Off to a good start

The campaign is off to a good start with over 50% of the funding goal met in just a week. We are confident enough that we will meet the goal that we have ordered the first batch of 100 boards from PCBWay. We’ve also open sourced the PCB layout under the CERN OHL v1.2 license and put it on GitHub.

Our tooling firm Sea Sky Tooling has made the cosmetic improvements we suggested to the enclosure and we expect to receive new samples within a week. We are hopeful that we we will be able to approve the samples and make a volume order immediately. We will release the Freecad design files for the enclosure soon as well, but they need some tidying first. The firmware and client code will take more time as many features are in early development.

Throughout the campaign we’re going to get into the details of some of the security features that are described relatively briefly in the campaign text. As these features mature we will produce video demos of them as well. This week we want to talk about one-time-use volumes. They are an important feature because they require little effort to use but have significant security value.

In depth look: One time use volumes

For many people the primary role of a flash drive is only to transfer files from one computer to another. This often results in files from previous transfers accumulating on the drive. Since often times the transfer is to a computer owned by a different person the risk of over-sharing information is high.

Signet HC’s one-time use volumes solve this problem by automatically erasing themselves the second time the device is plugged in after the volume was created. During the first mount after creation the volume becomes read-only — this is when the files will likely be copied at a different computer. The second time the device is plugged in after creation the device simultaneously begins erasing all of the sectors written to the volume and creating a new one-time-use volume to restart the process. The newly created volume wont be scheduled for erasing until you start populating it.

One-time-use volumes have an advantage over encrypted volumes since they do not require running the client software. Although the client software should always be present on the device some users might not be comfortable with an unfamiliar program being run on their computer. The fact that the client is not involved also makes it easy to get other people to transfer files to you securely.

One-time-use volumes are also more secure than simply attempting to remember to clean up unencrypted drives used for transfers. Simply deleting the files will only delete file meta-data and not the file’s contents, making it possible for the files to be exposed via widely available forensics software. Another problem is that every time you forget to clean up the drive makes it potentially more difficult to clean up later. When there are old files on a volume it’s easy to become more uncertain about which files are still needed and harder to confidently clear the volume. By making the sanitization of the volume a matter of policy one-time-use volumes encourage you to keep a clear separation between media used to transfer and media used for longer term storage.

One-time-use volumes implementation

The process that allows a one-time-use volume to be reused needs to securely erase all of the data used by the previous one-time-use volume. To accomplish this without making the user wait for the entire volume to be erase before a new one is created the device erases sectors in a background process. The device maintains a list of sectors that need to be erased and whenever the device is not reading or writing data it erases sectors from the list.

To avoid needing to erase the entire one-time-use volume each time a write occurs the written sectors are added to an occupancy array. When a volume needs to be destroyed the occupied sectors are added to the erase list. It’s possible that the device could become unplugged before all sectors are erased. However the erase list is persistent so all old data will be securely erased as soon as possible.

What’s next

Next we’re going to be working on finishing porting the Signet firmware to Signet HC and creating a volume manager in the Signet GUI. This will allow you to decide what kind of volumes you want to create on the device and how much space to allocate to each one. Our next in-depth look will likely be on multi-profile support, another feature with a lot of value for both high and medium security needs.