Benefits of SBCs for handling sensitive/classified data?

[mildparanoia]

What do you think about SBCs as the preferred platform to handle encrypted/sensitive/classified data?

 

The threat model would be for frequent travelers, against things like evil maid attacks on laptops left in a hotel room or while the laptop is separated from you during travel. The sensitive data would be kept on an encrypted portable hard drive. It would be decrypted and mounted by the SBC, which only allows login via SSH from your laptop's public key.

 

SBCs have a number of benefits over desktops and laptops, namely:

1. Its hardware is plainly inspectable and difficult to tamper with. Unlike desktops or laptops which are vulnerable to evil maid attacks, you may leave an SBC even in the hands of an evil maid, but doing some reverse-engineering to solder on a hardware bug while not being noticeable or adversely affecting the function of the SBC will be challenging. In a desktop or laptop, how often do people go inspect the hardware for keyloggers or side-channel attacks like this? https://hackaday.com/2022/07/22/satan-turns-hard-drive-cable-into-antenna-to-defeat-air-gapped-security/
2. It will be difficult for an evil maid to alter the O/S on a microSD card in your pocket
3. Even if someone manages to install spyware on your O/S, the very nature of SBC O/Ses is that they are portable (on a SD card) and can be re-written easily with a fresh image

[ManoftheSea]

You could also put the data on a VPS, either in the cloud or at your own home.

[sfx2000]

cloud is preferred - that being said, if it is sensitive, or even classified, data, this is the wrong forum to be in.

 

We're not the ones to comment on any approach here - most companies and organizations have strong policy guidance as to how their data is handled.