Jump to content











Photo
- - - - -

Meet ORWL. The first open source, physically secure computer


  • Please log in to reply
5 replies to this topic

#1 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10447 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 29 September 2016 - 04:32 PM

1-Orwl.jpg

If someone has physical access to your computer with secure documents present, it’s game over! ORWL is designed to solve this as the first open source physically secure computer. ORWL (pronounced or-well)

 

https://insights.ubu...ecure-computer/

 

Seems good for physical security when your machine is powered off. When powered and online, same privacy issues are expected to come up. A default hardware config costs 700 USD, the best specs on their product cost 1200 USD.

 

Original page from creators:

https://www.crowdsup...sign-shift/orwl

 

What are your thoughts on this?

 

:cheers:

 

 

 

 

 



#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13649 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 September 2016 - 06:16 PM

 

Any attempt to get physical access to the internals of your PC will delete the cryptographic key, rendering all your data permanently inaccessible!

'nuff said.

 

This is more or less the dream :w00t: of any saboteur/bad guy, a built-in, automatic way to destroy your data, in practice IF they get anywhere near the device, they will be in the perfect position to blackmail you and ask a ransom.

 

 

It also is the first PC in the world that is truly an appropriate base for storing the private keys of any block-chain based currency you may own, rather than keeping them with a third party.

"Gimme 1000 bucks or I will crack open your new, smart, PC and you will loose all the zillion Bitcoins you have in it." :ph34r: 

 

With a "secure", "failproof", "strictly followed" backup strategy it may even work, it only remains the issue that a "secure", "foolproof" backup strategy dos not exist[1], and even if it will exist, noone will follow it strictly or strictly enough.

 

If the thingy gets "traction", the same people that were (are and will be) "bitten" by improperly or unneededly using disk encryption will be all over the place whining they lost all their data....

 

It may, actually may, be a solution in the Public and/or Corporate world, to make physically exposed to the public (think of all the times you were left alone in a public office or bank office with a running, not locked, PC for a few minutes facing all those ports at the back of the case ...  ) "terminals" secure from tampering.

 

A few years ago presumably secure (actually totally UNsecure) "keyfobs" were all the rage and soon they "disappeared", if you remember them:

http://www.hanselman...ewHardware.aspx

 

But they made some sense, when they they locked the PC when you took the key away, preventing the "occasional" access by third party if you forgot to lock the PC, as well I remember some (I think it was a Vectra HP  PC) with a switch that sounded an alarm when you opened the case, which could be another way to "tamper-proof" a PC, but deleting the crypto key on any physical attempt reminds me more of "Mission Impossible" than anything else.

 

:duff:

Wonko

 

[1] and no, before you say anything, "the Cloud" is not "secure" nor "failproof". 


  • Nuno Brito likes this

#3 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4137 posts

Posted 30 September 2016 - 04:35 AM

'nuff said.

 

This is more or less the dream :w00t: of any saboteur/bad guy, a built-in, automatic way to destroy your data, in practice IF they get anywhere near the device, they will be in the perfect position to blackmail you and ask a ransom.

 

"Gimme 1000 bucks or I will crack open your new, smart, PC and you will loose all the zillion Bitcoins you have in it." :ph34r:

 


:duff:

Wonko

Was thinking something similar. Give me the money or all you're hard research bites the Open road.

Yep! just asking for trouble with this one.

 

Scenario2:

This guy knows how the product works.

He punches that persons lights out. Takes the encrypted PC and then helps himself to the key also.

So now a PC and key are his. Thank you!

 

Scenario

Been doing research, taking photos, documenting things for the last 10 years.

Going from country to country with this PC. Time go back home and publish the master pieces.

But, it cant be done. Well! there was this crash and it cracked the case and there went all the research.

 

---------------------------------------------------------------------

 

Seems like it has nice specs for such a small thing. But loosing valuable data will be hard to reproduce without having a copy somewhere.. The product looks well designed.

 

 

[1] and no, before you say anything, "the Cloud" is not "secure" nor "failproof".

Hate to tell you, there is no "cloud" that's keeping you're data, its someone else Hdd's holding the data. Oh! and don't let me tell you the real deal about the tooth fairy. :loleverybody:


  • Nuno Brito likes this

#4 tinybit

tinybit

    Gold Member

  • Developer
  • 1051 posts
  •  
    China

Posted 30 September 2016 - 07:20 AM

Seeing the words "Intel" and "Ubuntu", I feel there is nothing secure, and I stopped reading on.


  • Nuno Brito likes this

#5 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10447 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 30 September 2016 - 07:55 AM

Good thoughts.

 

A backup strategy would need to be in place, the machine needs to be understood as disposable and not containing "unique" data (documents, projects, etc).

 

Fully agree with tinybit, an Intel CPU already includes a separate co-processor that is perfectly capable of doing "funny" stuff: https://boingboing.n...-ship-with.html

 

ARM was the last manufacturer without strange co-processors but they were recently acquired by a conglomerate so wouldn't suppose they continue behaving as a normal CPU for much longer.

 

Had an advice that these co-processors are only capable of using the built-in ethernet, so one possible measure is to use a USB-based ethernet to fool the ghost CPU but this seems more like a temporary patch than a long-term remedy.

 

Ubuntu needs no introductions in regards to actively share user data as much as they can. However, the manufacturer make available a debian distro (with old components to which exploits can be used) and a QubeOS (relatively new, not yet broken so much in terms of security).

 

So how would we proceed? One machine for unsafe interaction with the Internet and one machine only connected on separate LAN for the private daily-work?

 

 

:cheers:



#6 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13649 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 30 September 2016 - 08:46 AM

A backup strategy would need to be in place, the machine needs to be understood as disposable and not containing "unique" data (documents, projects, etc).

 
Well, anyone remember the times where there was a huge (IBM) mainframe in a physically secured cellar/basement and what was on desks were more or less dumb terminals?
Maybe we can do something similar...
Hey wait, they were called ThinClients and have had some good days of glory (now also faded away).

For mobile work (in a "secure" usage paradigm where the device is "prepared for a mission" and is actually a temporary mobile duplicated repository) there are already SED's:
http://www.storagere...d_manageability
And self-destructing or self-erasing drives:
http://www.theverge....f-you-text-them
http://www.pcworld.c...a_Security.html

 

So how would we proceed? One machine for unsafe interaction with the Internet and one machine only connected on separate LAN for the private daily-work?

At home or small office?
Yes, something like that, with a NAS or something - again - in a physically secured space, remembering that "they" are not after you , as if "they" were you would have already been pwned (or already lost your data several times due to the excesses in futile attempts to keep "them" out of your data).

:duff:
Wonko




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users