buffalo on Nostr: Air gapping. do we really need it? Why is an animated QR code communication needed. ...
Air gapping. do we really need it?
Why is an animated QR code communication needed. Is this any better than communication with a UART? I do accept that USB and Ethernet are much more complicated and have larger attack surface. Using these interfaces would potentially allow exploits of bugs in the hardware or middleware.
But what about an isolated serial interface? Technically its air-gapped, but its still coupled in some way.
I first heard this discussed on citadel dispatch talk on VLS.tech. I think I agree with this. Animated QR does limit the surface. But UART communication is almost as good. You can audit the communications without much difficulty in both cases but neither are human auditable.
UART hardware is simple. The protocols are simple.
Air gapped hardware could also have USB support and have the air gapping done via isolation on the same board.
Animated QR codes are an isolation method. There are several isolation methods. You can use transformers for magnetic coupling. Capacitors for capacitive coupling. Opto isolation using LEDs and light sensors. You could send the data with air pressure, speaker + mic.
There is not much different between an opto-isolated UART and an animated QR code.
Published at
2024-01-09 17:04:22Event JSON
{
"id": "58ee5de3d3bdc3798afee5a3d398c1e42f82bdc7890f5b1a35bc7a54e3faba58",
"pubkey": "35bc201c12f2cbd7602b543ea0d97bda8b66a65b57792d6e464c0e731b0ae424",
"created_at": 1704819862,
"kind": 1,
"tags": [],
"content": "Air gapping. do we really need it?\n\nWhy is an animated QR code communication needed. Is this any better than communication with a UART? I do accept that USB and Ethernet are much more complicated and have larger attack surface. Using these interfaces would potentially allow exploits of bugs in the hardware or middleware.\n\nBut what about an isolated serial interface? Technically its air-gapped, but its still coupled in some way.\n\nI first heard this discussed on citadel dispatch talk on VLS.tech. I think I agree with this. Animated QR does limit the surface. But UART communication is almost as good. You can audit the communications without much difficulty in both cases but neither are human auditable.\n\nUART hardware is simple. The protocols are simple.\n\nAir gapped hardware could also have USB support and have the air gapping done via isolation on the same board.\n\nAnimated QR codes are an isolation method. There are several isolation methods. You can use transformers for magnetic coupling. Capacitors for capacitive coupling. Opto isolation using LEDs and light sensors. You could send the data with air pressure, speaker + mic.\n\nThere is not much different between an opto-isolated UART and an animated QR code.",
"sig": "89f017e7d713790c71d2b709e099aac8f414dd49bb683f57d8099157f97df4930a40a1f2a88b8561684946a12ddb1399747f75beeaa3d20e39568de591098956"
}