public
/
docs
5
0
Fork 0
Code Issues 9 Pull Requests 3 Packages Projects Releases Wiki Activity
docs/quorum-key-management/src/hardware-procurement-and-ch...

3.0 KiB
Raw Blame History

Procurement & Chain of Custody

Provisioning Chain of Custody

Materials and devices which are used in the context of a high assurance system need to be monitored carefully from the moment they are purchased to ensure there are no single points of failure. Going back to the assumption that participants in the system are subject to MICE and as such may pose a threat to the system, special care has to be taken that multiple individuals are involved in the whole lifecycle of provisioning a piece of equipment.

All steps of the provisioning process need to be completed under the supervision of at least 2 individuals, but benefit from having even more individuals present to increase the number of witnesses and allow individuals to take washroom breaks, purchase food and take breaks.

The following steps must all be completed under the continued supervision and with the involvement of all parties present. It is instrumental that there is not a single moment where the device is left unsupervised, or under the supervision of only 1 individual.

Provisioning Hardware

  1. Selecting a Purchase Location

    Select at least 3 stores which carry the type of equipment being purchased, then randomly select one using the roll of a die, or other random method.

    This is done in order to reduce the likelihood that a threat actor is able to plant a compromised computer in a store.

  2. Within the store, identify available adequate laptops from the list of tested hardware. Alternatively bring an SD card with AirgapOS, and test booting to it on the device on the store floor before purchasing it.

  3. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location", which is ideally just a access controlled space. The bag MUST be a sealable see-through tamper evident bag.

  4. At the processing location, one of the individuals is responsible for observing while the other opens the back of the laptop and removes:

  • Radio cards (wifi, bluetooth)

  • Storage drive

  • Speakers

  • Microphone

Each laptop model is laid out slightly differently so use an online reference and/or read the names of the components which are found in the laptop to determine which parts to remove.

  1. Apply a tamper proofing method to the device depending on the device designation

Tested Hardware (AirgapOS Compatibility)

  • HP 13" Intel Celeron - 4GB Memory - 64GB eMMC, HP 14-dq0052dx, SKU: 6499749, UPC: 196548430192, DCS: 6.768.5321, ~USD $179.99

  • Lenovo 14" Flex 5i FHD Touchscreen 2-in-1 Laptop - Intel Core i3-1215U - 8GB Memory - Intel UHD Graphics, SKU: 6571565, ~USD $379.99

To ensure that hardware is compatible, it can be tested by bringing an SD card with AirgapOS loaded on it, and testing booting to a floor model in the store.