Google has unveiled Project Vault, a hardware and software isolated environment in the form of a microSD card that stores the user’s sensitive data and comes equipped with NFC for authorisation.
“Project Vault is a small microSD form factor device, it’s a separate ultra-secure mini computer,” the Advanced Technology and Projects (ATAP) group’s Peter ‘Mudge’ Zatko explained during the company’s I/O event last week. “You plug it into any system that has a microSD card slot or an SD card slot and make use of the suite of cryptographic services to manage your data needs.
“Only you can unlock it and any information and the algorithms inside Project Vault are never exposed to the system that you plug it into. Inside this little device is an ARM processor that runs our security-focused, real-time operating system. It’s got an NFC chip and antenna, the same thing that’s in your contactless payment systems.
“However, we’re using it so that you can actually prove to Project Vault that you are in control of it and that it is authorised to perform sensitive processing on your behalf. We’ve also loaded it up with a suite of cryptographic services and four gigabytes of isolated, sealed storage.
“Two Vault users can communicate end-to-end without exposing any cryptographically sensitive data to the host systems and this provides a consistent set of security features regardless of how secure or insecure the host system might be and, very importantly, in a way that’s easy enough for any novice to use.”
“Our first focus is the enterprise because if it works for the enterprise it will work for the individual,” Zatko continued. “What you’re looking at here are the actual first versions of Project Vault in microSD form factor. We’re deploying about 500 of these within Google for authentication purposes.
“So what do developers have to do to get their phones or their laptops on their Internet of Things devices ready to use Project Vault? Nothing. The host system just thinks this is a regular storage device but actually that’s just an illusion that we’re creating on the fly. More importantly, it makes us operating system agnostic; you just plug it in and it works. So that’s what we’re experimenting with inside ATAP right now and it’s still very much in experimental stage.”
“Think of it like this; my home has windows and doors which is necessary for people and things to come and go,” added Regina Dugan, head of the ATAP group. “But those windows and doors make it harder for me to protect everything in the house.
“So I use a vault, to store the most sensitive documents. It cannot store all of the contents of my house, but it can store my most precious possessions. Project Vault is your digital mobile safe. Big security, small package.”