introduction

Mon, Oct 04, 21

i’m an industrial designer, prototype engineer, and all-around tech fiend nerd. with over ten years in the industry of designing and building electronic products, i’ve founded Isolated Electronics to rid my own insecurities with the way technology is currently delivered. 

 

we don’t own our data anymore. third-party apps and services that handle digital assets (password library, cryptocurrency wallet, two-factor authentication, file encryption) keep our data behind a paywall or locked into a platform, engineered to make it difficult to remove, backup, or copy data to another device or service. i created Isolated Electronics with one goal in mind: to offer a transparent and open platform to manage digital assets, while consolidating all of these features into one device with the highest level of security possible. 

 

our approach to security is simple. it is:

 

  1. open - we have our own trust issues just as everyone else, but a perfect system should not require any trust. we provide all documentation necessary for our customers and community to check every aspect of our products: from our transparent codebase to our PCB fabrication files, it’s all available for everyone to check. 
  2. isolated - the largest threat to data is over-the-air hacking. by eliminating the interfaces necessary for the device to access the internet, we practically eliminate our threat surface, so no Bluetooth, no WiFi, and no USB. 
  3. biometric - all data stored on our device is encrypted with the highest standards and backed by the user’s fingerprint and/or PIN data as the seed. on-device we are conscious of data handling, individually decrypting data on request, and wiping traces from RAM afterwords. in the rare case someone has stolen your device, it would take a nation-state levels of computing power to decrypt it. 
  4. platform - our products are designed to be multi-function and expandable. by building the device as a platform from day one, we can implement new features and applications at will while also allowing the community to build applications of their own. 

 

everyone deserves the fundamental right to data and identity privacy, and we believe the only way to ensure this is with an open, isolated, biometric platform for digital assets. with this, we are closer to our goal of Universal Digital Sovereignty. 

 

-Brandon

brandon@isol8.io 

open-source

Sat, Oct 02, 21

making our security device open-source was essential to creating a platform that allowed our users total control of their private data. IsoKey’s open software and open hardware nature allows us to be fully transparent in who we are and what we do while maintaining a device the can be built upon by our own team and community. 

 

trust from any company should be verifiable.  making our security device open-source gives two main advantages: 1. allows the community to audit our designs in order to review and verify the structure of our device as well as spotting any errors that may have been overlooked to improve the hardware or software on the next update. 2.  it gives each individual user the opportunity to audit their individual device to ensure the device is authentic, the chips and circuits are genuine, and the software and libraries are installed as designed.

 

open-source allows us to be fully transparent in what we claim and allows our devices the ability to be built upon by our team and community at large.

 

Why we are one source?

 

if you ask any investor or entrepreneur, they will explain the importance of unique innovation and protecting that intellectual property.  often products aren’t built to solve a problem for the consumer, but rather built around defensible intellectual property, and then marketed to the consumer to convince them they need it.  think Segway.


every year millions of man hours are spent by companies to develop and protect their technologies, only to have their competitors reverse-engineer, redesign, and modify the original designs enough to not overstep the original patent, only for it to end in litigation, wasting more hours and dollars on both sides.


this is often a wasteful practice that doesn’t benefit the consumer, the community, or technology as a whole.  what if engineering talent was used to continue advancing technology and not as a weapon for profit?


imagine being part of a group of workers digging a hole, with a common goal of removing as much dirt as possible.  instead of working together to remove as much dirt as possible, we continue to shovel dirt into the holes of our partners. sooner or later we will just be passing dirt around the hole and not removing it.


we at Isolated Electronics believe that open-source can create not only a more cohesive community that can accelerate technology advancement further by removing the waste caused by protectionive and litigative measures, but we can also funnel those resources into further advancing technology development, and in our specific case, create more secure and trustworthy products.


by being open-source, we release all of the source materials for making our product: the source-code for the software in readable plain text code, our circuit board schematics, and fabrication files.  this allows anyone to scrutinize, review, stress test, contribute, and improve the original design, so we can rapidly re-introduce the updates into the product, which results in a safer, more robust product with a longer lifespan.

 

benefits:

 

for security;

firstly, this allows the design to be audited by the community and any potential customer before purchase and even before launch of the product.  this both demonstrates that we are playing fairly while also giving the opportunity for any weak points to be caught before release.  secondly, it allows the end user the opportunity to audit their own device, to check that the product itself is authentic and comes from us, but also that it hasn’t been tampered with by a middle man.

 

for the consumer;

the consumer will gain peace of mind that the community at large has scrutinized the product even if they aren’t technically inclined enough to do it themselves. they will also benefit from a product that will continue to be developed upon and supported by like-minded people.

 

for technology as a whole;

it pains me to see intelligent, creative engineers’ capacity wasted on the pursuit of new IP or avoidance of others’ IP.  working together to build upon each other’s technology over time, we can reduce the amount of engineering funds allocated for protection, circumvention, and litigation and reallocate them to discussing, collaborating, and advancing technology.

isolated

Fri, Oct 01, 21

airgapped. disconnected. isolated. cold. it can be spelled out many ways, but the definition is the same: not having any method of connecting to the internet practically eliminates the possibility for internet based over-the-air attacks.


Isokey is devoid of transfer protocols like Bluetooth, WIFI and USB.  The only method of introducing data into the device is through QR codes and user-inserted micro-sd cards, making sure the user is conscious of any data transfer into or out of the device and ensures all data is securely stored and managed.

 

why are we isolated?

 

short answer: it’s way more secure.

 

long answer: if you have a physical safe to store your passports, legal documents, or other sensitive date, you wouldn’t leave the safe in plain sight even if the lock was super strong. you would install it out of sight, covered even.  there’s no reason to advertise that the safe exists at all.


in a parallel to digital security, if you have important, heavily encrypted files, you shouldn’t store them on your internet connected computer.  if you encounter a virus, spyware, or malware on that computer, those files can be compromised without you even knowing a hacker was there.  this process can be done automatically by malware or ransomware in the blink of an eye. a hacker doesn’t need to scour through your files one by one.


with a staggering majority of data loss originating from the internet, the safest option is to reduce or eliminate this threat altogether by removing all forms of communication.  this is why our product has no WiFi, Bluetooth, NFC or USB. there is no way for our product to connect to the internet directly or have high bandwidth connection to another internet connected device.  this makes over-the-air attacks virtually impossible.


the major drawback of an unconnected system however is ease-of-use.  it increases the friction of inserting passwords or authentication tasks as they require the user to manually transfer the data into and out of the device.  to help reduce this friction, we have added a camera module that allows the device to read and decode QR codes, allowing easier use of challenge-response protocols for authentication, building QR based transfer requests in the case of cryptocurrencies, and to be relayed to the networks from a separate, internet connected device.


we believe in data isolation as a security measure. even with its usability draw-backs, it will provide great leaps in peace-of-mind regarding where your private data is stored and what threats it faces.

 

biometric

Thu, Sep 30, 21

Digital Sovereignty, to us, means more than having the data on your device. it also means safety and protection.  to ensure that personal data is securely stored, data encryption is handled with the highest standards and is flexible for everyone to use.  data can be encrypted using their fingerprint, PIN and/or password as the cryptographic seed, allowing data to be safeguarded with heavy encryption, even if the device is lost.

 

what is biometric?


short answer: biometrics are what we use to ease encryption and decryption of your data.

 

long answer: while we have covered the isolated nature of the device and its efficacy in reducing the threat surface that virtual attackers can exploit, we also have to protect against ‘physical’ attacks.  ‘physical’ attacks encompass what happens if an attacker gets hold of the actual device, rendering our ‘isolated’ defense less effective.


when initializing an isokey vault, the user logs their fingerprint and/or PIN as the cryptographic seed.  The cryptographic seed is then fed to a PRNG (pseudorandom number generator) that is used to encrypt the vault onto the micro-sd card.  this is done so that all data is kept encrypted on the device at all times, except for the when the user wants to access an individual file to display on the device. in that case, after it’s accessed, the unencrypted data is wiped from ram, and the rest of the data is kept safely encrypted on the micro-sd card.  if at any point during operation, the micro-sd card is removed, there is no need to worry.  the data on the card is protected with the safest encryption protocols and impervious to common attacks.

platform

Wed, Sep 29, 21

we have built IsoKey on a linux capable ARM platform, with an open-source front end. this affords users and organizations to easily create additional applications and use-cases beyond our password management, two-factor authentication, cryptocurrency, and data encryption features that we have built at launch.  We have created IsoKey to be a trusted device and attract any and all applications that require peace-of-mind, eliminating the need for multiple devices.

 

why does isokey run on linux?


short answer: to make IsoKey limitless

 

long answer: security devices like cryptocurrency wallets and authentication keys are built on simple microcontrollers with little overhead.  these processors are cheaper to buy and operate but can be limiting in the features they are able to implement due to the skill needed to modify the code and the complicated nature of updating and flashing the device.  while these skills aren’t rocket science, they are well out of the purview of the vast majority of the community.


IsoKey runs a full linux operating system and can be run on most distributions that a user wants to implement. our front-end is built in openFrameworks, a popular open source framework used primarily to create digital, generative art, app development , and ar/vr applications.  this is paired with a python back-end, which opens up feature development to a much wider audience.

 

these choices will allow maximum flexibility for us as a company to implement new features and tweaks as well as new contributions from the community.