|
|
Log in / Subscribe / Register

misusing USB keycards?

misusing USB keycards?

Posted Oct 5, 2017 10:44 UTC (Thu) by tao (subscriber, #17563)
In reply to: misusing USB keycards? by anarcat
Parent article: Strategies for offline PGP key storage

I always figured air-gapped meant that the system isn't accessible remotely, not that local attackers aren't able to reach it. If you have local access to hardware, generally all bets are off. An airgapped system isn't connected by WIFI, BT, ethernet, or whatever other means you use to connect to a network, and is preferably kept in a shielded environment. This is the kind of spec needed for things like machines used for signing top level certificates, etc.

The term I'd normally associate with a system that can withstand things like badUSB would be tamper-proof. An ATM, for instance.

Sometimes there's an overlap, and there are degrees of airgapping and tamper-proofing. You probably don't want wifi, BT, etc. for your ATM, but it's definitely connected to the Internet, though hopefully on a VLAN.

to post comments

misusing USB keycards?

Posted Oct 5, 2017 12:57 UTC (Thu) by anarcat (subscriber, #66354) [Link] (1 responses)

if you're connected anyways, where's the gap then?

I could have written a whole article about air-gapped computers - that wasn't my purpose here. It's one of the approaches you can use, and i know it has its merits. the problem is the tradeoffs seem off to me. if you're connected to the internet anyways, how does it differ from a workstation behind a LAN?

the definitions of "air-gapped" sure seem pretty flexible around here... :p which is another problem: if we don't have a clear definition of what an "air gap" is, you're going to have trouble creating a proper threat model analysis...

misusing USB keycards?

Posted Oct 5, 2017 15:05 UTC (Thu) by nybble41 (subscriber, #55106) [Link]

> if you're connected to the internet anyways, how does it differ from a workstation behind a LAN? ... the definitions of "air-gapped" sure seem pretty flexible around here...

It doesn't. You and tao are both saying that an "air-gapped" system is not connected to either the Internet or a LAN. The difference is that tao's definition of "air-gapped" (reasonably, IMHO) does not encompass protection against a local attacker with physical access to the system, e.g. the BadUSB attack. That threat model requires a system which is "tamper-proof", which is a separate consideration from "air-gapped". A "tamper-proof" system can have network links (e.g. ATMs) and an "air-gapped" system can have USB ports. (Suitably restricted, of course—you don't your air-gapped system to automatically establish an Internet connection just because someone plugged a USB network adapter into the port intended for security keys. However, that can be addressed by limiting the USB drivers available, and/or configuring a whitelist of allowed devices.)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds