Goal

Understand why physical security is critical for complete operational security and learn the principles of airgapped system architecture.

Prerequisites: Weeks 1-8 (encryption, GPG, compartmentalization)

This is Part 1 of 3 - Covers physical security fundamentals and airgap concepts.

1. Why Physical Security Matters

The Digital-Physical Security Gap

Most security focuses on digital threats:

  • Malware, phishing, network attacks
  • Encrypted communications
  • Strong passwords and 2FA

But physical security failures defeat all of this:

  • Rubber Ducky attacks bypass all your firewalls
  • Evil maid attacks compromise full-disk encryption
  • Physical access = total compromise (keyloggers, DMA attacks)
  • Insider threats with USB drives

Real-World Physical Threats

State-Level Attacks:

  • Stuxnet (USB-based airgap breach to Iranian nuclear facility)
  • NSA’s ANT catalog (hardware implants, USB exploits)
  • Border crossings (device seizure and forensic extraction)

Criminal & Corporate Espionage:

  • USB drop attacks (leave malicious USBs in parking lot)
  • Tailgating to access secure areas
  • Dumpster diving for sensitive documents
  • Social engineering for physical access

Personal Threats:

  • Domestic abusers installing spyware via physical access
  • Theft of devices containing sensitive data
  • Forensic analysis after device seizure
  • Hotel room “evil maid” attacks on travelers

The Airgap Solution

Airgap = Complete physical and electromagnetic isolation from networks

Why it works:

  • Remote attacks literally impossible (no network path)
  • Forces attackers to physical proximity
  • Dramatically increases cost and risk for adversaries
  • Perfect for high-value secrets (signing keys, seed phrases, encryption keys)

2. Understanding Airgap Architecture

What Qualifies as “Airgapped”?

TRUE Airgap:

  • No Wi-Fi, Bluetooth, Ethernet, cellular modules installed
  • No wireless antenna present in hardware
  • Never connected to any network (even briefly)
  • Physically stored in separate location from networked devices

PARTIAL Airgap (Reduced Security):

  • Wi-Fi disabled in software but hardware present
  • Bluetooth turned off but still functional
  • Temporarily networked for updates (huge risk)

NOT Airgapped:

  • Laptop with Wi-Fi just “turned off”
  • Phone in airplane mode
  • Device behind firewall with no internet access

Airgap Bypass Methods (Attacks We’re Defending Against)

Acoustic Side Channels:

  • Disk drive noise patterns leak data
  • Ultrasonic data exfiltration through speakers/microphones
  • Mitigation: Remove speakers, use solid-state drives

Electromagnetic Emanations:

  • TEMPEST attacks read screen content from EM radiation
  • Keyboard emissions reveal typed passwords
  • Mitigation: Faraday cage, distance from adversary

USB Attacks:

  • BadUSB firmware reprogramming (USB becomes keyboard, runs commands)
  • Malicious firmware updates via USB
  • Mitigation: USB data blockers, usbguard, hardware write-protect

Visual/Optical:

  • Drone/phone camera reads screen through window
  • QR code interception
  • Mitigation: Privacy screens, physical security perimeter

Supply Chain:

  • Pre-compromised hardware delivered to target
  • Firmware backdoors in motherboard/BIOS
  • Mitigation: Buy devices in person with cash, flash open firmware

3. Airgap System Components

Hardware Selection

Best Choices:

  • Older Thinkpad (X220, T420) with physical Wi-Fi kill switch
  • Raspberry Pi with no network modules
  • Old netbook with Wi-Fi card physically removed

Hardware Modifications Checklist:

# Physical security hardening checklist:
[ ] Remove Wi-Fi card from motherboard
[ ] Remove Bluetooth module
[ ] Disable webcam (cover or remove)
[ ] Disable microphone (desolder if paranoid)
[ ] Remove hard drive (use external encrypted USB boot)
[ ] Tape over all USB ports except one (for controlled data transfer)

Physical Storage and Access Control

Storage Location:

  • Keep airgap device physically separate from networked computers
  • Locked drawer, safe, or Faraday bag when not in use
  • Never leave unattended in hotel rooms or public spaces

Access Logging:

# Create access log journal
mkdir ~/airgap-logs
cat >> ~/airgap-logs/access.log << EOF
$(date): System booted, user: $USER
Purpose: [describe what you're doing]
Data transferred: [list files]
Shut down: [time]
EOF

4. Airgap Design Principles

The Airgap Mindset

Assume everything entering the airgap could be malicious:

  • USB drives might contain malware
  • QR codes might have hidden payloads
  • Files from networked systems are untrusted until verified

Assume everything leaving the airgap could be compromised:

  • Don’t return USBs to networked systems without wiping
  • Verify data integrity before trusting on networked side
  • Minimize data transfer frequency

When to Use Airgap vs Regular Encryption

Airgap-Appropriate Use Cases:

  • Long-term GPG signing keys (for package signing, code signing)
  • Cryptocurrency seed phrases (for cold storage)
  • Encryption master keys (key encryption keys)
  • Whistleblower source documents
  • Trade secrets / intellectual property
  • Incident response forensic evidence

NOT Airgap-Appropriate:

  • Daily work documents (too inconvenient)
  • Communication tools (need network by definition)
  • Collaborative projects (need frequent updates)
  • Low-value data (cost > benefit)

Up Next

Week 9b covers building your airgapped system and secure data transfer methods (QR codes, encrypted USB, paper backups).

Key Takeaways

  • Physical access defeats digital security - Attackers with physical access win
  • True airgap requires hardware isolation - Software-only isn’t enough
  • Multiple bypass methods exist - Acoustic, electromagnetic, USB, optical, supply chain
  • Airgaps increase attacker cost dramatically - Forces physical proximity
  • Use airgaps for high-value secrets only - Overkill for daily documents
  • Access logging is essential - Track every interaction with airgap device