USB Armory Kit
The USB Armory Kit from Inverse Path is an open source hardware design, implementing a flash drive sized computer. The kit Includes a USB Armory, Enclosure, Host Adapter and SD Card. The SD Card is pre-loaded with Debian and can simplify the process of getting started with the device.
The compact USB powered device provides a platform for developing and running a variety of applications.
The security features of the USB Armory System on a Chip (SoC), combined with the openness of the board design, empower developers and users with a fully customizable USB trusted device for open and innovative personal security applications.
The hardware design features the Freescale i.MX53 processor, supporting advanced security features such as secure boot and ARM® TrustZone®.
The USB armory hardware is supported by standard software environments and requires very little customization effort. In fact vanilla Linux kernels and standard distributions run seamlessly on the tiny USB armory board.
- Freescale i.MX53 ARM® Cortex™-A8 800Mhz, 512MB DDR3 RAM
- USB host powered (<500 mA) device with compact form factor (65 x 19 x 6 mm)
- ARM® TrustZone®, secure boot + storage + RAM
- microSD card slot
- 5-pin breakout header with GPIOs and UART
- customizable LED, including secure mode detection
- excellent native support (Android, Debian, Ubuntu, Arch Linux)
- USB device emulation (CDC Ethernet, mass storage, HID, etc.)
- Open Hardware & Software
The USB armory board has been created by Inverse Path to support the development of a variety of security applications.
The capability of emulating arbitrary USB devices in combination with the i.MX53 SoC speed, the security features and the flexible and fully customizable operating environment, makes the USB armory the ideal platform for all kinds of personal security applications.
The transparency of the open and minimal design for the USB armory hardware facilitates auditability and greatly limits the potentiality and scope of supply chain attacks.
The secure boot feature allows users to fuse verification keys that ensure only trusted firmware can be ever executed on a specific USB armory board.
The support for ARM® TrustZone®, in contrast to conventional TPMs, allows developers to engineer custom trusted platform modules by enforcing domain separation, between the "secure" and "normal" worlds, that propagates throughout all SoC components, and therefore not only limited to the CPU core.
An excellent overview of the technology and its support for the i.MX53 SoC can be found at the Genode framework project.
Proof of concept applications have already been tested and will soon be released.
The following example security application ideas illustrate the flexibility of the USB armory concept:
- Hardware Security Module (HSM)
- file storage with advanced features such as automatic encryption, virus scanning, host authentication and data self-destruct
- OpenSSH client and agent for untrusted hosts (kiosk)
- Router for end-to-end VPN tunnelling, Tor
- Password manager with integrated web server
- Electronic wallet (e.g. pocket Bitcoin wallet)
- Authentication token
- Portable penetration testing platform
- Low level USB security testing
Standard connectivity options:
- HS USB 2.0 On-The-Go (OTG) with device emulation
- TCP/IP communication via CDC Ethernet emulation
- Flash drive functionality via mass storage device emulation
- Serial communication over USB or physical UART
- USB Armory Kit
- In The Box: 1x USB Armory, 1x USB Armory - Enclosure, 1x USB Armory - Host Adapter, includes a 32GB SD Card with Debian
- Dimensions: USB Armory: 65mm x 19mm x 6mm, Enclosure: 61 x 24 x 9 mm, Plug Cap: 13 x 23 x 7 mm, Host Adapter: 42 x 19 x 11 mm
- Weight: 22 g
- Manufacturer: Inverse Path
- Made In: Italy
- SD Card
- Storage Capacity: 32GB
- OS: Debian_jessie-base_image-20170518
- Type: Class 10 Micro SDHC up to 48MB/s with Adapter