USB Armory: Open Source USB Stick Computer

$149,889 raised

of $65,000 goal

Funded! Order Now

Jan 31 2015

funded on

230%

funded

1,446

pledges

Product Choices

$130

USB Armory

An open-source computer on a stick - designed specifically for high-security application.


$30

32GB microSD Card w/ Debian Image

Debian 8 (Jessie) pre-loaded onto a Samsung EVO+ 32GB microSDHC, Class 10, UHS-1 memory card.


$10

USB Host Adapter

Allows the USB Armory to independently use a keyboard, USB display, USB mass storage devices, USB Wi-Fi dongle and more, just like a standard computer, without the need for a separate USB host, such as a laptop or desktop.


$15

Enclosure

Protect your armory with a snap-together 4-piece plastic enclosure.

Details

An open source USB stick computer for security applications.

As Featured In

ZDNet

ZDNet

Inverse Path USB armory: Secure computer on a stick

Boing Boing

Boing Boing

“Crowdfunding a USB-stick-sized, GNU/Linux-ready computer”

Geek Logo

Geek

“USB Armory puts penetration testing and Tor routing in a thumbdrive”

Hackaday

Hackaday

“This particular processor supports a few advanced security features such as secure boot and ARM TrustZone.”

PCWorld

“USB Armory is the Swiss army knife of security devices”

An open source USB stick computer for security applications.

The USB Armory is full-blown computer (800MHz ARM® processor, 512MB RAM) in a tiny form factor (65mm x 19mm x 6mm USB stick) designed from the ground up with information security applications in mind. Not only does the USB Armory have native support for many Linux distributions, it also has a completely open hardware design and a breakout prototyping header, making it a great platform on which to build other hardware.

Features and Specifications

Hardware

Software

The USB Armory hardware is supported by standard software environments and requires very little customization effort. In fact, vanilla Linux kernels and standard distributions run seamlessly on the tiny USB Armory board:

Connectivity

  • High Speed USB 2.0 On-The-Go (OTG) with full device emulation
  • full TCP/IP connection to/from USB Armory via USB CDC Ethernet emulation
  • flash drive functionality via USB mass storage device emulation
  • serial communication over USB or physical UART

Security

The ability to emulate arbitrary USB devices in combination with the i.MX53 SoC speed and fully customizable operating environment makes the USB Armory an ideal platform for all kinds of personal security applications. Not only is the USB Armory an excellent tool for testing the security of other devices, but it also has great security features itself:

  • ARM® TrustZone®
  • secure boot + storage + RAM
  • user-fused keys for running only trusted firmware
  • optional secure mode detection LED indicator
  • minimal design limits scope of supply chain attacks
  • great auditability due to open hardware and software

The support for ARM® TrustZone®, in contrast to conventional trusted platform modules (TPMs), allows developers to engineer custom TPMs by enforcing domain separation between the “secure” and “normal” worlds that propagates throughout all SoC components, as opposed to limited only to the CPU core.

Applications

$ ssh alice@10.0.0.1

Welcome to your USB armory :)

$ ▌

The following example security application ideas illustrate the flexibility of the USB Armory concept:

  • mass storage device with advanced features such as automatic encryption, virus scanning, host authentication and data self-destruct
  • OpenSSH client and agent for untrusted hosts (e.g Internet kiosks)
  • router for end-to-end VPN tunnelling
  • Tor bridge [see this, for example]
  • password manager with integrated web server
  • electronic wallet [the Electrum Bitcoin wallet works out of the box on the USB Armory. It has been tested with X11 forwarding from Linux as well as Windows hosts.]
  • authentication token
  • portable penetration testing platform
  • low level USB security testing

USB Host Adapter

As mentioned in the first campaign update, there is also a simple USB host adapter that, along with compiling the right Linux kernel modules, allows the USB Armory to independently use a keyboard, USB display, USB mass storage devices, USB WiFi dongle and more, just like a standard computer, without the need for a separate USB host, such as a laptop or desktop.

Connecting a powered USB hub to the adapter ensures that all the connected USB devices have enough power to perform their tasks. Additionally, a micro-USB cable we can power the USB Armory itself. Alternatively, a passive USB hub can be used and a micro-USB charger (such as ones used for most mobile phones) can provide power.

Enclosure

To keep your USB Armory protected and preserved, we’ve developed a custom enclosure in cooperation with Teko, an Italian company that specializes in high-quality enclosure solutions.

The official USB Armory enclosure is a four-piece design customized to accommodate and protect the USB Armory.

The enclosure is easily assembled by snapping together three separate body parts, one of which acts as a sliding cover for the microSD card. A small removable cap protects the 5-pin breakout header.

Note: A cap for the USB plug was included in earlier enclosures but later removed due to width tolerance issues.

Specifications:

  • Body: 61 x 24 x 9 mm
  • Plug cap: 12 x 23 x 7mm
  • Material: NEVIESTER EG83 (PETG)
  • Color: transparent

Community

The USB Armory is an open source hardware and software project created by Inverse Path, an Italian information technology consulting group specializing in securing critical embedded systems in the avionic, automotive, and industrial control sectors. The Inverse Path team, with the help of the open source community, will develop applications that explore the potential of the USB Armory. Please participate!

Ask a Question

Have a question not answered in the description above or in the Updates?

Ask Inverse Path a Question or Browse the Crowd Supply Knowledge Base

Credits

Inverse Path

Dedicated to secure software, hardware, and mission-critical IT infrastructures.


Andrea Barisani

Inverse Path

Andrej Rosano

Inverse Path

Daniele Bianco

Inverse Path


Teko

Enclosure design partner & manufacturer

Cipierre Elettronica

Recommended

PCB Assembler

TVR

Recommended

PCB Manufacturer

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects: