"Where's Andrea?" That was the question on the lips of attendees at this week's No Such Con security conference.
They were looking for Andrea Barisani, Chief Security Engineer of Italian security consultancy Inverse Path, and more precisely the prototype USB security device he was carrying.
"http://inversepath.com/usbarmory.html">USB Armory" looks like a fat USB memory stick, but it contains security features enabling it to act as a self-encrypting data store, a Tor router, a password locker and many other things.
Barisani arrived in Paris with five of the thumb-sized circuit boards but said he expects to go home to Trieste empty-handed, as interest in the USB Armory has been so high here. Each board contains a socket for a microSD card, an i.MX53 processor from Freescale Semiconductor, half a gigabyte of memory, and a row of gold-plated contacts in the form of a USB connector.
The miniature computer is about as powerful as the now-ubiquitous Raspberry Pi, he said. However, it has no connections for a screen, keyboard or power supply: just the bare minimum of processor, memory and storage. It relies on a host PC to provide power and communications through the USB connector, and loads its operating system from a microSD card. "We use Debian or Ubuntu by default," Barisani said.
The key to the device's power — and what sets it apart from the many other USB stick computers out there — is the choice of processor: the i.MX53 includes ARM's TrustZone trusted execution environment.
"It has a number of security properties, including secure boot," Barisani said.
The processor also has a trusted store for encryption keys, making it possible to turn USB Armory into a self-encrypting USB stick that can wipe the encryption keys if plugged into an unauthorized computer. The encrypted memory needn't appear as a local disk drive: "We can emulate a network device over the USB connection so we can communicate with it like any network drive," he said.
That network emulation has other security applications too, including providing secure access to remote computers over SSH or a VPN — even from untrusted machines — or allowing anonymous browsing over Tor without the need to install a Tor client on the PC.
"If I'm using an Internet kiosk I don't trust, I can't SSH into my system at home because I don't trust it with my password, and I don't have any keys on it. But I can plug this in and connect to it with a one-time password, and then SSH home from it using the stored key," explained Barisani.
Using the USB Armory as a Tor or VPN client involves routing traffic to the device. "It's pretty easy on Linux or Windows," he said.
Sign up for Computerworld eNewsletters.