Calming down partially, On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
Another approach I am currently playing with is to play with NFC tags and a reader/writer device, which can be used offline as well.
I don't know why you would ever consider an NFC radio secure, where did you get this idea? I'm probably getting into a state of mind where I assume I know more than you (when I might not) because you mentioned plugging a radio into an airgapped device and using it to communicate. Really, it's possible to make that very secure, but with the radio chip likely being closed source, it doesn't sound easy to my kinda limited mind.
The range of these little NFC tags is only a few centimeters/inches. and I guess if someone could (in theory) listen to your offline device, then it does not make any difference IMHO if you use and additional NFC reader/writer and your offline device.
What's most important here is that we support Stefan in using airgapped communication, because it's kinda rare in the larger world, and it's pretty important. Most people probably don't know how to get through an airgap. It's really hard for us to weigh things like this without considering specifics of situations, but I would want to reduce the number of chips and especially intentional emissions that clearly correlate with my data. Given other options work, I wouldn't use a radio, unless it is convenient and easy to do so, so that the airgapping actually happens. Amplification, multiple transceivers, and accumulation of similar parts of information over a long period of time, can almost arbitrarily increase range.
The reason why I mentioned NFC tags is that they fit nicely on postcards or in letters (and can be protected with covers), can be password protected and also allow encryption, depending on the type used.
fitting nicely is a great plus. need an indicator on them to show when they are being accessed. might be easy to add if we build one ourselves. personally i'd want a wired option; they broadcast in all directions and antennas can be made arbitrarily large. i think a huge plus is that they are a common technology right now, so it is easy for people to get them.
I'm inferring by FTDI USB to USB cable, you mean a serial cable with FTDI USB serial converters (which I've had occasion to run into but don't know well) at both ends. That sounds pretty reasonable and shows you have a clue; i don't know whether people still consider systems to be airgapped when they are networked with a serial cable, or not. If we fast forward to emissions a bit, a serial cable is a long wire, so it's going to broadcast the stuff transmitted over it like an antenna, and pick up electromagnetic effects like one too.
I don't know a lot about FTDI converters, but I know that most things you buy from a corporation are not secure by default. My biggest poorly-informed worry is that voltage glitching from the connected device could be used to compromise the 'airgapped' device in some obscure way. Additionally it can be hard to find FTDI converters locally. Sounds pretty airgapped in this day and age, though.
Well, a while ago I looked for options to work with an air-gapped computer, but was not sure if one should use a secure USB stick, for example and found this FTDI solution. I ordered such cable relatively cheap from alibab.com, because here in Europe these cables are only sold to companies, which can re-sell them and the price tag is much much higher.
ftdi cable is a nice solution. you can also order a fiberoptic transciever and use optical. usbs have microchips that accept code updates, but that's pretty low latency.
While tumbling through this ordeal I once made this software, which is a small program to communicate ascii text by bit-banging one or two wire connections: https://github.com/xloem/openemissions/tree/master/tincanterm
Nice, will take a look.
One of the best solutions for low-latency communication would seem to me to be writing your own bit-banging or communication software on the fresh linux installation, so that no installation of new software is needed, preferably using a visual or audio connection so that voltage glitching is impossible, although these channels can still be high bandwidth unintentionally. But if you understand the communication system and security concerns in depth, go right ahead with any of it.
With audio cables I have also experimented and with HTML based software run in a browser. But this was error prone and the transmission speed was to slow. IIRC correctly the popular FOSS software minimodem can do this too, but is unfortunately not cross-platform.
Something I value is very high latency communications. For example, using CDRs was a very secure thing that corporate progress has almost done away with. Burn your information to a CD, then load it on another computer. The CD has no microchips, the information is there for easy review, it doesn't alter the voltage between any electrical terminals on your system, and if you don't reuse cds then even if your airgapped system is compromised, there is no obviously related way to quickly send reply messages back to the system to alter its behavior. High latency is good. Only communicating when the user tells it to is crucial.
Yes, but can nowadays devices (Raspberry Pi for example) handle CDs?
You'd likely have to plug in a powered accessory, which means isolating it too. Maybe that's worth the additional chip.
Here's a piece of software I tried to make for transmitting QR codes: https://github.com/xloem/qrstream
Will check that out too.
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.