Encrypted USB drive offers secure storage for unlimited data

December 2021 by Marc Jacob

Portable storage solutions need to balance accessibility and security: They need to be simple to use and compact enough for the owners to carry around, but secure enough to prevent other people from simply picking it up and accessing its contents. F-Secure Armory Drive aims to strike this balance by providing an encrypted storage solution that runs on the USB armory – the world’s smallest secure-by-design computer.

The solution consists of two components: Firmware for the USB armory, and an iOS app. The firmware (a free download for current USB armory owners) adds F-Secure Armory Drive functionality to the USB armory. The iOS app turns users’ iPhones into an authentication mechanism for data contained on microSD cards encrypted by the solution.

Access to the device owner’s iPhone and paired USB armory are required to access the contents protected by the system. These two components work together to prevent unauthorized access to data, even if the microSD card or USB armory is lost, or stolen by an experienced attacker.

The system also prevents exposing the solution’s encryption keys to laptops or desktops, which helps protect that information from untrusted or compromised computers.

While other secure USB drives include protection for data and encryption keys, the introduction of measures to secure the system’s firmware is one of F-Secure Armory Drive’s more unique strengths. Barisani and his team achieved this by combining the USB armory’s Secure Boot capabilities with a Google transparency framework* – one of the first successful implementations of this framework for binary transparency.

Thanks to this innovation, any firmware update pushed to the USB armory undergoes additional authentication by both the desktop installer as well as the device itself. The additional authentication protects the system from compromise via a malicious update – a common tactic in supply chain attacks.

In addition to the USB armory’s existing features, F-Secure Armory Drive’s capabilities and benefits include:

• Control multiple units from a single mobile device

• Runs on any desktop or laptop without additional drivers or software

• Combination of multifactor authentication and full-disk encryption protects data on lost or stolen units

• Encrypt (AES) an unlimited number of microSD cards, providing unrestricted secure storage capability through one device

• Out-of-band unlock with authenticated, encrypted Bluetooth session prevents exposure of encryption keys, even to compromised or untrusted computers