"This particular processor supports a few advanced security features such as secure boot and ARM TrustZone."

An open source USB stick computer for security applications.

The USB Armory is full-blown computer (800MHz ARM® processor, 512MB RAM) in a tiny form factor (65mm x 19mm x 6mm USB stick) designed from the ground up with information security applications in mind. Not only does the USB Armory have native support for many Linux distributions, it also has a completely open hardware design and a breakout prototyping header, making it a great platform on which to build other hardware.

Features and Specifications

Hardware

Software

The USB Armory hardware is supported by standard software environments and requires very little customization effort. In fact, vanilla Linux kernels and standard distributions run seamlessly on the tiny USB Armory board:

Connectivity

High Speed USB 2.0 On-The-Go (OTG) with full device emulation

full TCP/IP connection to/from USB Armory via USB CDC Ethernet emulation

flash drive functionality via USB mass storage device emulation

serial communication over USB or physical UART

Security

The ability to emulate arbitrary USB devices in combination with the i.MX53 SoC speed and fully customizable operating environment makes the USB Armory an ideal platform for all kinds of personal security applications. Not only is the USB Armory an excellent tool for testing the security of other devices, but it also has great security features itself:

ARM® TrustZone®

secure boot + storage + RAM

user-fused keys for running only trusted firmware

optional secure mode detection LED indicator

minimal design limits scope of supply chain attacks

great auditability due to open hardware and software

The support for ARM® TrustZone®, in contrast to conventional trusted platform modules (TPMs), allows developers to engineer custom TPMs by enforcing domain separation between the "secure" and "normal" worlds that propagates throughout all SoC components, as opposed to limited only to the CPU core.

Applications

$ ssh alice@10.0.0.1 Welcome to your USB armory :) $ ▌

The following example security application ideas illustrate the flexibility of the USB Armory concept:

mass storage device with advanced features such as automatic encryption, virus scanning, host authentication and data self-destruct

OpenSSH client and agent for untrusted hosts (e.g Internet kiosks)

router for end-to-end VPN tunnelling

Tor bridge [see this, for example]

password manager with integrated web server

electronic wallet [the Electrum Bitcoin wallet works out of the box on the USB Armory. It has been tested with X11 forwarding from Linux as well as Windows hosts.]

authentication token

portable penetration testing platform

low level USB security testing

USB Host Adapter

As mentioned in the first campaign update, there is also a simple USB host adapter that, along with compiling the right Linux kernel modules, allows the USB Armory to independently use a keyboard, USB display, USB mass storage devices, USB WiFi dongle and more, just like a standard computer, without the need for a separate USB host, such as a laptop or desktop.

Connecting a powered USB hub to the adapter ensures that all the connected USB devices have enough power to perform their tasks. Additionally, a micro-USB cable we can power the USB Armory itself. Alternatively, a passive USB hub can be used and a micro-USB charger (such as ones used for most mobile phones) can provide power.

Enclosure

To keep your USB Armory protected and preserved, we’ve developed a custom enclosure in cooperation with Teko, an Italian company that specializes in high-quality enclosure solutions.

The official USB Armory enclosure is a four-piece design customized to accommodate and protect the USB Armory.

The enclosure is easily assembled by snapping together three separate body parts, one of which acts as a sliding cover for the microSD card. A small removable cap protects the 5-pin breakout header.

Note: A cap for the USB plug was included in earlier enclosures but later removed due to width tolerance issues.

Specifications:

Body: 61 x 24 x 9 mm

Plug cap: 12 x 23 x 7mm

Material: NEVIESTER EG83 (PETG)

Color: transparent

Community

The USB Armory is an open source hardware and software project created by Inverse Path, an Italian information technology consulting group specializing in securing critical embedded systems in the avionic, automotive, and industrial control sectors. The Inverse Path team, with the help of the open source community, will develop applications that explore the potential of the USB Armory. Please participate!

Manufacturing Plan

Three major revisions of the USB Armory (alpha, beta and release candidate) have been prototyped and manufactured, a local Italian manufacturer has been selected, and the first batch is ready for production.

The funds raised by this campaign will go toward covering the cost of parts, fabrication, assembly, and shipping. A margin for unexpected expenses and application development has been reserved, but otherwise the price has been kept as low as possible in order to make the USB Armory a reality.

There are no bulk discounts or early bird deals to ensure that everyone has the possibility of obtaining the USB Armory at the lowest price.

At present, an Italian board fabricator and assembly house will produce the USB Armory and all units will be shipped to backers of the campaign through Crowd Supply’s fulfillment service in the US.

First 40 Units Ship Immediately

The first 40 USB Armory units sold will be shipped as soon as the campaign has reached its funding goal. These units have already been produced as part of the final test batch and are identical to those that will be in the main production run, which will ship approximately six weeks after the campaign reaches its funding goal.