Inspect-a-Gadget

Sep 19 2014   3:08PM GMT

REVIEW: How to turn a Raspberry Pi in to an NSA-proof computer

Clare McDonald Profile: Clare McDonald

Tags:
Encryption
libreoffice
Linux
NSA
TrueCrypt
This is a guest post by Fiona O’Cleirigh
One of the Pi’s key attributes is its price of around £30. It is the nearest thing we have to a disposable computer and several can be used cost-effectively in a single project. 
A recently publicised use is the creation of a string of Raspberry Pi honeypots for detecting hacker activity on a corporate network. 
Given CW’s enduring preoccupation with the surveillance programs of our Establishment masters, would it be, could it be possible to create a disposable, network-invisible computer?
Computer Weekly recruited the help of a senior enterprise architect who works for a global financial services firm.  For the sake of professional anonymity, we shall call him ‘Jim’.    
Everything depends on the software.  Here we face a dilemma, particularly with the browser. Most relevant program files are built for Linux running on x86 or 64 processors.  The Pi can only run programs built for Linux running on the Pi’s ARM processor, a component it shares with the old Acorn Archimedes computers. 
Desirable software for the NSA-proofed Raspberry Pi:
PGP encryption email  – Ice Dove
Tor-type IP-shy browser – developers needed
Encrypted chat tool – Jabber/Pidgin
Disk encryption for USB drive – TrueCrypt
Word processor with AES-256 encryption – LibreOffice
In principle, says Jim, this can be fixed because the source code for security packages, like the Tor browser, for instance, is available.  Building them into executables for a different processor is therefore a matter of downloading the source packages and running the ‘make’ program to create the program files.  
But these simple procedures often take longer than expected, and we opted to install Midori, a light-weight, open source browser. 
Email is commonly encrypted via Thunderbird.  Happily, the Linux equivalent, Ice Dove, works well.  Less happily, it works slowly and so is not easy to use.  For that all-important top secret message however, it would be fine.
Setting up an encrypted OTR (Off The Record) chat program on the Pi is slightly more fiddly than on a Mac but still perfectly doable.  
The process involves creating a Jabber server and then installing a chat client, such as Pidgin, the Linux version of the Mac-specific Adium. 
Traditionalists could employ a real pigeon although it is possible that surveillance operatives prefer game pie to the raspberry version.   At this point, testers fell prey to distractions.
RasPi raspberry pie 2.jpgRaspberry Pie A++
Just because it can be done, the B+ was isolated from any intrusive surveillance with a perfect piece of kit.  A Pi-sized Faraday cage, costing only the price of a box of paper clips.  
RasPi Faraday cage.jpg
Nothing’s getting in …
 
Behold, one computer the NSA does not know about, unless they are reading the editorial emails. For those wanting some kind of interactivity with the rest of the digital world, compromises may have to be made.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: