The market for information security is increasing with every cyber attack that makes it into the news and every technology related issue that could have caused it. But what solutions are solid? Which startups should you keep an eye on? We spotted a very promising company from Germany, which goes by the name Nitrokey. They have started their crowdfunding project today on Indiegogo and if you have an interest in information security for private or professional reasons we strongly recommend to check them out.
Crowdfunding Campaign Goals
The goal of our crowdfunding campaign is to finalise development of the Nitrokey Storage and to produce the first batch of devices. A beta version of Nitrokey Storage is currently available.
What can you use Nitrokey Storage for?
- Secure login on the web
- Secure login to network services, local computers and for access control
- Secure key storage for email encryption
- Mobile-encrypted file storage
- Hard disk and file encryption
- To protect server- and PKI-keys
Nitrokey Storage Features
- Encryption of emails, hard drives, and other data via a highly secure smart card. Secure keys are protected by the hardware.
- Secure login on the web and protection against identity theft via one-time passwords.
- Secure transport and exchange of sensitive files via encrypted mass storage (up to 64 GB).
- The first hardware worldwide with hidden storage, which allows users to plausibly deny the existence of encrypted data (e.g. during border controls).
- 100% open-source and open hardware. No backdoors for intelligence services.
What does the Nitrokey Storage protect against?
- Computer viruses and malware can’t access the secret encryption keys hidden in the hardware.
- In case of loss or theft the secure encryption keys and encrypted data remain secure, even withstanding sophisticated attacks with laboratory equipment.
- Intelligence services try to backdoor security equipment. Because Nitrokey is available as open-source, everybody can check it for backdoors.
- In situations such as border controls the user can reveal a wrong password and technically it can’t be proven that a hidden encrypted area exists containing further data.
- User error can result in sending and revealing secret encryption keys. Nitrokey prevents this potentiality by keeping all secret keys secure in its hardware.
- Malicious firmware updates (e.g. BadUSB) are prevented by using a dedicated password for firmware updates. Installed firmware can be exported and verified.
The Nitrokey team
Coordination and architecture – The cofounder has more than eight years of experience in IT security, having previously worked between Germany and Singapore for a large IT consulting firm. He campaigns for data privacy, data security and open source on a volunteer basis.
Nitrokey Storage software and hardware engineer – The cofounder has 30 years experience in embedded programming and hardware development. He focuses on safety and security critical systems and likes solving complex problems.
Nitrokey App and Pro software engineer – George is involved in the Nitrokey project since he was a Google Summer of Code student. His main focus are Nirokey Pro firmware and Nitrokey App development.
- Slogan: Secure your digital life
- Vision: Nitrokey works similarly to a classical latchkey as a key for your digital home. Nitrokey is a secure and easy-to-use key that should be used in all instances where passwords are required.
What happens if I lose my Nitrokey Storage?
- Access is PIN-protected and after six wrong entries the Nitrokey locks itself irrevocably and effectively destroys all data. This way your data remains secure. A short PIN is sufficiently secure, because only six passport attempts are possible and brute force attacks are prevented by the hardware.
- Secret keys can be backed up during its initialisation, so that the encryption keys can still be used in case the device is lost or damaged.
How large is the storage capacity?
The Nitrokey Storage will be available in several options. You can go for the 8, 32 or 64 GB storage unit.
How secure is Nitrokey Storage?
- An integrated OpenPGP smart card protects against cryptographic side-channel attacks and hardware attacks. Even attacks with advanced laboratory equipment can be withstood.
- The secure architecture results in encryption of all sensitive data by the smart card.
- Cure53, a company specialising in security audits, has already reviewed the hardware and firmware of Nitrokey Storage and has deemed it secure.
Which encryption algorithms are used?
- RSA with up to 4096 bit
- AES-256 in CBC mode
Which operating systems are supported?
- Mac OS X
Where is Nitrokey Storage produced?
The Nitrokey Storage devices are manufactured in Germany.
Further facts about the crowdfunding campaign
- Duration: 18.11. – 30.12.2015
- Funding goal: € 60,000
- The Indiegogo campaign page will become available on 18 November 2015: http://igg.me/at/nitrokey
What will the money be used for?
The Nitrokey Enterprise
IT security is currently one of the dominant topics in the media. Global hacker attacks and surveillance scandals continually shake the foundations of our world. Nitrokey’s mission is to protect the digital identity and data of all personal and corporate computer users. Nitrokey was founded in January 2015 in Berlin and has already been voted Germany’s #12 tech startup.
Founder and CEO Jan Suhr has more than eight years of experience in IT security, having previously worked between Germany and Singapore for a large IT consulting firm. He campaigns for data privacy, data security and open-source on a volunteer basis and has also worked on development programs in Afghanistan.
In 2008 Jan Suhr, Rudolf Böddeker and another friend were traveling and found themselves looking to use encrypted emails in internet cafés, which meant the secret keys had to remain secure against computer viruses and Trojans. Some proprietary USB dongles existed at the time, but were either technically insufficient or were not available for use by private persons. So without further ado they started developing an appropriate USB key themselves. The three friends released the Crypto Stick as open-source hardware on 27 December 2009. In the years to follow the Crypto Stick became popular in the open-source and security community and almost 1000 devices were produced and distributed on a non-profit basis. On 1 January 2015 Crypto Stick was renamed Nitrokey, in order to both professionalize the project and account for its users’ high standards. It was then that the company was born.
Existing Nitrokey products
Nitrokey currently offers four highly secure solutions that cost between €19 and €49:
- Nitrokey Pro and Nitrokey Start are suitable for the secure encryption of emails, files and hard disks, as well as for secure login on the web, in network services and on local computers.
- Nitrokey U2F supports Google’s new and very easy-to-use login mechanism FIDO Universal 2nd Factor, which should prove to be highly successful.
- Nitrokey HSM addresses the providers of security servers, as well as businesses that wish to operate their own PKI.
YouTube: Crowdfunding for the Nitrokey Storage
Photo credit: Nitrokey / Andreas Riedelmeier