Encrypted USB drive offers secure storage
F-Secure Armory Drive combines protection for encryption keys, data, and the device’s firmware into a user-friendly portable storage solution.
Portable storage solutions need to balance accessibility and security: They need to be simple to use and compact enough for the owners to carry around, but secure enough to prevent other people from simply picking it up and accessing its contents. F-Secure Armory Drive aims to strike this balance by providing an encrypted storage solution that runs on the USB armoury, the world’s smallest secure-by-design computer.
The solution consists of two components: Firmware for the USB armoury, and an iOS app. The firmware (a free download for current USB armoury owners) adds F-Secure Armoury Drive functionality to the USB armoury. The iOS app turns users’ iPhones into an authentication mechanism for data contained on microSD cards encrypted by the solution.
Access to the device owner’s iPhone and paired USB armoury are required to access the contents protected by the system. These two components work together to prevent unauthorized access to data, even if the microSD card or USB armoury is lost, or stolen by an experienced attacker.
The system also prevents exposing the solution’s encryption keys to laptops or desktops, which helps protect that information from untrusted or compromised computers.
“The USB armoury has been embraced by companies, security professionals, and others with the technical expertise and need for a secure computing platform. However, everyone needs secure storage and providing it is well within the USB armoury’s capabilities. F-Secure Armory Drive makes those capabilities accessible to anyone looking for secure, portable, limitless storage,” said F-Secure Head of Hardware Security Andrea Barisani, whose team designed the USB armoury and F-Secure Armory Drive.
While other secure USB drives include protection for data and encryption keys, the introduction of measures to secure the system’s firmware is one of F-Secure Armory Drive’s more unique strengths. Barisani and his team achieved this by combining the USB armoury’s Secure Boot capabilities with a Google transparency framework.
Thanks to this innovation, any firmware update pushed to the USB armoury undergoes additional authentication by both the desktop installer as well as the device itself. The additional authentication protects the system from compromise via a malicious update, a common tactic in supply chain attacks.
“F-Secure's adoption of Firmware Transparency sets a great example of how device manufacturers can proactively help mitigate supply chain risks,” said Ryan Hurst, Product Manager, Google.
In addition to the USB armoury’s existing features, F-Secure Armory Drive’s capabilities and benefits include:
- Control multiple units from a single mobile device
- Runs on any desktop or laptop without additional drivers or software
- Combination of multifactor authentication and full-disk encryption protects data on lost or stolen units
- Encrypt (AES) an unlimited number of microSD cards, providing unrestricted secure storage capability through one device
- Out-of-band unlock with authenticated, encrypted Bluetooth session prevents exposure of encryption keys, even to compromised or untrusted computers