I contemplated building an airgapped secret machine that could only communicate data with outside machines via qr codes and a webcam.
The main reason to do this isn't that the airgapped computer isn't compromised, but that even if it is, I could monitor all data moving in and out of it.
Even a USB drive passed back and forth could secretly transfer data I don't know about. Secret data is so small compared to the size of modern storage that data could easily hide in too many places.
Is that system a little paranoid? Maybe, but I haven't fully trusted any computer since heartbleed.
The problem with that is usability. If I need to sign a transaction that security is lost the moment the key is entered into the signing computer.
Proximity seems to be key to most of these attacks, so maybe physically excluding any possible eavesdroppers, and adding noise sources would create a shell equivalent to guarding that piece of paper.
I also anticipate gathering old/very limited electronics that can be visually inspected or don't have extra capacity to run malicious code to allow auditing the mechanisms of computation.
If only there were a method used daily in industry to move data back and forth from secure systems in a write-once fashion. Hear me out - you could construct some sort of polycarbonate disc that would contain a substrate. You could then permanently encode your data onto this substrate - so it couldn't be changed - with a "laser" perhaps. Then said disc could be read on another machine without worry of sneaky things hiding in your USB. On second thought that sounds way too complicated and I'd probably stick with the QR code-camera thing.
Ok, the key advantage is being able to visually see the amount of data being transmitted. With a CD, how do you know an extra kilobyte of data didn't hitch a ride on your disc.
You do realize that viruses existed before networks right? Your "method used daily in industry" can very easily carry an unwanted payload.
I'm trying to explore the intersection of high security and utility.
Air-gapping really does seem like the only option for true security. It also makes it quite difficult to do anything of use with the machine. Since you can't control the supply-chain you should assume that the air-gapped machine is malicious/compromised and the only protection you have is the air-gap.
Thus any USB used to transfer data/software to the air-gapped machine should be destroyed immediately afterwards and you should probably use something like pen & paper as your only allowed output method.
Air gapping doesn't really work these days. It could make noises (even with capacitors) to transmit data, or cause voltage fluctuations that something else could read.
I can imagine bootstrapping a system with trusted hardware (assuming you could get it) by typing in a bootloader + SHA implementation by hand, then using a narrow hardware interface to copy a trustworthy, audited operating system kernel (assuming that also existed) from some other host. The bootloader could check the SHA of that, and then bootstrap the system.
You can't trust the compiler so you would have to type it in to assembly, and even that is questionable since huge amounts of the hardware's microcode is now reprogrammable.
I still think air-gapping works it's just that you need a pretty large airgap. Turn on the shower, fire up the microwave, move around, and hit some incorrect keys with lots of deleting when entering passwords.
The main reason to do this isn't that the airgapped computer isn't compromised, but that even if it is, I could monitor all data moving in and out of it.
Even a USB drive passed back and forth could secretly transfer data I don't know about. Secret data is so small compared to the size of modern storage that data could easily hide in too many places.
Is that system a little paranoid? Maybe, but I haven't fully trusted any computer since heartbleed.