public
/
docs
5
0
Fork 0
Code Issues 21 Pull Requests 2 Packages Projects Releases Wiki Activity

update across multiple docs

This commit is contained in:
Anton Livaja 2024-12-05 18:21:11 -05:00
parent 36a64ca6f3
commit fa73b09cc0
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
4 changed files with 47 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
quorum-key-management/src/hardware-procurement-and-chain-of-custody.md
View File

@ -35,5 +35,9 @@ Each laptop model is laid out slightly differently so use an online reference an
5. Apply a [tamper proofing](./tamper-evidence-methods.md) method to the device depending on the [device designation](TODO)
## Tested Hardware (AirgapOS Compatibility)
* HP 13" Intel Celeron - 4GB Memory - 64GB eMMC, HP 14-dq0052dx, SKU: 6499749, UPC: 196548430192, DCS: 6.768.5321, ~USD $179.99
* Lenovo 14" Flex 5i FHD Touchscreen 2-in-1 Laptop - Intel Core i3-1215U - 8GB Memory - Intel UHD Graphics, SKU: 6571565, ~USD $379.99
* Lenovo 14" Flex 5i FHD Touchscreen 2-in-1 Laptop - Intel Core i3-1215U - 8GB Memory - Intel UHD Graphics, SKU: 6571565, ~USD $379.99
To ensure that hardware is compatible, it can be tested by bringing an SD card with AirgapOS loaded on it, and testing booting to a floor model in the store.

5
quorum-key-management/src/one-time-use-laptop-coin-ceremony.md
View File

@ -1,6 +1,7 @@
# One Time Use Laptop Ceremony
#### Threat Model
## Threat Model
One time use laptops are specially prepared for using in field operation but can also be used inside of a secure facility. The primary objective of this setup is that the laptop is provisioned ahead of time, and is considered to be secure for use, but is to be destroyed afterwards.
- [ ] isn't the only difference between this and portable multi use that the laptop is resealed?
This flow is the same as [portable reusable laptop ceremony](portable-reusable-laptop-ceremony.md) except instead of tamper proofing the hardware at the end of the ceremony, it is destroyed.

25
quorum-key-management/src/portable-reusable-laptop-ceremony.md
View File

@ -1,14 +1,22 @@
# Portable Reusable Laptop Ceremony
This type of device is essentially just a "One Time Use" device, with the added caveat that the operator has a tamper proofing method available to protect the device between uses. The device can not be trusted by other individuals, but only by the individual who used the device, as there are no other witnesses.
This type of device setup offers reduced security compared to using a a [fixed location](fixed-location-reusable-laptop-ceremony.md) setup, as this type of setup offers additional controls which mitigate attacks.
1. Procure a laptop set up for portable use.
* A polaroid of the laptop tamper evidence should be carried on person at all times
* Polaroid of the laptop tamper evidence should be carried on person at all times
* A vacuum sealer, and plastic beads will be necessary in order to be able to re-seal the laptop after use
* Polaroid and digital camera are also required
* A polaroid and digital camera are also required
* Vacuum sealer, and plastic beads will be necessary in order to be able to re-seal the laptop after use. (Refer to the tamper evidence methods document for the [filler](tamper-evidence-methods.md#adequate-filler) and [vacuum sealers](tamper-evidence-methods.md#vacuum-sealers))
2. The laptop can be left stored in a hidden location or ideally in a safe
2. The laptop SHOULD be kept on the person at all times
* MAY leave the laptop in a safe
* MAY (but not recommended) leave the laptop with full time supervision (such as bellhop)
3. Select a secure [location]()
@ -16,14 +24,7 @@
5. Unseal the laptop using the [Unsealing Procedure](tamper-evidence-methods.md#procedure)
6. Follow the [coin playbook](TODO)
6. Follow a [playbook](TODO)
7. Once the ceremony is over use the [Sealing Procedure](tamper-evidence-methods.md#procedure) to seal the laptop.
---
TODO: integrate
### Portable Multi-Use Device
This type of device is essentially just a "One Time Use" device, with the added caveat that the operator has a tamper proofing method available to protect the device between uses. The device can not be trusted by other individuals, but only by the individual who used the device, as there are no other witnesses.

34
quorum-key-management/src/tamper-evidence-methods.md
View File

@ -36,7 +36,26 @@ The reason this method is effective is because unlike with many other methods th
### Adequate Filler
To achieve the best level of randomness and difficulty of reproducing the arrangement of filler in a vacuum sealed bag, a variety of beads of different sizes and color should be used. They may be made of different materials as well.
To achieve the best level of randomness and difficulty of reproducing the arrangement of filler in a vacuum sealed bag, a variety of beads of different sizes and color should be used. They may be made of different materials as well but plastic is excellent because it doesn't change form when vacuum sealed - which can make it easier to reproduce patterns. Materials such as confetti and packing beans may be used, but because they can be flattened and retain the shape, arranging them in a given pattern is much easier. Other options like beans or lentils have less variety in color and shapes which makes it harder to detect differences.
Examples of filler:
* [B100B5LB 5 Lb Mixed Craft Bead Bonanza Case](https://www.thebeadery.com/product/b100b5lb-5-lb-mixed-craft-bead-bonanza-case/)
* [Plastic Beads - Multi Colour & Size - 700ml](https://www.stockade.ca/Plastic-Beads--Multi-Colour-Size--700ml_p_8402.html)
### Vacuum Sealers
Vacuum sealer needs to be able to seal bags of sufficient size to fit a 13" laptop
* [Nesco Deluxe Vacuum Sealer VS-12P](https://www.nesco.com/product/deluxe-vacuum-sealer/)
* [Anova Precision Vacuum Sealer Pro](https://anovaculinary.com/en-ca/products/anova-precision-vacuum-sealer-pro)
Sealing bags of standard size objects which need to be protected can fit in. The bags should be perfectly see through, rather than with writing or any irregularities in the plastic which can obfuscate the view of the inside of the bag. 11" width is recommended.
* [Anova Precision Vacuum Sealer Rolls (11" x 19.60')](https://anovaculinary.com/en-ca/products/anova-precision-vacuum-sealer-rolls)
* [2 Vacuum Sealer Rolls (11.0" x 19.70')](https://www.nesco.com/product/2-vacuum-sealer-rolls-11-0-x-19-70/)
### Additional Considerations
@ -48,9 +67,11 @@ To achieve the best level of randomness and difficulty of reproducing the arrang
#### Requirements
* Vacuum sealer
* Sealing bags of standard size objects which need to be protected can fit in. The bags should be perfectly see through, rather than with writing or any irregularities in the plastic which can obfuscate the view of the inside of the bag.
* Variety of beads of different sizes and colors
* [Vaccum sealer](#vacuum-sealers)
* [Vacuum plastic roll](#vacuum-sealers)
* [Filler](#adequate-filler)
#### Sealing
@ -85,7 +106,7 @@ Glitter can be used as an additional control to provide tamper evidence on speci
4. Repeat steps 2, 3 with the different types of glitter being used
5. Take a photograph of the laptop, preferably using the [tamper proofing station](TODO)
5. Take a photograph of the laptop, preferably using the [tamper proofing station](#tamper-proofing-station)
#### Verification
@ -121,9 +142,6 @@ To construct an appropriate Tamper Proofing Station, the simplest setup consists
Pick a location for the station, and attach the LED light and the camera to the overhead camera mounting rig. Set up the camera so that when it's turned on, a 14" laptop is perfectly framed without having to zoom in or out if possible.
## References
* [Blog About Tamper Evident Protection Methods](http://web.archive.org/web/20241130002204/https://dys2p.com/en/2021-12-tamper-evident-protection.html)