Glacier Protocol

[aa7356]

Hi everybody,

I always had the notion that USB port is not the optimal way of communication between two nodes for secure communications.  

The "air gap" idea of have a host "Alice" that will never ever be connected to the network by cables (in order to mitigate the private key exposure) while talk to host "Bob" that got the function of broadcaster... reminds me a Werner Koch commentary years ago about the same idea but in the smart-cards scenario (ISO 7816-4,-10). He said something like "The whole idea of keep a private key stored in the smart-card eeprom is to expose the key as minimum as possible"

Recently I read on the the news some critical flaws in hardware wallets (voltage glitching attacks which briefly dump the voltage of the device under test in order to write to memory and change the state of registers during a crucial stage of the USB protocol-when device descriptors are sent to the host... )

So, think about those problems... is it a good idea of instead using USB communication channel ... would not be better to use image instead?

I notice that Armory works very well with QR code for 'off tx sign'.. My question is... is there already a project using cheap 'system on chip' (SoC) like Raspberry PI, Banana PI, Beaglebone, etc.. that applies the idea of "Glacier Protocol"?

ps-> I have a bias on using Beaglebone because it is a open hardware project.

[1714659384]

1714659384

[1714659384]

1714659384

[1714659384]

1714659384

[goatpig]

I use a RPi for signing myself, though the carrier is a USB stick (the RPi is never directly connected to my online machine, and it never was connected to internet in the first place).

There has been proposals to either add an audio modem or an animated QR code codec as extra transfer channels. In general smart cards are better than USB keys because the USB protocol and handshaking is significantly richer than that of smart cards, which are only ever storage devices. There's arguable minor benefits to be had from DMA access to the storage device vs going through the driver.

For the more paranoid, you could write the data back and forth by hand, or burn CDs.

[aa7356]

I use a RPi for signing myself, though the carrier is a USB stick (the RPi is never directly connected to my online machine, and it never was connected to internet in the first place).

There has been proposals to either add an audio modem or an animated QR code codec as extra transfer channels. In general smart cards are better than USB keys because the USB protocol and handshaking is significantly richer than that of smart cards, which are only ever storage devices. There's arguable minor benefits to be had from DMA access to the storage device vs going through the driver.

For the more paranoid, you could write the data back and forth by hand, or burn CDs.

I think for the "21 millions club" you have more than right to be paranoiac, it is your core skill ...

I remember in the early 90's some countries got their top level DNS and then failed miserably on keep their TSL root keys physically safe. (if I'm not mistake the term is "safe room" for a complete isolated computational system)

[aa7356]

I use a RPi for signing myself, though the carrier is a USB stick (the RPi is never directly connected to my online machine, and it never was connected to internet in the first place).

There has been proposals to either add an audio modem or an animated QR code codec as extra transfer channels. In general smart cards are better than USB keys because the USB protocol and handshaking is significantly richer than that of smart cards, which are only ever storage devices. There's arguable minor benefits to be had from DMA access to the storage device vs going through the driver.

For the more paranoid, you could write the data back and forth by hand, or burn CDs.

Regards to burn CDs .. I was thinking about something similar to PGP/PKI Clean Room ( Live CD with networking disabled )

https://wiki.debian.org/OpenPGP/CleanRoomLiveEnvironment

[goatpig]

I dont see how that protects you from USB rootkits. The point of burning CDs is to avoid taking a USB stick to your offline signer.