Every year, Google hold a developer conference called Google I/O, where the search giant preview, launch, demonstrate and generally enthuse about new projects, technologies and products, or upgrades to existing offerings. For the 2015 Google I/O, we’ve already seen a new version of Android, called Android M complete with developer previews for a number of devices. We’ve also seen a wide reaching number of improvements to existing services plus new projects released. This year, we’ve already seen some projects related to security, which is perhaps not a surprise given the high profile data leaks that we have witnessed over the last twelve months. And Google have today announced Project Vault, a new security effort that consists of a MicroSD card designed to store the most sensitive of data.
Google Project Vault has been designed by the Advanced Technology and Projects group, or ATAP. The hardware consists of at least 1 GB of storage available on the ARM-powered MicroSD card. That’s right; this is a “smart” MicroSD card that runs a custom-built Real Time Operating System, or RTOS. The internal project references the MicroSD card having 4 GB of “isolated sealed storage” and the RTOS and ARM microprocessor allows the chip to communicate with the outside world without exposing cryptographically sensitive data. Google Advanced Technology and Projects vice president, Regina Dugan, described Google Vault as “your digital mobile safe.” It is no surprise that Google’s ATAP group is working with a project such as this given their involvement with the National Security Agency’s Prism system for collecting information. Google has also confirmed that a research and development hardware kit has been made available on GitHub under an open source license.
As for the hardware itself, the MicroSD format was picked because it’s a near-universal standard and compatible with large numbers of devices, either directly or via an adapter. The hardware contains an NFC chip and antenna for security purposes and a suite of cryptographic services such as hashing, signing, batch encryption and a hardware random number generator. The device has two-factor authentication designed to be simple and easy to use and the unit is designed to be otherwise transparent to the operating system – the system simply sees it as a generic storage device with a standard file system. There are two files present – one for reading and one for writing, which any application must use to access the data on the card. The technology is platform agnostic, so it will work on any operating system such as Android, Windows, OS X and LINUX. The project is not ready for general release but Google are working first on an enterprise product (currently being tested internally) with plans to release a consumer product.