Re: [qubes-users] USB hardware firewall

2016-12-12 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-10 14:36, Robert Fisk wrote:
> On 12/10/2016 08:25 AM, Marek Marczykowski-Górecki wrote:
>> This project have great potential! The USB proxy hardware can be
>> used for somehow more secure USB keyboard usage on Qubes OS, when
>> only a single USB controller is available. Take a look at this
>> idea[1]:
> 
>> Have a piece of hardware plugged between USB keyboard and PC (based
>> on https://github.com/robertfisk/USG?), to encrypt and
>> integrity-protect the events. And then decrypt them in dom0 and
>> check integrity protection, and only then pass them down to input
>> devices stack. This should at least partially guard against
>> malicious USB VM. It still will be able to perform timing based
>> attacks to guess what you're typing - not sure how accurate such
>> attacks are currently. Such device could introduce artificial delay
>> (like - inject queued events every 50ms) to at least partially
>> mitigate such attacks.
> 
>> What do you think about it? I think the hardware you've designed
>> is perfect for this!
> 
>> [1] 
>> https://github.com/QubesOS/qubes-issues/issues/2507#issuecomment-265894809
> 
> This sounds like a great idea, and I am keen to be involved. There is
> plenty of flash space available on the embedded CPUs to implement some
> form of encryption, although the best method of doing so on bare-metal
> ARM is certainly open for discussion.
> 
> A recent batch of hardware samples sold out in November. Due to Real
> Life(TM) the next batch of hardware is likely to be ready late January
> or early February. Pricing is currently NZ$80 each (approx US$57).
> 
> Regards,
> Robert
> 

Tracking this as a community-developed feature:

https://github.com/QubesOS/qubes-issues/issues/2518
https://www.qubes-os.org/qubes-issues/#usg-keyboard-hardware-proxy

Please keep us posted as to your progress, and let us know how we can
help. :)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYT6Z0AAoJENtN07w5UDAwXNsP/j0KrGEyjCHq0h3v7/nmlTwx
YGn05f+Bh7L7r9HSGOeH9PMgKkFr85btXdXPhG5+swCSdFgmhbkcad0lgy8hX2mz
uZND7Z/wnEI99kK7D2EN3Kl9vM4fHM4/I8jV6ulwXPrMfr8xNvdDiQn9JLfcUTwU
SvL4VzP92JKZTss2ILfjK8TsH7cIoFek72+Bn9dQKyppDmrlxi9xu0Y67m0B8NkW
L94YLLIQGO4Qq2vuuVlTIJmw6DGN8AXbwMwOixBtirM1AzeAZGt9GB3ZtTU438EE
xFXc9Ould67L2sqluuj7rkLoAE6QnkhzeyCbsgfS6OcE2rCXCNdQkmjx8zXzLrgL
DZg+D/PPCwSSyV2tzeGfsxTX4bY1w7dc8ecPHcgeuAV7L7UjL7hSrNJj3Y49jEtR
XBmleAq9XCaStYl29MkpYNLddCI3grLMwRFnW9adg85PU2Zay7q64Ay8OSjZDa72
wuO57t6UchbHRURth5P8Sa2SmjzenohPPWeWOqETa6O1ZMj+4+P+X2F+cS1pawio
EAggf4y/brbQkAAyC5eYpO7RxmzvbWN2Ciu0csYD8GEHBvvcJC2N/bENRBUujI8i
J9AjU2E1hoYwRbghwk7iNRFzCcPr1WJW3sbhibKjaTrIwKVsib/3XkgeXM5e6bU1
yGJ9eVDpcb/ekzvzM5qm
=kZIF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a10c703-9bef-1878-363c-41d0705c4734%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] USB hardware firewall

2016-12-11 Thread taii...@gmx.com

On 12/10/2016 05:36 PM, Robert Fisk wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/10/2016 08:25 AM, Marek Marczykowski-Górecki wrote:

On Sun, Sep 04, 2016 at 06:35:42PM +1200, Robert Fisk wrote:

On 09/01/2016 06:55 PM, johnyju...@sigaint.org wrote:

I was thinking earlier that some form of a "USB Firewall"
hardware device might be cool to create; one that goes into
each USB port in between each device and the PC, and only
passes a specific device, or only a HID device (and doesn't
permit a drive to add another HID identity).  Yet another side
project for winter. :)  There may be existing products.



Ahem. Allow me to introduce you to a project I have been working
on for a while now:
https://github.com/robertfisk/usg/wiki
https://github.com/robertfisk/USG/wiki/FAQ
The USG (which is Good, not Bad) is a hardware firewall for your
USB ports. It connects between your computer and your untrusted
USB device, isolating the badness with two dedicated processors.
Features: - Isolates low-level USB exploits by using a simple
internal protocol with minimal attack surface
- No hub support blocks 'hidden' malicious devices
- Prevents devices changing their enumerated class after
connection, stopping malicious class changes.



Device support: mass storage (flash drives), keyboards, mice.
Project status: You can build your own USG v0.9 hardware out of
development boards if you are handy with a soldering iron. End
user hardware is approaching production-ready status, samples
will be available in the coming months.
Feedback / pull requests / sales leads are welcome!

This project have great potential! The USB proxy hardware can be
used for somehow more secure USB keyboard usage on Qubes OS, when
only a single USB controller is available. Take a look at this
idea[1]:

Have a piece of hardware plugged between USB keyboard and PC (based
on https://github.com/robertfisk/USG?), to encrypt and
integrity-protect the events. And then decrypt them in dom0 and
check integrity protection, and only then pass them down to input
devices stack. This should at least partially guard against
malicious USB VM. It still will be able to perform timing based
attacks to guess what you're typing - not sure how accurate such
attacks are currently. Such device could introduce artificial delay
(like - inject queued events every 50ms) to at least partially
mitigate such attacks.

What do you think about it? I think the hardware you've designed
is perfect for this!

[1]
https://github.com/QubesOS/qubes-issues/issues/2507#issuecomment-265894809




This sounds like a great idea, and I am keen to be involved. There is
plenty of flash space available on the embedded CPUs to implement some
form of encryption, although the best method of doing so on bare-metal
ARM is certainly open for discussion.

A recent batch of hardware samples sold out in November. Due to Real
Life(TM) the next batch of hardware is likely to be ready late January
or early February. Pricing is currently NZ$80 each (approx US$57).

Regards,
Robert
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCgAGBQJYTINVAAoJEN65WsAVra66UqgP/js8V9oHjYtsVs8wHhBs0Iq+
NL4pWUUtceGlCPBJZnKhmPM2Q7gNve3CS4K1i3JikSGIMw4BTqH59JqRmHIv1UDW
jH3DHfbGRLNXAJQTAUFQVV+M43rMQXcM0BT5xrTUdlwG8dQhe44cS+cW1BzmSBtn
FsszZVEp7UU6IJ/YZMYfEIbd/dhq92YBU5fU16F6PVdAFq8ObQoLCMPxWN8GLSKy
JgYkcRHiC2mjzYWN5hv+iZYFVWfxR33jkUoo7n2Iyaz27bYjHyKCy83sBsnhUaLg
Xr2+HJxGoxtScG9Q42ay1/40W5LQyhLRyvnYg1Yih1p18JrY54oe4k2F5jGnj953
giQri7lg6xWk9Md9rDRKvq7Xc2Kd6VdRAp1ooPfehGSIidGRdyYEAVttaqMxmZB3
7U1j35ELDTN3q79++LxnQr01yERsQHM6cKYQsog5/mOHtSG2+iOK2RoNK5M2fhQB
wrULmBTmwNruRGO+W2RBCcOZCvmP8WTthEb85BSVwHlrra6Vv02oFyAvDTj4Q8RI
NLV9HqwXILW1eICCoQUOzcW41SAYrn3ykX/eWgksg221Lks9RWzfxDItBXtrjXSR
pqKtbqRVZIT0k35GJug8RjTuG2JRaMbSEepblmWCvm9cN4bl/RRkOy9uRgfBLKsx
+k6vRfW54/ly/WT/XVJh
=1NhG
-END PGP SIGNATURE-


For the record there is also http://syncstop.com/

It isn't "smart" like this but it is more secure if you just want 
charging - in case you need to charge an unsafe (friends, colleagues) 
device on your laptop, or charge your device with someone elses charger 
or a public charger.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3bbdce9f-5819-cbbc-322a-39d5b6a4ec58%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] USB hardware firewall

2016-12-10 Thread Robert Fisk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/10/2016 08:25 AM, Marek Marczykowski-Górecki wrote:
> On Sun, Sep 04, 2016 at 06:35:42PM +1200, Robert Fisk wrote:
>> On 09/01/2016 06:55 PM, johnyju...@sigaint.org wrote:
>>> I was thinking earlier that some form of a "USB Firewall"
>>> hardware device might be cool to create; one that goes into
>>> each USB port in between each device and the PC, and only
>>> passes a specific device, or only a HID device (and doesn't
>>> permit a drive to add another HID identity).  Yet another side
>>> project for winter. :)  There may be existing products.
> 
> 
>> Ahem. Allow me to introduce you to a project I have been working
>> on for a while now:
> 
>> https://github.com/robertfisk/usg/wiki 
>> https://github.com/robertfisk/USG/wiki/FAQ
> 
>> The USG (which is Good, not Bad) is a hardware firewall for your
>> USB ports. It connects between your computer and your untrusted
>> USB device, isolating the badness with two dedicated processors.
> 
>> Features: - Isolates low-level USB exploits by using a simple
>> internal protocol with minimal attack surface
> 
>> - No hub support blocks 'hidden' malicious devices
> 
>> - Prevents devices changing their enumerated class after
>> connection, stopping malicious class changes.
> 
> 
>> Device support: mass storage (flash drives), keyboards, mice.
> 
>> Project status: You can build your own USG v0.9 hardware out of 
>> development boards if you are handy with a soldering iron. End
>> user hardware is approaching production-ready status, samples
>> will be available in the coming months.
> 
>> Feedback / pull requests / sales leads are welcome!
> 
> This project have great potential! The USB proxy hardware can be
> used for somehow more secure USB keyboard usage on Qubes OS, when
> only a single USB controller is available. Take a look at this
> idea[1]:
> 
> Have a piece of hardware plugged between USB keyboard and PC (based
> on https://github.com/robertfisk/USG?), to encrypt and
> integrity-protect the events. And then decrypt them in dom0 and
> check integrity protection, and only then pass them down to input
> devices stack. This should at least partially guard against
> malicious USB VM. It still will be able to perform timing based
> attacks to guess what you're typing - not sure how accurate such
> attacks are currently. Such device could introduce artificial delay
> (like - inject queued events every 50ms) to at least partially
> mitigate such attacks.
> 
> What do you think about it? I think the hardware you've designed
> is perfect for this!
> 
> [1] 
> https://github.com/QubesOS/qubes-issues/issues/2507#issuecomment-265894809
>
> 
> 

This sounds like a great idea, and I am keen to be involved. There is
plenty of flash space available on the embedded CPUs to implement some
form of encryption, although the best method of doing so on bare-metal
ARM is certainly open for discussion.

A recent batch of hardware samples sold out in November. Due to Real
Life(TM) the next batch of hardware is likely to be ready late January
or early February. Pricing is currently NZ$80 each (approx US$57).

Regards,
Robert
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCgAGBQJYTINVAAoJEN65WsAVra66UqgP/js8V9oHjYtsVs8wHhBs0Iq+
NL4pWUUtceGlCPBJZnKhmPM2Q7gNve3CS4K1i3JikSGIMw4BTqH59JqRmHIv1UDW
jH3DHfbGRLNXAJQTAUFQVV+M43rMQXcM0BT5xrTUdlwG8dQhe44cS+cW1BzmSBtn
FsszZVEp7UU6IJ/YZMYfEIbd/dhq92YBU5fU16F6PVdAFq8ObQoLCMPxWN8GLSKy
JgYkcRHiC2mjzYWN5hv+iZYFVWfxR33jkUoo7n2Iyaz27bYjHyKCy83sBsnhUaLg
Xr2+HJxGoxtScG9Q42ay1/40W5LQyhLRyvnYg1Yih1p18JrY54oe4k2F5jGnj953
giQri7lg6xWk9Md9rDRKvq7Xc2Kd6VdRAp1ooPfehGSIidGRdyYEAVttaqMxmZB3
7U1j35ELDTN3q79++LxnQr01yERsQHM6cKYQsog5/mOHtSG2+iOK2RoNK5M2fhQB
wrULmBTmwNruRGO+W2RBCcOZCvmP8WTthEb85BSVwHlrra6Vv02oFyAvDTj4Q8RI
NLV9HqwXILW1eICCoQUOzcW41SAYrn3ykX/eWgksg221Lks9RWzfxDItBXtrjXSR
pqKtbqRVZIT0k35GJug8RjTuG2JRaMbSEepblmWCvm9cN4bl/RRkOy9uRgfBLKsx
+k6vRfW54/ly/WT/XVJh
=1NhG
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fe8b1eb-4de2-ca63-c91f-4b5d3387bfeb%40fastmail.fm.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] USB hardware firewall (was: epoxy on ram to prevent cold boot attacks?)

2016-12-09 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Sep 04, 2016 at 06:35:42PM +1200, Robert Fisk wrote:
> On 09/01/2016 06:55 PM, johnyju...@sigaint.org wrote:
> > I was thinking earlier that some form of a "USB Firewall" hardware
> > device might be cool to create; one that goes into each USB port in
> > between each device and the PC, and only passes a specific device,
> > or only a HID device (and doesn't permit a drive to add another HID
> > identity).  Yet another side project for winter. :)  There may be
> > existing products.
> 
> 
> Ahem. Allow me to introduce you to a project I have been working on
> for a while now:
> 
> https://github.com/robertfisk/usg/wiki
> https://github.com/robertfisk/USG/wiki/FAQ
> 
> The USG (which is Good, not Bad) is a hardware firewall for your USB
> ports. It connects between your computer and your untrusted USB
> device, isolating the badness with two dedicated processors.
> 
> Features:
>  - Isolates low-level USB exploits by using a simple internal protocol
> with minimal attack surface
> 
>  - No hub support blocks 'hidden' malicious devices
> 
>  - Prevents devices changing their enumerated class after connection,
> stopping malicious class changes.
> 
> 
> Device support: mass storage (flash drives), keyboards, mice.
> 
> Project status: You can build your own USG v0.9 hardware out of
> development boards if you are handy with a soldering iron. End user
> hardware is approaching production-ready status, samples will be
> available in the coming months.
> 
> Feedback / pull requests / sales leads are welcome!

This project have great potential! The USB proxy hardware can be used
for somehow more secure USB keyboard usage on Qubes OS, when only a
single USB controller is available.
Take a look at this idea[1]:

Have a piece of hardware plugged between USB keyboard and PC (based on
https://github.com/robertfisk/USG?), to encrypt and integrity-protect
the events. And then decrypt them in dom0 and check integrity
protection, and only then pass them down to input devices stack. This
should at least partially guard against malicious USB VM. It still will
be able to perform timing based attacks to guess what you're typing -
not sure how accurate such attacks are currently. Such device could
introduce artificial delay (like - inject queued events every 50ms) to
at least partially mitigate such attacks.

What do you think about it? I think the hardware you've designed is
perfect for this!

[1]
https://github.com/QubesOS/qubes-issues/issues/2507#issuecomment-265894809

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYSwUuAAoJENuP0xzK19csXIYH/1Xw4r49ofa9P6RA3TJDqgv3
vN7+Qxzu6zXCIYt/TdWoaKtqvqsiHvhEHrFrTLE9+ysGcuiUtEzJtOBohw4WHFHd
1E1hOL14MTPUXEtu7Jrf2B5XYXQhnNTJgh58xG+nWqIpzi7/RkHz6lq9W8iRXfX2
qWfefAAH6PRywECaj6VEPh8PcbBtu9B3tn8977q1fKB3ZrltnFUjro0p9qLVQr6z
eXE6mBWKKmvTyVGCe1xe3yp7p9LGzoUgsecZEtERZHtxViOlk9faTAHwU4vOho0N
QlinJSUUdE8XWEVSGrNb+KB4Kbwikh7GoABWlSmYiJrOTxVMnOv7DE/mL5WEvtA=
=6Cbj
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161209192533.GA23647%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] USB hardware firewall (was: epoxy on ram to prevent cold boot attacks?)

2016-09-03 Thread Robert Fisk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 09/01/2016 06:55 PM, johnyju...@sigaint.org wrote:
> I was thinking earlier that some form of a "USB Firewall" hardware
> device might be cool to create; one that goes into each USB port in
> between each device and the PC, and only passes a specific device,
> or only a HID device (and doesn't permit a drive to add another HID
> identity).  Yet another side project for winter. :)  There may be
> existing products.


Ahem. Allow me to introduce you to a project I have been working on
for a while now:

https://github.com/robertfisk/usg/wiki
https://github.com/robertfisk/USG/wiki/FAQ

The USG (which is Good, not Bad) is a hardware firewall for your USB
ports. It connects between your computer and your untrusted USB
device, isolating the badness with two dedicated processors.

Features:
 - Isolates low-level USB exploits by using a simple internal protocol
with minimal attack surface

 - No hub support blocks 'hidden' malicious devices

 - Prevents devices changing their enumerated class after connection,
stopping malicious class changes.


Device support: mass storage (flash drives), keyboards, mice.

Project status: You can build your own USG v0.9 hardware out of
development boards if you are handy with a soldering iron. End user
hardware is approaching production-ready status, samples will be
available in the coming months.

Feedback / pull requests / sales leads are welcome!

Robert
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCgAGBQJXy8C+AAoJEN65WsAVra66zQEP/jJMgf8FnaLW9jLCb13dZbkM
IQQ50CgOFyzVF+S//FlZ794k9qfMFxumxfVMATawsTBooNhlTa9ASedMrcoWMuZI
fuYNMeVoSYijyavqvimHMS8axiKwaI48q6olrTsOKwDM6joBb3rKQnsv63NJlbH3
+qUOY9IVDSoFKG9ki9TpltknlYuI3NDIkPRr07Ekx5XiCs92CihuNn1xTlCtweEt
4Y1YtPv2HfYFGcbQk2w17efp0mFweiqZldsxbwNLEPv03GvrNg54vlxC1Yr8ByGB
nSPHslfgaCOqv4/XMvYAUA+22b7+d6VxRIYFojetdmmCi5u5fIFGv+6ErLIpPTVs
wNZOli0npmLeuAnYME+6wKw0ozsYtKQNudIATHy6t6IwWBew+SCoWnCdlJZQFx0i
YZwv8kJXzqTGU50vxad1FsDYQL1AaBEJBwqAGS9vV5OsyvAqpXuUacZWzrLgT4hM
+HupcnoWErFMZzbNZeTMMFHuP6yTwV0mh3jP99vLtLYyjYmq6qoy+aDCQUTvtH+Y
4wEq4h7VRY9U0HI5hq0B/5LyJw4KKpimYzNmSyiDi9/FSyRa9tPe1idYjHEQsCuU
sTybVvwCocIKF23XV4vPHNYydcdMvG8aHHQSeZ9ywLEkmxTeL0s9SL1+qaOOcqPC
c2HOcC6+FigpPFwrGvgC
=Hvzi
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57CBC0BE.6070709%40fastmail.fm.
For more options, visit https://groups.google.com/d/optout.