Never Ending Security

It starts all here

New Ways for Detecting modified (disk) firmware with USB Armory

The USB Armory is a crowd-funded hardware project led by a company
called Inverse Path [1].
After having watched a presentation they made at 31c3 [2], I sense that
it is very promising device. It is essentially a full-flavored computer
the size of an USB key, with allegedly a “Trusted Boot” feature. Some
characteristics :

– Freescale i.MX53 ARM Cortex-A8 with ARM Trust Zone for security
– Runs Linux kernel.
– MicroSD slot for storage.
– Emulation of USB devices (Storage, Network Controller, …)

The device is programmable, and allows code to be signed with user’s own
keys, although the presentation was not very technical on this subject.

Example use cases are encrypted storage and Key Management for anything,
passwords or Bitcoin wallet with keys not leaking to host.

So to sum up, it would offer a wide range of secure computing
applications that will rely a lot on the security scheme offered by ARM
Trust Zone. The code integrity mechanism is assured by 4 secure
registers that can hold the user’s keys to sign to code.

Hopefully, it is an open-source and “open-hardware” initiative [3], so
it will be open for reviews and developers’ ideas. The presenter assured
that ARM’s technology was not encumbered too much with NDAs.

Anyway the interesting feature is that it is a whole Linux computer that
implements a mass storage device for example. So in a way, you control
the (virtual) firmware and can force a screening procedure of every file
before it reaches storage.

Although it does nothing to the actual storage firmware, that is the
MicroSD firmware. This is still wide open to attacks. But this device
offer a chance to, e.g., monitor its behavior, and I/O transfers.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s