connection to/from USB Armory via USB CDC Ethernet emulation
- flash drive functionality via USB mass storage device emulation
- serial communication over USB or physical UART
The ability to emulate arbitrary USB devices in combination with the i.MX53 SoC speed and fully customizable operating environment makes the USB Armory an ideal platform for all kinds of personal security applications. Not only is the USB Armory an excellent tool for testing the security of other devices, but it also has great security features itself:
- ARM® TrustZone®
- secure boot + storage + RAM
- user-fused keys for running only trusted firmware
- optional secure mode detection LED indicator
- minimal design limits scope of supply chain attacks
- great auditability due to open hardware and software