Kobra Stick

KOBRA STICK

Encrypted USB-C memory stick 

The KOBRA Stick is an encrypted USB-C memory stick in a sturdy, elegant metal case. It enables data protection-compatible storage as well as the safe transport of sensitive business and private data of authorities, companies and private persons. The KOBRA Stick was developed under consideration of the "Technical Guidelines" of the BSI, has the quality mark "IT-Security made in Germany" and is due to its security features a good option for the safe storage of data.

The data stored on the KOBRA Stick are protected against unauthorized access, for example if the data carrier is lost or stolen, as well as in the case of logical or physical attacks, with regard to the confidentiality of the information. The KOBRA Stick ensures the confidentiality of the data through the following security mechanisms:

• Encryption
• Access control
• Management of cryptographic keys

Security mechanisms and special features:

1st encryption

The encryption module integrated in the security housing performs a complete encryption of the KOBRA Stick. Each stored byte and sector on the disk is encrypted to 256-bit Advanced Encryption Standard (AES) in XTS mode using two 256-bit cryptographic keys. The KOBRA Stick also encrypts temporary files and areas that are often overlooked by the encryption software.

2. Access control

Access is gained by entering a user PIN. The stick automatically generates the new encryption keys and resets the user PIN to the factory settings as soon as the permissible number of incorrect PIN entries has been exceeded. Access to the previously stored data on the stick is then no longer possible.

3. Management of cryptographic keys

The user can create, modify and destroy the cryptographic keys at any time. These processes are irreversible. After the generation of new crypto keys, the old crypto keys and thus all data stored on the data carrier are finally destroyed. Therefore, the stored information may need to be previously backed up to another encrypted volume.

The two 256-bit encryption keys responsible for encrypting and decrypting the data are generated with the aid of a hardware random number generator and stored securely within the stick. After correctly entering the user PIN for encrypting and decrypting the data, they are transferred to the encryption module of KOBRA Stick.

4. USB port and input interface

On the front panel, the KOBRA Stick has a keypad with a main key, two command keys ("X" escape key and "V" confirmation key) and ten input keys (0 to 9). The connection to a PC is made via the USB-C 3.0 interface.

5. Power supply

The necessary power supply of the KOBRA Stick generally takes place over the USB connection. In addition, this USB stick has an integrated autonomous power supply, which enables activation before connecting to a PC as well as pre-boot authentication and a subsequent computer startup of the KOBRA Stick.

6. Authentication and administration

The authentication and administration of the KOBRA Stick is done via the menu mode by entering numbers and commands. Switching to the menu mode is generally done from the waiting mode by pressing the main button. To run the commands, the KOBRA Stick usually requires connection to a PC or other an external power provider (for example, USB power adapter or USB hub). Exceptions are the authentication on the KOBRA Stick, the activation or deactivation of the write protection as well as the generation of new crypto keys. These functions can also be performed on battery power.

7. Roles and permissions

The KOBRA Stick enables a distribution of the roles and authorizations regarding the management and operation of the data medium.

The user knows the user PIN. He can change this PIN, authenticate himself to the stick, enable and disable read-only protection, destroy the valid encryption keys and create new ones. The user PIN allows authentication on the KOBRA Stick and thus access to the stored data.

The administrator knows the admin PIN. He can change the admin PIN, make time-out settings and set the number of allowed failed attempts. The administrator has no access to the stored data of a KOBRA Stick on the basis of its authorizations.

8. Write protection mechanism

The activated write protection offers you additional protection against viruses and Trojans while using the stick on a foreign PC. In addition, it can prevent accidental storage of sensitive information from a PC or server to the stick. Even before authentication, the user can check whether the write protection is activated by pressing the "2" key. The permanent purple glowing main button indicates that the write protection is activated. If write protection is deactivated, the main button lights up in green.

9. Time-Out and Quick-Out Functions

The administrator can set the number of minutes after which the unlocked KOBRA Stick automatically locks itself if neither reading nor writing access to the stick occurs within the specified time. The lock selection is between 1 and 30 minutes. To cancel the lock, select "0". The quick-out feature allows for quick logoff. It is done by double clicking on the "X" button within 2 seconds.

10. Allowed unsuccessful attempts to enter the user PIN

On delivery, the user has 8 allowed failed attempts. The administrator can adjust this number from 1 to 16 failed attempts. After exceeding the specified number, the KOBRA Stick automatically deletes the old crypto keys, creates the new ones and returns the user PIN to the factory settings. All available data will be permanently destroyed.

11. Use on different operating systems and smartphones

The KOBRA Stick is independent of operating systems and already has the file system FAT32 in its delivery state. This format can be read and written by almost all operating systems (Windows, Mac OS and Linux). The maximum file size in this format is up to 4GB, which is sufficient for most content.

The user can reformat the KOBRA Stick according to the application scenario. For Windows users, it is recommended to use NTFS, for example. For Mac OS X, HFS + is the most powerful file system and EXT4 can be used on Linux. The optimized power consumption makes it possible to use the KOBRA Stick for data exchange with a smartphone or tablet.

12. Use as an encrypted boot device

The integrated autonomous power supply enables the authentication of the KOBRA Stick before the start of a PC (pre-boot authentication). This feature offers the possibility to store operating systems encrypted on the KOBRA Stick and then start directly from the stick. In this context, operating systems such as Windows To Go, Linux, ECOS Secure Linux and others, as well as the required data can be stored on the stick.

13. Use of VID and PID for the protection of corporate data

Optionally, the vendor ID (VID) and product ID (PID) can be customized. Through this information, the KOBRA Stick can be assigned to different departments and user groups. These may also have different permissions for USB connections in the corporate network.

In this way it can be determined which KOBRA Stick can be connected to which USB interfaces in the company. The connection of other "unauthorized" USB data carriers can be prevented.

14. High quality laser engraving

On the back of the KOBRA Stick are the engraved serial number and the corresponding QR code. This information as well as the Vendor ID (VID) and Product ID (PID) can be read out via the USB-C interface. In addition, other custom information and logos can be stamped with a high-quality engraving.