Digittrade Kobra Stick Service Manual

KOBRA STICK

encrypted USB-C secure flash drive

Version 1.05

04.04.2019

Benutzerhandbuch
User Manual

für Unternehmen und Behörden

for business and governmental use

Deutsch

PLEASE READ THIS MANUAL AND FOLLOW THE INSTRUCTIONS
CAREFULLY.

INCORRECT OPERATION CAN CAUSE DAMAGE TO THE KOBRA STICK
AND LOSS OF DATA.

The digital version of the manual can be downloaded from
www.digittrade.de in the Download Center.

Product version: Kobra Stick
(Encrypted USB-C Stick) Version 1.0
Benutzerhandbuch Version: 1.05 (04.04.2019)

2

Contents

1. About the KOBRA Stick 4

1.1 Encryption 5

1.2 Access control 5

1.3 Management of the cryptographic keys 5

1.4 Overview of the most important features 6

1.5 Advantages of the KOBRA Stick 7

2. USB port and input interface 7

3. Using the KOBRA Stick 8

4. Roles and authorisations 10

5. Menü-Modus: Authentisierung und Verwaltung 11

5.1 User authentication 12

5.2 Changing the user PIN 12

5.3 Changing the administrator PIN 13

5.4 Write protection function 14

5.5 Generating new crypto keys 14

5.6 Deleting the crypto keys 15

5.7 Time-out and quick-out functions 15

5.8 Permitted number of failed attempts for entering the user PIN 16

6. Formatting 16

7. Applications 17

7.1 Increasing the level of protection for KOBRA Stick in a company 17

7.2 Secure and more cost-effective data transport 18

7.3 Use of fewer data carriers with a large customer base 18

7.4 Use of fewer data carriers in the field and with public authorities 19

7.5 Separation of data carrier from authentication 19

7.6 Use as an encrypted boot device 20

7.7 Use on different operating systems and smartphones 21

7.8 Integration von bestehenden Softwarelösungen 21

7.9 Using the VID and PID to protect company data 21

7.10 Use as a data diode 21

8. Technical specifications 22

9. Data security and disclaimer 22

10. Safe termination after use of the KOBRA Stick 22

11. Menu overview, commands and factory settings 23

12. Product contents 24

13. Hinweis zum Schutz und Erhalt der Umwelt 25

Deutsch

3

1. About the KOBRA Stick

Deutsch

The KOBRA Stick is an encrypted USB-C stick in a sturdy, metal casing. It enables the
storage, safekeeping and secure transport of sensitive business and private data for
public authorities and companies in accordance with data protection regulations. It was
developed in accordance with the “Technical Guidelines” of the BSI, has the quality
marque “IT Security made in Germany” and, due to its security functions, is a good
option for securely storing data on the move.

The confidentiality of the data stored on the KOBRA Stick is protected against
unauthorised access, for example if the data carrier is lost or stolen, or in the event of
virtual or physical attacks.

In order to take full advantage of the security features of the KOBRA Stick, please follow
the following steps:

- Ensure that there is adequate protection on your host system for all data
accessed from the protected storage area of the KOBRA Stick

- Make sure that no malware can be transferred to the KOBRA Stick

- After receiving the KOBRA Stick, check that the delivery is complete and correct.

- After the first login, check the functions of the KOBRA Stick (chapter 5).

- Change the user PIN (Chapter 5.2)

- Change the admin PIN if you are the administrator responsible for managing the
KOBRA Stick (chapter 5.3).

- Create new encryption keys (also called crypto keys or KS) on the KOBRA Stick
(chapter 5.5).

- Keep your authentication data (user PIN and admin PIN) confidential

A detailed description of the above steps can be found in the referenced chapters of this
user manual.

The serial number and the corresponding QR code can be found on the back of the
KOBRA Stick. This information as well as the Vendor ID (VID) and Product ID (PID) can
be read via the USB-C interface:

The KOBRA Stick guarantees the confidentiality of data through the following security
mechanisms:

- Encryption

- Access control

- Cryptographic key management

4

1.1 Encryption

- 256-Bit AES full-disk encryption in XTS mode

The encryption module integrated in the safety housing carries out a complete encryption
of the KOBRA Stick. Every byte saved and each written sector on the storage device is
encrypted in XTS mode, using two cryptographic keys according to the 256-Bit AES
(Advanced Encryption Standard).

The KOBRA Stick also encrypts temporary data and areas that are often ignored by
encryption software.

PIN

authentication

AES

Crypto-Engine

Plaintext data transfer encrypted data transmission

KOBRA Stick

hardware encrypted

Storage

1.2 Access control

- Access is granted by entering a user PIN.

Deutsch

The KOBRA Stick automatically creates a new encryption key and resets the user PIN to
the default setting as soon as the permitted number of incorrect PIN entries has been
exceeded. Access to the data stored on the stick is then no longer possible.

1.3 Management of the cryptographic keys

The user can generate, change or destroy the cryptographic keys at any time. This process
is irreversible. After the generation of new cryptographic keys, the old cryptographic
keys and thus all data stored on the data carrier are irreversibly destroyed. Therefore, any
information stored on the stick should first be saved on another encrypted data carrier,
where necessary.

5

The two 256-bit encryption keys for the encryption and decryption of the data are
generated by a hardware random number generator and stored within the stick. When

Deutsch

the user PIN is entered correctly they are transmitted to the encryption module of the
KOBRA Stick for the encryption and decryption of the data.

1.4 Overview of the most important features

- AES Full-disk hardware encryption in XTS mode with two 256-bit cryptographic
keys

- Authentication via user PIN

- Hardware-based encryption module

- Data encryption of all saved bytes and written sectors

- Independent of operating system (supports all operating systems, multi-media
devices, smartphones, and machines that support USB data carriers)

- Integrated write protection

- Adjustable number of incorrect attempts

- Compatible with USB 3.0 and USB 2.0

- No read and write speed restrictions

- Sturdy metal casing

- Time-out & quick-out functions

- Pre-boot authentication and bootability

- Internal power supply that allows authentication without connecting to a PC or
USB hub.

Optional:

- USB VID, PID & serial numbers can be defined according to customer
specifications

- Laser-engraved customer specific information on the back of the KOBRA Stick

6

1.5 Advantages of the KOBRA Stick

- Private and business data is securely protected from unauthorised access

- Easy and secure handling due to hardware encryption: connect, login, use

- All data is immediately stored as encrypted

- No performance losses

2. USB port and input interface

The KOBRA Stick can be connected to a PC via a USB port.

Deutsch

USB-C 3.0 port

7

Deutsch

Main key

Input keys

„×” key
(cancel)

On the front of the KOBRA Stick there is an input keyboard with a main key, two
command keys (“×” cancel and “√” confirm) and ten input keys (0 to 9). Connection
with a PC is via a USB-C 3.0 port.

„√” key
(confirm)

3. Using the KOBRA Stick

To use the KOBRA Stick correctly, only two steps are necessary:

1) Connect the KOBRA Stick to the PC

2) Enter the PIN on the KOBRA Stick

It is also possible to carry out these steps in another order.

The power supply needed for the KOBRA Stick is generally provided via the USB port.
In addition, this USB stick has an integrated autonomous power supply, which enables
activation before connection to a PC as well as pre-boot authentication with subsequent
PC start from the KOBRA Stick.

8

As long as the KOBRA Stick is not connected to a PC or with an external power supply
(e.g. USB power supply or USB hub) it stays in sleep mode and all keys are deactivated.

The KOBRA Stick goes into authentication mode both after pressing the main key for
approx. 3 seconds and immediately after being connected to a PC. The main key flashes
green and the other keys are activated. Now the user PIN can be entered to unlock the
KOBRA Stick.

All entries and commands are confirmed with the “√” key or cancelled with the “×” key.
Every time the “×” key is pressed, the user returns to wait mode and can begin from
there once again. The main key can also be used to confirm an input instead of the “√”
key.

Deutsch

By pressing the main key in wait mode, the stick switches to menu mode. In this mode
the main key lights up blue and all other entry keys are white. The lit-up input keys
indicate that they are active and the relevant commands can be entered.

After pressing the “1“ key followed by the “√“ key, the user switches back to the
authentication mode and can unlock the stick again by entering the user PIN. Following
successful authentication the main key lights up green. The other keys are activated and
access to the data is enabled.

If an incorrect PIN is entered, the main key flashes red according to the number of times
an incorrect PIN has been entered (but not more than the maximum number of failed
attempts permitted). Then the KOBRA Stick automatically switches back to wait mode.
The authentication process can be repeated from this point as described above. PIN
entry attempts of less than 4 digits are not considered failed attempts and are therefore

9