idea for a fun little security project

hellekin hellekin at gnu.org
Mon Nov 17 22:27:26 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/17/2014 09:35 AM, Werner Almesberger wrote:
> 
> Nice ! I'd make the keyboard just "USB keyboard" - doesn't matter
> how plain or fancy it is. Also, the endpoint could be more local,
> e.g., inside a virtual machine or inside a Linux-on-a-USB-stick.
>
*** Going a step further, you could have a wireless keyboard that you
flash with your firmware, or a cabled-USB keyboard that you'd plug not
directly into the computer, but into an USB device:

          ____________________
_   _____/                    \_   _____.---------.
 | |                            | |                \_____
 | | USB  Secure Hardware Key   | | USB to Keyboard _____
_| |_____                      _| |_____,----------|
^.       \____________________/         `----------'
 : computer USB Host

The USB Secure Hardware Key would offer 3 functionalities:

1. bootable Tails system
2. wireless keyboard connection
3. cabled keyboard connection

Both 2. and 3. would provide the encryption capability.

- - If you boot on the device, and you use a cabled keyboard, you're safe.
- - If you boot on the device, and you use a FLASHED wireless keyboard,
you're almost safe.
- - If you boot on the computer, and you use the device simply as a
key-scrambler, you could definitely tunnel this either through networked
virtual machines or the Internet.

And if you remove the wireless part, and use micro-USB instead, you can
have a fully featured encrypted keyboard for your mobile phone, which is
probably a good thing to have given that we have more fingers than two
thumbs.

I think the latter option (no wireless) is actually more interesting, as
the only attacker left is a tempest-capable trickster that can
reverse-engineer the encrypted data stream, or a smarter trickster who
can simply record the noise of the keys as you type and reconstruct the
sequence, which can actually be done using lasers on a window to amplify
the tiny vibrations into delivering an audible definition.

Ahem.

==
hk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJUanZMXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3MDM3QTJCNjlFNkMxQzA1NjI4RDUzOEZE
OEU3QkQ4MDk0MUM4MjkzAAoJENjnvYCUHIKTTp4P/iOoxI+Ibs5VtoKNKxchQjTM
Txsb2xDkxTtvnRY4cHtwMreyGezMmRLB1DWSVUYn5GLlTUOr6gJH9NhIemF93JG2
1jYAIDcm/BPVLoQnaIMFKSRVGdtP69f0+zgZhwdJWtQRjCneQ2zT/vZq61OlxI1A
zSIuJlwn+eenOc9CGmvEWHwewd1qABZ8kAYO7TTcs3ws/Eczxn2QmPObBK/dsp16
1L2QCLQ4rTY13AgLKEpdZGcJz7SO/jTkf+2qiGeO7KBnr3t4X9tQDMRSLz6VSYXt
qv4PwphK4afttzwWsp4HId2NGF4wDmjp+qqWfFToFt6RSdWuBqhPeEK0fyep2dvX
X4JxshDqupSFvwADY98HVJyVdMqI/Eaz1uRKsxGiPac7oPQeHUhuE7UuKcv5eHTo
2kF8tdBAIMnbdHxtZCG1LXLlDnee7nmwE9IeppvZm4nVafRgDzVk9G87t1sq3/fh
lvm8Yzj1mIPZMbQLjvMz+hYmO/tD3jJwSZ7+4yWP9EW3qw83LyXDPF7BscuxgN4z
+fiHdocF+boHCLvWSLhxEvQbjVZ8bNmIVIler3fPSfsA6jwvmLcFkmJbqEwdW7i9
ZyTUGv3lVz/M4e3vTW7+eu/dejRA0V//Qgtq0VHqXt4qVlzqZWXcgUcE41HrIGe/
OQlnM5sFNQBF0NYldTnO
=LStR
-----END PGP SIGNATURE-----



More information about the discussion mailing list


interactive