Helsinki, Finland - December 07, 2021: Portable storage solutions need to balance accessibility and security: They need to be simple to use and compact enough for the owners to carry around, but secure enough to prevent other people from simply picking it up and accessing its contents. F-Secure Armory Drive aims to strike this balance by providing an encrypted storage solution that runs on the USB armory - the world's smallest secure-by-design computer.
The solution consists of two components: Firmware for the USB armory, and an iOS app. The firmware (a free download for current USB armory owners) adds F-Secure Armory Drive functionality to the USB armory. The iOS app turns users' iPhones into an authentication mechanism for data contained on microSD cards encrypted by the solution.
Access to the device owner's iPhone and paired USB armory are required to access the contents protected by the system. These two components work together to prevent unauthorized access to data, even if the microSD card or USB armory is lost, or stolen by an experienced attacker.
The system also prevents exposing the solution's encryption keys to laptops or desktops, which helps protect that information from untrusted or compromised computers.
"The USB armory has been embraced by companies, security professionals, and others with the technical expertise and need for a secure computing platform. However, everyone needs secure storage and providing it is well within the USB armory's capabilities. F-Secure Armory Drive makes those capabilities accessible to anyone looking for secure, portable, limitless storage," said F-Secure Head of Hardware Security Andrea Barisani, whose team designed the USB armory and F-Secure Armory Drive.
While other secure USB drives include protection for data and encryption keys, the introduction of measures to secure the system's firmware is one of F-Secure Armory Drive's more unique strengths. Barisani and his team achieved this by combining the USB armory's Secure Boot capabilities with a Google transparency framework* - one of the first successful implementations of this framework for binary transparency.
Thanks to this innovation, any firmware update pushed to the USB armory undergoes additional authentication by both the desktop installer as well as the device itself. The additional authentication protects the system from compromise via a malicious update - a common tactic in supply chain attacks.
"F-Secure's adoption of Firmware Transparency sets a great example of how device manufacturers can proactively help mitigate supply chain risks," said Ryan Hurst, Product Manager, Google.
In addition to the USB armory's existing features, F-Secure Armory Drive's capabilities and benefits include:
Control multiple units from a single mobile device
Runs on any desktop or laptop without additional drivers or software
Combination of multifactor authentication and full-disk encryption protects data on lost or stolen units
Encrypt (AES) an unlimited number of microSD cards, providing unrestricted secure storage capability through one device
Out-of-band unlock with authenticated, encrypted Bluetooth session prevents exposure of encryption keys, even to compromised or untrusted computers
More information on F-Secure Armory Drive, including order information for individuals and organizations, is available here: https://www.f-secure.com/armory-drive.
Additional technical details and support resources are available on GitHub: https://github.com/f-secure-foundry/armory-drive.