Skip to content
STAGING — not production

Zero Trust Wallets: Air-Gaps & Faraday Cages

Why USB cables are attack vectors. The physics of Air-Gapping, PSBT (Partially Signed Bitcoin Transactions), and Acoustic Side-Channels.

Intermediate 50 min read Expert Version →

🎯 What You'll Learn

  • Deconstruct the 'Air Gap' (Physics of Isolation)
  • Analyze Side-Channel Attacks (Power, Acoustic, EM)
  • Trace a PSBT (SD Card Workflow)
  • Calculate the cost of an Evil Maid Attack
  • Audit a Multisig Ceremony (Glacier Protocol)

Introduction

If your private key exists on a computer connected to the Internet, it is Public. It is only a matter of time before a 0-day exploits your OS, your browser, or your Wi-Fi driver.

True security requires Physics: Disconnecting the wires. Removing the Bluetooth antenna. Sealing the device in a Faraday Cage. This lesson explores the paranoia needed to secure $1 Billion.

The Physics: Air Gaps & Data Diode

An Air Gap is a physical separation between the Secure Network and the Insecure Network (Internet). But Air Gaps can be jumped via:

  1. USB: BadUSB firmware attacks (Stuxnet).
  2. Sound: Ultrasonic beacons.
  3. Light: Blink codes from LEDs.

The Physics: The only secure channel is a Data Diode. QR Codes are optical data diodes. Scanner -> Screen. The Screen cannot infect the Scanner (Physics determines flow). SD Cards are not diodes, but they have a simpler attack surface than USB.

Deep Dive: PSBT (Partially Signed Bitcoin Transactions)

How do you sign a transaction without the key touching the internet? PSBT (BIP174).

The Workflow:

  1. Online PC: Creates an Unsigned Transaction. Saves to SD Card.
  2. Sneakernet: Human walks SD Card to the Vault.
  3. Offline Device: Reads SD Card. User verifies address on screen. Signs. Saves Signed Tx to SD Card.
  4. Sneakernet: Human walks SD Card back to Online PC.
  5. Online PC: Broadcasts Signed Tx.

Physics: The Offline Device never calculates network packets. It only calculates Elliptic Curve Math. It has no TCP/IP stack to exploit.

Strategy: Side Channel Defense (Simonis Attacks)

Even if Air-Gapped, physics betrays you. Power Analysis: The power consumption of the CPU leaks the Private Key bits. Acoustic Analysis: The coil whine of the capacitors changes based on the computation.

Defense:

  1. Faraday Cage: Blocks EM radiation (Radio/Wi-Fi/Bluetooth).
  2. Sound Isolation: Heavy safe walls.
  3. Power Conditioning: Battery power only (No AC mains connection).

Code: Glacier Protocol (Ceremony)

The Glacier Protocol is the gold standard for high-security storage.

# Simplified Ceremony Script
def generate_keys_offline():
    # 1. Boot from Tails OS (Live USB)
    # 2. Remove Network Cards physically
    # 3. Roll Dice (Entropy) -> 128 rolls
    entropy = "10110101..."

    # 4. Generate Shares (Shamir's Secret Sharing)
    # 3-of-5 setup
    shares = shamir.split(entropy, 3, 5)

    # 5. Print Shares to Paper
    # No Printer Memory (Use Dumb Printer)
    for share in shares:
        print_to_paper(share)

    # 6. Destroy RAM (Power Cycle)
    # 7. Destroy Hardware (Literally smash the laptop)

Practice Exercises

Exercise 1: The Evil Maid (Beginner)

Scenario: You leave your Ledger in your hotel room safe. Attack: Maid opens safe, replaces Ledger with modified firmware version. Defense: Tamper-evident bags (Glitter nail polish on screws).

Exercise 2: QR Code Injection (Intermediate)

Scenario: The Watch-Only wallet generates a malicious QR code that exploits a buffer overflow in the Hardware Wallet’s camera driver. Result: Code execution on the Cold Device. Lesson: Even QR codes are attack vectors.

Exercise 3: 5 Wrench Attack (Advanced)

Scenario: An attacker threatens physical violence. All crypto defense fails against physical coercion. Defense: Duress Wallet. A secondary PIN that unlocks a small “decoy” balance, while alerting police or wiping the main keys.

Knowledge Check

  1. Why is USB considered “Broken”?
  2. What is a Data Diode?
  3. Why use Dice for entropy?
  4. What is a Side Channel attack?
  5. What is a Duress PIN?
Answers
  1. Controller Firmware. USB keys can emulate keyboards/network cards to hack the host.
  2. One-way flow. Information can flow A->B but never B->A (e.g., Screen reading a QR).
  3. Physics. Computers are deterministic; gravity is chaotic. Dice are true random.
  4. Leakage. Inferring secrets from indirect signals (Power, Sound, Radiation).
  5. Plausible Deniability. A password that unlocks a fake wallet under coercion.

Summary

  • Air-Gap: Physical disconnection.
  • PSBT: Offline signing standard.
  • Entropy: Requires physical chaos.

Want to go deeper?

Weekly infrastructure insights for engineers who build trading systems.

Free forever. Unsubscribe anytime.

You're in. Check your inbox.

Questions about this lesson? Working on related infrastructure?

Let's discuss