Zero Trust Wallets: Air-Gaps & Faraday Cages

Why USB cables are attack vectors. The physics of Air-Gapping, PSBT (Partially Signed Bitcoin Transactions), and Acoustic Side-Channels.

Intermediate 50 min read Expert Version →

🎯 What You'll Learn

  • Deconstruct the 'Air Gap' (Physics of Isolation)
  • Analyze Side-Channel Attacks (Power, Acoustic, EM)
  • Trace a PSBT (SD Card Workflow)
  • Calculate the cost of an Evil Maid Attack
  • Audit a Multisig Ceremony (Glacier Protocol)

📚 Prerequisites

Before this lesson, you should understand:

Introduction

If your private key exists on a computer connected to the Internet, it is Public. It is only a matter of time before a 0-day expolits your OS, your browser, or your Wi-Fi driver.

True security requires Physics: Disconnecting the wires. Removing the Bluetooth antenna. Sealing the device in a Faraday Cage. This lesson explores the paranoia needed to secure $1 Billion.

The Physics: Air Gaps & Data Diode

An Air Gap is a physical separation between the Secure Network and the Insecure Network (Internet). But Air Gaps can be jumped via:

  1. USB: BadUSB firmware attacks (Stuxnet).
  2. Sound: Ultrasonic beacons.
  3. Light: Blink codes from LEDs.

The Physics: The only secure channel is a Data Diode. QR Codes are optical data diodes. Scanner -> Screen. The Screen cannot infect the Scanner (Physics determines flow). SD Cards are not diodes, but they have a simpler attack surface than USB.

Deep Dive: PSBT (Partially Signed Bitcoin Transactions)

How do you sign a transaction without the key touching the internet? PSBT (BIP174).

The Workflow:

  1. Online PC: Creates an Unsigned Transaction. Saves to SD Card.
  2. Sneakernet: Human walks SD Card to the Vault.
  3. Offline Device: Reads SD Card. User verifies address on screen. Signs. Saves Signed Tx to SD Card.
  4. Sneakernet: Human walks SD Card back to Online PC.
  5. Online PC: Broadcasts Signed Tx.

Physics: The Offline Device never calculates network packets. It only calculates Elliptic Curve Math. It has no TCP/IP stack to exploit.

Strategy: Side Channel Defense (Simonis Attacks)

Even if Air-Gapped, physics betrays you. Power Analysis: The power consumption of the CPU leaks the Private Key bits. Acoustic Analysis: The coil whine of the capacitors changes based on the computation.

Defense:

  1. Faraday Cage: Blocks EM radiation (Radio/Wi-Fi/Bluetooth).
  2. Sound Isolation: Heavy safe walls.
  3. Power Conditioning: Battery power only (No AC mains connection).

Code: Glacier Protocol (Ceremony)

The Glacier Protocol is the gold standard for high-security storage.

# Simplified Ceremony Script
def generate_keys_offline():
    # 1. Boot from Tails OS (Live USB)
    # 2. Remove Network Cards physically
    # 3. Roll Dice (Entropy) -> 128 rolls
    entropy = "10110101..." 
    
    # 4. Generate Shares (Shamir's Secret Sharing)
    # 3-of-5 setup
    shares = shamir.split(entropy, 3, 5)
    
    # 5. Print Shares to Paper
    # No Printer Memory (Use Dumb Printer)
    for share in shares:
        print_to_paper(share)
        
    # 6. Destroy RAM (Power Cycle)
    # 7. Destroy Hardware (Literally smash the laptop)

Practice Exercises

Exercise 1: The Evil Maid (Beginner)

Scenario: You leave your Ledger in your hotel room safe. Attack: Maid opens safe, replaces Ledger with modified firmware version. Defense: Tamper-evident bags (Glitter nail polish on screws).

Exercise 2: QR Code Injection (Intermediate)

Scenario: The Watch-Only wallet generates a malicious QR code that exploits a buffer overflow in the Hardware Wallet’s camera driver. Result: Code execution on the Cold Device. Lesson: Even QR codes are attack vectors.

Exercise 3: 5 Wrench Attack (Advanced)

Scenario: An attacker threatens physical violence. All crypto defense fails against physical coercion. Defense: Duress Wallet. A secondary PIN that unlocks a small “decoy” balance, while alerting police or wiping the main keys.

Knowledge Check

  1. Why is USB considered “Broken”?
  2. What is a Data Diode?
  3. Why use Dice for entropy?
  4. What is a Side Channel attack?
  5. What is a Duress PIN?
Answers
  1. Controller Firmware. USB keys can emulate keyboards/network cards to hack the host.
  2. One-way flow. Information can flow A->B but never B->A (e.g., Screen reading a QR).
  3. Physics. Computers are deterministic; gravity is chaotic. Dice are true random.
  4. Leakage. Inferring secrets from indirect signals (Power, Sound, Radiation).
  5. Plausible Deniability. A password that unlocks a fake wallet under coercion.

Summary

  • Air-Gap: Physical disconnection.
  • PSBT: Offline signing standard.
  • Entropy: Requires physical chaos.

Questions about this lesson? Working on related infrastructure?

Let's discuss