News

  • Home > News

        Bootable USB stick includes encrypted Windows Embedded OS

        Jonathan Angel | Date: Feb 2, 2010 | Comments: 1


        Spyrus has used Windows Embedded Standard 2009 to build a bootable, USB-based security device. Employing encrypted storage, the Hydra PC Secure Pocket Drive lets users access their data and browse the Internet safely via computers that would otherwise be untrustworthy, the company says.

        Spyrus has previously marketed a variety of USB drives and other storage devices, offering encrypted storage via embedded microSD cards that are sealed in tamper-proof epoxy. (Some of these cards apparently sport Infineon SLE66CX642P security controller chips -- PDF link, here.) The company says its security technology has been designed and developed entirely in the USA, meeting FIPS 140-2 standards. The cryptographic algorithms employed are "the strongest commercially available," including elliptic curve cryptography (ECC), AES, and SHA-2, collectively known as Suite B, the company adds.

        While these devices protected data, however, users were still vulnerable in cases where they attempted to browse the web or run software on untrusted computers, including those in homes or public spaces. Spyrus' new Hydra PC Secure Pocket Drive solves this problem by, in the company's words, "turning a commodity microSD card into a militarized security device."


        The Hydra PC Secure Pocket Drive from Spyrus

        As before, the Secure Pocket Drive is a USB stick that includes a microSD card, available in 2GB, 4GB, 8GB, or 16GB capacities. But this time out, the device is loaded with the Windows Embedded Standard 2009 operating system, apparently preconfigured with display, keyboard, and network drivers that can support most modern PCs.

        If a host PC can be configured to boot from a USB drive, it makes no difference whether that system is contaminated with spyware or malware, or even what operating system is installed, according to Spyrus. That's because the Secure Pocket Drive runs Windows from its own secure storage, bypassing the host's hard disk and making use of only its keyboard, mouse, display, and RAM (512MB minimum), the company explains.

        Spyrus says it first developed a hardware-based pre-boot authentication system for Windows more than ten years ago. Building on this, the Secure Pocket Drive uses a secure boot loader to authenticate and check the integrity of the host PC, and it will not boot the Windows Embedded Standard 2009 operating system if the device has been tampered with, the company says.

        According to Spyrus, the Secure Pocket Drive uses FIPS 140-2 Level 3 tamper-resistant epoxy potting, with built-in anti-tamper and self-destruct mechanisms, to protect against unauthorized access to the device and data stored on it. The protected sectors of the device's memory, its operating system, and all data and application files are encrypted with advanced, hardware-based XTS-AES 256-bit encryption, fully compliant with the newly approved NIST SB800-38E security standard, the company adds. Finally, it's said "Suite B On Board" hardware security (ECDSA P-384, EC-DH, AES-256, SHA-384) supports the full set of Suite B cryptographic algorithms for all security services.

        OUR VERDICT:
        A most ingenious use of an embedded Windows operating system!
        Ashwin Kulkarni, a Microsoft senior product manager for Windows Embedded, stated, "Microsoft is excited to work with SPYRUS and help organizations in the public sector meet customer requests from around the world. Leveraging Windows Embedded Standard 2009, Spyrus' high-assurance Secure Pocket Drive provides end users with secure access to vital information when and where they need it."

        Tom Dickens, chief operating officer for Spyrus, stated, "All security for the Secure Pocket Drive is designed, developed, and manufactured in the USA, mitigating risks from untrusted parts entering the supply chain, a problem of increasing concern to governments worldwide. The Secure Pocket Drive brings 'security for the edge' for a Windows Embedded Standard 2009-based operating environment that is securely protected, self-contained, and portable."

        Further information

        Spyrus did not provide pricing or availability information for the Hydra PC Secure Pocket Drive. Details of the company's existing products may be found here.

        Related stories: