Please suggest how to use Nitrokey Pro 2 instead of Touch Memory iButton in a home alarm system?
My idea is to place following things inside a metal box with home alarm:
- An ARM single board computer like Orange Pi with Linux. It will be used to accept Nitrokey Pro 2 and to short a wire between actual touch memory iButton and home alarm system
- All Touch Memory wiring between TM iButton and alarm system and iButton itself or several iButtons are in the protective box too.
- Electromagnetic lock for a metal box which would be normal open, so closed (locked) when under a voltage from a home alarm relay indicating state of the alarm. Unlocked when alarm deactivated by iBotton switched by ARM+Nitrokey Pro 2.
- Only a single USB port of ARM board would be outside of the metal protective box. HID and any other USB drivers can be disabled, only drivers (kernel modules) used by Nitrokey would be kept.
Btw, it seems american Yubikey was using HID for the purpose of BadUSB vulnerability:
- Yubikey could be a trojan with remote NFC interface by itself.
- Yubikey supported a problem of keeping HID drivers on the pseudo secure computer. Plug and pray system
- Does Nitrokey have any trojans inside it too?
When a Nitrokey is plugged into ARM board a custom udev script could automatically decrypt a predefined value stored on ARM board into a number of TM iButton which should be choosen to switch on.
Please suggest, do you know anything ready for such purpose?
Unfortunately simple solutions like a keyboard and a proximity card (and iButton TM of course too) does not look any secure.
DS 1963 is something a few more secure than a keyboard, but most likely is not as good as strong Nitrokey Pro 2.
Please see more details of this idea here: