public
/
docs
5
0
Fork 0
Code Issues 18 Pull Requests 1 Packages Projects Releases Wiki Activity

minor refactor

This commit is contained in:
Anton Livaja 2025-01-09 16:42:09 -05:00
parent d46a06af41
commit 02ad37b8c5
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
4 changed files with 27 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md
View File

@ -3,7 +3,7 @@
## Provisioning Chain of Custody ## Provisioning Chain of Custody
Materials and devices which are used in the context of a high assurance system need to be monitored carefully from the moment they are purchased to ensure there are no single points of failure. Going back to the assumption that participants in the system are subject to [MICE](./glossary.md#MICE) and as such may pose a threat to the system, special care has to be taken that multiple individuals are involved in the whole lifecycle of provisioning a piece of equipment. Materials and devices which are used in the context of a high assurance system need to be monitored carefully from the moment they are purchased to ensure there are no single points of failure. Going back to the assumption that participants in the system are subject to [MICE](../glossary.md#MICE) and as such may pose a threat to the system, special care has to be taken that multiple individuals are involved in the whole lifecycle of provisioning a piece of equipment.
All steps of the provisioning process need to be completed under the supervision of at least 2 individuals, but benefit from having even more individuals present to increase the number of witnesses and allow individuals to take washroom breaks, eat etc. All steps of the provisioning process need to be completed under the supervision of at least 2 individuals, but benefit from having even more individuals present to increase the number of witnesses and allow individuals to take washroom breaks, eat etc.
@ -14,16 +14,18 @@ The following steps must all be completed under the continued supervision and wi
1. Selecting a Purchase Location 1. Selecting a Purchase Location
* Select at least 4 stores which carry the type of equipment being purchased, then randomly select one using the roll of a die, or other random method. This is done in order to reduce the likelihood that a threat actor is able to plant a compromised computer in a store ahead of time. * Select at least 4 stores which carry the type of equipment being purchased, then randomly select one using the roll of a die, or other random method. This is done in order to reduce the likelihood that an insider threat is able to plant a compromised computer in a store ahead of time.
* Each participant should choose 2 of the stores. * Each participant should choose 2 of the stores.
2. Within the store, identify available adequate device 1. Within the store, identify available adequate device
3. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location", which is ideally just a access controlled space. The bag MUST be a sealable see-through tamper evident bag. It may be necessary to remove the device from it's original packaging to fit it into the sealable bag. 1. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location", which is ideally just a access controlled space.
* The bag MUST be a sealable see-through tamper evident bag. It may be necessary to remove the device from it's original packaging to fit it into the sealable bag.
4. If the equipment does not have to be tamper proofed, simply deliver it to its storage location, and update the inventory repository with the serial number of the device. 1. If the equipment does not have to be tamper proofed, simply deliver it to its storage location, and update the inventory repository with the serial number of the device.
1. If the equipment does require tamper proofing, apply the appropriate level of tamper proofing for the security level you are performing the procurement for.
5. If the equipment does require tamper proofing, apply the appropriate level of tamper proofing for the security level you are performing the procurement for.
// ANCHOR_END:steps // ANCHOR_END:steps
/* ANCHOR_END: all */ /* ANCHOR_END: all */

17
quorum-key-management/src/component-documents/tamper-evidence-methods.md
View File

@ -193,23 +193,6 @@ To construct an appropriate Tamper Proofing Station, the simplest setup consists
* Powerful LED light which can be attached to the mounting rig * Powerful LED light which can be attached to the mounting rig
## Digital Camera
* MUST have >10MP
- [ ] TODO these cameras are specifically for level 2. this should be moved into a different section. perhaps each level can have its own hardware document
- [ ] TODO amazon links are not ideal, more reliable and vetted hardware providers should be established
### Models
// ANCHOR:digital-cameras
* Modern phone cameras
* [Kodak PIXPRO Friendly Zoom FZ43-BK 16MP Digital Camera with 4X Optical Zoom and 2.7" LCD Screen](https://www.amazon.com/Kodak-Friendly-FZ43-BK-Digital-Optical/dp/B01CG62D00)
* [Kodak PIXPRO Friendly Zoom FZ43-BK 16MP Digital Camera with 4X Optical Zoom and 2.7" LCD Screen](https://www.amazon.com/KODAK-Friendly-FZ45-BK-Digital-Optical/dp/B0B8PDHRWY)
* [Sony Cyber-Shot DSC-W800](https://www.amazon.com/Sony-DSCW800-Digital-Camera-Black/dp/B00I8BIBCW)
// ANCHOR_END:digital-cameras
## Polaroid camera ## Polaroid camera
* Can be attached to mounting rig * Can be attached to mounting rig

5
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md
View File

@ -4,9 +4,9 @@ The provisioner is responsible for:
* Procuring equipment * Procuring equipment
* Setting up the [Facility](#facility) * Setting up the facility
* Maintaining stock of supplies in the [Facility](#facility) * Maintaining stock of supplies in the facility
* Minimizing hardware supply chain security risks * Minimizing hardware supply chain security risks
@ -24,7 +24,6 @@ The first task is to bootstrap the operator keys as they are an essential part o
### Procedures Without Prerequisites ### Procedures Without Prerequisites
* [Provision Facility](./provision-facility.md) * [Provision Facility](./provision-facility.md)
* [Provision Keychain Repository](./provision-keychain-repository.md)
* [Provision SD Card](./provision-sd-card.md) * [Provision SD Card](./provision-sd-card.md)
* [Provision Tamper Proofing Equipment](./provision-tamper-proofing-equipment.md) * [Provision Tamper Proofing Equipment](./provision-tamper-proofing-equipment.md)
* [Provision Ceremonies Repository](./provision-ceremonies-repository.md) * [Provision Ceremonies Repository](./provision-ceremonies-repository.md)

17
quorum-key-management/src/generated-documents/level-2/hardware.md
View File

@ -25,4 +25,21 @@
// ANCHOR_END: computer-models // ANCHOR_END: computer-models
## Digital Camera
* MUST have >10MP
- [ ] TODO amazon links are not ideal, more reliable and vetted hardware providers should be established
### Models
// ANCHOR:digital-cameras
* Modern phone cameras
* [Kodak PIXPRO Friendly Zoom FZ43-BK 16MP Digital Camera with 4X Optical Zoom and 2.7" LCD Screen](https://www.amazon.com/Kodak-Friendly-FZ43-BK-Digital-Optical/dp/B01CG62D00)
* [Kodak PIXPRO Friendly Zoom FZ43-BK 16MP Digital Camera with 4X Optical Zoom and 2.7" LCD Screen](https://www.amazon.com/KODAK-Friendly-FZ45-BK-Digital-Optical/dp/B0B8PDHRWY)
* [Sony Cyber-Shot DSC-W800](https://www.amazon.com/Sony-DSCW800-Digital-Camera-Black/dp/B00I8BIBCW)
// ANCHOR_END:digital-cameras
/* ANCHOR_END: all */ /* ANCHOR_END: all */