S4Stick - A secure, portable work environment deployable from a USB stick
Motivation As portable flash memory drives, USB drives, and flash memory cards are virtually impossible to control when used to store sensitive information, users in public administration or the corporate world face a constant and increasingly serious risk of their data being lost or misused. Mobile media like USB sticks can be included in data security concepts to provide the usual mobile desktop environment outside of a secure IT workplace. Using USB sticks as carriers of such a familiar desktop environment can also ensure that relevant security rules are not violated.
Objectives and Approach The objective is to design a functional prototype of a mobile USB flash drive with a built-in CodeMeter DRM system and integrated interface (socket) for hosting a standard flash memory card (microSD). The target design includes a specific hardware circuit and distinctive firmware for the stick to guarantee the necessary backwards compatibility and operate with existing CodeMeter DRM system components. New device properties are implemented to support a removable and protected flash memory unit linked with itWatch’s management software. With its protected memory, the stick allows the sandboxed installation of operating system components, applications, and protected data on an open access computer system. A safe operating environment can be loaded on an otherwise unprotected desktop. The new work environment is protected by a security kernel that enables sandboxing on the open system in full connection with the CodeMeter DRM system.