Writing

Software, technology, sysadmin war stories, and more. Feed
Wednesday, August 22, 2012

Reader feedback on airgapped crypto devices

Besides tying AOL in knots, yesterday's post about using light from your screen to talk to a purposely-disconnected device has already generated a fair number of responses. So, it's reader feedback time!

The coolest link I got was to the manual for a Bloomberg B-Unit. Clearly, they really do not want just anyone to be able to get into your account on that service. Those devices have a biometric scanner which has to be satisfied before it will even start up. Then you let it read your screen and think a bit and it will eventually yield a number.

Incidentally, there's a great phrase in this document: "finger enrollment process". What a killer name for a band!

My thanks to Jason for writing in with the tip.

I got another link from Mihai to an "open source joke" called PaperBack. It "... allows you to back up your precious files on the ordinary paper in the form of the oversized bitmaps".

When I saw "joke" and "PaperBack" I figured it was just a silly "print out your data as text and scan it back in" thing, sort of like what happened with the PGP book. Instead, it seems to have actually been done with careful attention to detail about how things are encoded, achieving relative high data densities, and making sure they are recoverable.

I also got a note from a third reader about having a custom USB device which would accept the message and do the crypto and then drop it off in an "outbox". Apparently this would look like two separate storage spaces and files would just appear on the output side. They mentioned the secret key would be safe because "the only way to attack the secret key is through vulnerabilities in the key handling tools, which will work the same for optically transmitted keys".

I'm not sure I agree with that method. I just have these visions of something just brute-forcing its way into the poor little device and vacuuming up all of its tasty, tasty data. You just know that someone would build one of these things as stupidly and as cheaply as possible, and it would be a thin shim over existing insecure hardware. Then someone would smash through that shim to reduce it to the existing insecure stuff and we'd be right back at stage one.

If you managed to feed evil data to a one-way optically-linked device, it might start doing some nasty things, but I don't see how it's going to get your precious private key back out to an attacker. I'm talking about the scenario where they don't have the device in their hands already, of course. If they can get physical access to your little crypto device, all bets are off.

As a final treat, check out this QR code clock. If your device can keep up with that, it might be able to do my half-baked scheme.