11

I will be using a Raspberry Pi as an air-gapped computer to make secure encrypted transactions on the Ethereum BlockChain.

Once in awhile I will want to update the software I am using which will mean taking the SD card out of the Pi and inserting it into a laptop computer which is connected to the Internet. I would like to use some program or command line utility on the Pi to securely erase everything on the SD card before removing it as this will eliminate all possibility of sensitive information being read off the SD card by bad actors which may have compromised my laptop.

The following command typed in at the pi terminal conveys the idea of what I hope to accomplish: 

shred --verbose *.*
isanae
  • 103
  • 2
John Shearing
  • 271
  • 3
  • 12
  • 5
    In some ways, you are locking the barn door after the horse has escaped. You need to use a disk image available from the internet to burn the SSD card. An attacker could (as has been done before) create a vulnerability and insert it into the downloadable image. The vulnerability could be exploiting your currency harvester from day one. To truly airgap a computer it can not ever share a network or disc. Presumably, your harvester will also access the internet to access workload and return results, again allowing an exploit long before you upgrade the software. – Steve Robillard Jun 18 '17 at 09:25
  • 3
    For true security, the entire chain from supply to destruction needs protecting. – Steve Robillard Jun 18 '17 at 09:27
  • 4
    How will the "airgapped" computer access the block chain? – Paŭlo Ebermann Jun 18 '17 at 11:29
  • 2
    Once the software is loaded, the pi never sees anything from the Internet again. Account numbers are passed to the air-gapped pi using QR Codes and verified by use of blockies. Encrypted transaction instructions are passed out to the blockchain by taking a picture of QR-Code displayed on the pi's touch screen with a smart phone. So there is no chance for bad actors to get the keys held on the SD card unless I connect to the Internet after they are entered. Better to destroy the SD and get another when upgrading software. Then reenter the keys – John Shearing Jun 18 '17 at 11:38
  • I understand from flakeshake that encryption of the SD card can be used but I don't feel sophisticated enough to ensure the safety of the keys that way. – John Shearing Jun 18 '17 at 11:42
  • 2
    @JohnShearing Is remembering the passphrase in your head not an option ? – flakeshake Jun 18 '17 at 12:26
  • What revision Pi are you using? A Pi 3 has the option to run from USB, which has other problems than SD. Might just make enough of a difference in your case. – Mast Jun 18 '17 at 17:57
  • I am using a pi 2 because there is no WiFi or BlueTooth built in. – John Shearing Jun 18 '17 at 19:36
  • I got this response from Pádraig. of GNU.
    Shred already supports passing multiple files, however you would be much safer shredding at the device level, since there is all sort of reallocation etc. happening within filesystems. I.E. something along the lines of:
    SDCARD=/dev/sdb1
    umount $SDCARD
    shred --verbose $SDCARD
    mkfs.ext4 $SDCARD
    Note you can partition the SDCARD if there only a portion that you want to destructively recreate like this.     – John Shearing Jun 19 '17 at 03:32
  • If your card supports it, you can use blkdiscard. This may/should wipe sectors physically. – JimmyB Jun 19 '17 at 09:43

1 Answers1

17

Since consumer SD cards use top-secret Flash Translation Layers and actually have more capacity than advertised to remap bad blocks or for general wear leveling this is impossible via shred. The writes to a file might not end up at the same place where it currently exists on the disk at all.

You have four choices :

  • 1) Physical destruction.
  • 2) Shred single files and call it a day
  • 3) Use dd if=/dev/zero of=/dev/mmcblk0 and call it a day (This would be safe enough for rotating harddrives ...)
  • 4) Shred everything/all free space (e.g. the whole device like /dev/mmcblk0). This is stupid and risky , since consumer SD cards tend to enter hardware read-only mode when their overcapacity gets used up and all files will become undeletable.

To prevent such problems from ever arising again , always always use full-disk encryption from day one on SSDs , SD cards and pendrives. Since you have no idea what the hardware manufacturers are doing i suggest using open-source software (LUKS , VeraCrypt) for that.

flakeshake
  • 6,235
  • 1
  • 14
  • 33
  • 1
    Hi flakeshake, Thanks for the education. Given what you explained - I am going to go with simple. I guess best way to stay true to the simple idea that "sensitive information can never touch a machine connected to the Internet" would be to destroy my current SD card a buy a new ones when upgrades to software are necessary. This will ensure that data only flows down from the Internet and not up to it. Thanks so much for your help. – John Shearing Jun 18 '17 at 07:56
  • 2
    As said , consider using full-disk encryption from day one. Even rotating harddisks might be using overprovisioning today. – flakeshake Jun 18 '17 at 08:09
  • 5
    Big +1 for full disk encryption - I think that's how some "secure" hard drives implement a "secure wipe", they always use hardware encryption so just throw away the key. – Xen2050 Jun 18 '17 at 10:08
  • @JohnShearing I don't see how upgrades necessitate shredding beforehand. Anyway , Raspbian/Debians APT (apt-get) was in designed in the age of CDs for updates - this workflow should still the be available if you really want to have data flowing in one direction only – flakeshake Jun 27 '17 at 10:16
  • Hi flakeshake, I am using the air-gapped pi to hold private keys and make secure encrypted instructions to move cryptocurrency. The encrypted instructions are passed to the Internet using QR-Code. If I were to take the SD card out of the pi and put it into another computer which connects to the Internet then I would have no right to claim my device is air-gapped. Still I am determined to follow your advice and investigate if LUK will work on the pi just incase someone steals the pi and brings the SD card to a laboratory for the purpose of getting the keys out of the pi. Thanks for the idea. – John Shearing Jun 28 '17 at 02:03