Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passive USB fingerprint self-destruct #153

Open
HarryR opened this issue Oct 7, 2022 · 3 comments
Open

Passive USB fingerprint self-destruct #153

HarryR opened this issue Oct 7, 2022 · 3 comments

Comments

@HarryR
Copy link

HarryR commented Oct 7, 2022

Rather than having a 'self-destruct' pin, I want the OnlyKey device to self-destruct if it's plugged into any device other than the one it has been bound to.

This can be achieved through some kind of fingerprinting, additionally per-device HOTP could be derived using this fingerprint meaning the same drive (e.g. USB-C attached NVMe and same OnlyKey dongle) on another computer will not only fail to unlock but will trigger a kill-switch.

In combination with TPM, OPAL and UEFI SecureBoot this will address many edge cases where OnlyKey is currently vulnerable to physical attacks.

If this device could be combined with the USBkill device, so if not plugged into the bound device it jizzes the capacitors into the host, that would be double plus many cool.

I assume the OnlyKey model with large capacitor ticks hanging off it would be more expensive, unless it was able to be concealed in a 'battery pack' enclosure which would pass thru customs...

@onlykey
Copy link
Collaborator

onlykey commented Oct 7, 2022

Some considerations for this feature request:

  • How do we prevent inadvertent self-destruct? I.e. A child plugs in your device and wipes it.
  • What kind of fingerprinting would be used that couldn't be spoofed?
  • OnlyKey is not designed to have a battery/capacitor, this is not something we plan to add

We typically implement features that have the widest range of use and interest from a large number of users. I will leave this open, feel free to add to this if there is interest.

@HarryR
Copy link
Author

HarryR commented Oct 7, 2022

How do we prevent inadvertent self-destruct? I.e. A child plugs in your device and wipes it.

Given that the device is now 'tamper-evident', that would be a discussion between the hypothetical parent and child.

What kind of fingerprinting would be used that couldn't be spoofed?

Other devices on the bus, the MACs etc. - it's not important that it can't be spoofed via some highly pre-orchestrated plan, only that if there's a significant probability that the device it's plugged into doesn't match the device which it was bound with - then it should factory reset.

OnlyKey is not designed to have a battery/capacitor, this is not something we plan to add

Understood.

@HarryR
Copy link
Author

HarryR commented Oct 7, 2022

However, having an 'ohshit' pin that I could solder to something interesting would be... especially if it can be activated via firmware

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants