F-Secure Armory Drive - Secure Storage for Unlimited Data


Thread author
Staff member
Malware Hunter
Jul 27, 2015

Portable storage solutions need to balance accessibility and security: They need to be simple to use and compact enough for the owners to carry around, but secure enough to prevent other people from simply picking it up and accessing its contents. F-Secure Armory Drive aims to strike this balance by providing an encrypted storage solution that runs on the USB armory – the world’s smallest secure-by-design computer.

The solution consists of two components: Firmware for the USB armory, and an iOS app. The firmware (a free download for current USB armory owners) adds F-Secure Armory Drive functionality to the USB armory. The iOS app turns users’ iPhones into an authentication mechanism for data contained on microSD cards encrypted by the solution. Access to the device owner’s iPhone and paired USB armory are required to access the contents protected by the system. These two components work together to prevent unauthorized access to data, even if the microSD card or USB armory is lost, or stolen by an experienced attacker. The system also prevents exposing the solution’s encryption keys to laptops or desktops, which helps protect that information from untrusted or compromised computers.
“The USB armory has been embraced by companies, security professionals, and others with the technical expertise and need for a secure computing platform. However, everyone needs secure storage and providing it is well within the USB armory’s capabilities. F-Secure Armory Drive makes those capabilities accessible to anyone looking for secure, portable, limitless storage,” said F-Secure Head of Hardware Security Andrea Barisani, whose team designed the USB armory and F-Secure Armory Drive.

While other secure USB drives include protection for data and encryption keys, the introduction of measures to secure the system’s firmware is one of F-Secure Armory Drive’s more unique strengths. Barisani and his team achieved this by combining the USB armory’s Secure Boot capabilities with a Google transparency framework* – one of the first successful implementations of this framework for binary transparency. Thanks to this innovation, any firmware update pushed to the USB armory undergoes additional authentication by both the desktop installer as well as the device itself. The additional authentication protects the system from compromise via a malicious update – a common tactic in supply chain attacks.