Secure case progress

A project log for Orthrus

SD card secure RAID USB storage

Nick SayerNick Sayer 10/12/2017 at 17:030 Comments

My friends at SteamyTech are going to be designing and making the cases for Orthrus. The first prototype wasn't perfect because the board and its components were thicker than the acrylic used to make the layers. The result of that was that two layers would have been required between the top and bottom. I've ordered new PCBs with 0.8mm thickness instead of 1.6mm, and with that the height of the board and its components (except the button) should fit in 1/8". I'm sourcing some 1/16" acrylic rods from Amazon to hold a piece in place between the two SD card slots. Lastly, I'm going to see if Olander has some 4-40 threaded flanged inserts that can be used instead of bolts.

I've gotten some samples of security seals. Recall that the entire point of putting Orthrus in a case is to keep adversaries away from the ERASE header (make no mistake - even if I didn't populate an ERASE header, the chip still has the pin, and it's well documented). With Orthrus in its case, as long as you know that no one has opened it, and if the firmware was programmed with the security bit on, the chances are quite slim that anyone would be able to install rogue firmware.  The seals I've chosen are FIPS 140-2 certified holographic serialized seals. As long as you keep a record of the serial numbers sealing your Orthrus and see that they don't change without your knowledge, you should be able to trust the firmware. To insure that the firmware isn't tampered with in transit, orders for Orthrus that include the case will have the serial numbers on the seals communicated separately so that the buyer can confirm they haven't changed in the mail.

There are some small gaps that could conceivably be used to fish a small wire into the case, but I think it would require Mission: Impossible levels of effort to be able to successfully access the ERASE header without breaking a case seal.

I will be selling replacement seals in pairs for a nominal charge on the Tindie store to facilitate re-sealing Orthrus after field firmware updates.

This is about as secure a system as I can design. If anyone has suggestions for things I've missed that can improve things, I'd love to hear about them.