The World's Most Secure Home Computer Reaches Crowdfunding Goal

"If the PC is tampered with, it will trigger an alert and erase the PC's encryption key, making the data totally inaccessible." Last month Design SHIFT began crowdfunding an elaborate "open source, physically secure personal computer" named ORWL (after George Orwell). "Having exceeded its $25,000 funding goal on Crowd Supply, the super-secure PC is in production," reports PC World, in an article shared by Slashdot reader ogcricket about the device which tries to anticipate every possible attack: The encryption key to the drive is stored on a security microcontroller instead of the drive... The ORWL's makers say the wire mesh itself is constantly monitored... Any attempts to trick, bypass, or short the wire mesh will cause the encryption key to be deleted. The unit's security processor also monitors movement, and a user can select a setting that will wipe or lock down the PC's data if it is moved to another location... The RAM is soldered to the motherboard and can't be easily removed to be read elsewhere...

Your ORWL unlocks by using a secure NFC and Bluetooth LE keyfob. Pressing it against the top of the ORWL and entering a password authenticates the user. Once the user has been authenticated, Bluetooth LE is then ensures that the user is always nearby. Walk away, and the ORWL will lock.

... formerly most secure computer

[damn_registrars]

They can't really expect to hold on to that title when they are willing to send it out with Windows 10 preinstalled.

Re:... formerly most secure computer

[lgw]

Does Ubuntu still send your local searches back to the mothership? Do we know what other lines they've crossed? I only feel secure about the BSDs these days.

Anyway, we know there is NSA gear to deal with this: unless the keyboard is inside a Faraday cage, they can log your keystrokes. Unless the monitor is inside a Faraday cage, and you have no windows (or Windows) they can see your monitor. And Bluetooth? Forget about it.

If any TLA is actually worried about these, they'll be intercepted in shipment (or maybe their parts will be before assembly) for pre-installation of gadgets.

I applaud this effort, really, but it's just a start. Bruce Schneier has talked about this before: the only secure computer is a laptop you buy in person from a random store (and is of course fully encrypted), and that stays in a safe whenever it's not in line of sight. And even then - how good is that safe?

Re:... formerly most secure computer

[Orgasmatron]

The headline is crap. The linked article is better, and the wiki has more details. This is a physically secure computer, not generally. The goal is that when you unlock it, it should either be in the same state it was in when you locked it earlier, or it should be obvious to you that it is not.

It has no ethernet or wifi (nor, for that matter any busses capable of reading memory by DMA), but you can add them with USB3, which gets disconnected when you lock it. The case is designed with very little room between the security shell and the glass or plastic case, making it very difficult to add things without you noticing. Opening the secure shell inside wipes the drive encryption keys, so you'll notice if someone does that. And when you first get it, you can open it up to inspect the insides to make sure that nothing was added before it gets to you.

This would be ideal for running a small Certification Authority, for example. The signing key would be well protected inside the shell without you having to wear it on a USB stick around your neck for the rest of your life. Ditto a bitcoin wallet.

But it isn't, nor was it intended to, let you run Windows fresh off the DVD while you browse porn sites in IE and download warez off of shady torrent sites without antivirus.

Re:... formerly most secure computer

[lgw]

Well, maybe I can buy their "99.9%" secure - it'll be safe from the neighbor's kid, I guess. Seems like they're trying to make something FIPS 140-2 level 3, but without certification it's just another homebrewed security device, and those have a very poor history of actual security.

One problem with this computer

[the_humeister]

It's using Intel's Skylake processor. That requires a chipset that has IME on it, unless they were able to strike a deal with Intel and make their own chipset without IME, which is not likely.

Interesting concept, but...

[Striek]

It's an interesting concept, but it goes too far... it would be trivially easy to have this thing delete the encryption key - just shake it around a bit and it, and all its data, become useless. The risk of data loss when using this "secure" computer would be so high, even by accident, that you'd need a backup close by somewhere.

So anytime someone is seen with a computer this secure, just target their backups instead. Considering the relatively high likelihood of accidntal erasure, they're sure to have them.

Besides, although the data stored on this is extremely secure, it isn't very available. It's opens up a huge attack surface by making it far to easy to destroy the data on this thing, limiting its effectiveness and market considerably.

Re:Interesting concept, but...

[SensitiveMale]

So anytime someone is seen with a computer this secure, just target their backups instead. Considering the relatively high likelihood of accidntal erasure, they're sure to have them.

The classic example is the bank with impenetrable security. Just kidnap the manager's daughter and you have free access everywhere in the bank. There's always another way.

I commented on this on the red site...

While all the *PHYSICAL* technical measures are excellent, they make a gross presumption about the security of the electronics inside. Electronics which are running firmware which due to the lack of public scrutiny and method of replacement could easily be used to backdoor this device and exfiltrate the security keys and/or believed secure data from the device whether or not the device was authenticated, or be used to disable the aforementioned security measures before they could inactive the contents of the device.

Personally, any device with wireless capabilities built in I consider suspect. Anything with USB or another hotplug bus I consider infiltratable with limited physical access. Anything connected to a network I consider compromisable with sufficient knowledge of the hardware and operating system.

If you want a device with the level of security this device claims, today you would need essentially custom chips all the way up, and designed with e-fuse (or worm) memory built into the chip and/or package that either you, or your organization programmed. Furthermore in the event of device compromise it would need the capability to blow all remaining fuses to wipe the in-chip keys and enough residual charge to similiarly wipe or corrupt all other flash devices inside (hard disks by nature of their io speed could not be done like this, but everything up to a terabyte SSD should be capable of wiping within a minute. Larger devices could simply have patterned wipes done to ensure not enough blocks were recoverable to ensure decryption.

Perhaps they could learn something from...

[Xenna]

The world's most secure bomb:

https://en.wikipedia.org/wiki/...

A virtually tamper-proof bomb used to extort $3 million from a casino. It could not be moved. The FBI tried to disable it with a shaped charge but failed and blew up the hotel.