Radio frequency shielding for Raspberry Pi Zero

[th078]

TL;DR

I'm wondering whether it's possible to craft a RF 'shield' for the Pi Zero's wireless antenna, with the goal of "air-gapping" the device

So I'm trying to put together a Pi Zero mini computer to use for security-oriented applications, for example encrypting/decrypting messages, working with encryption keys, etc. It's cheap, very small and thus easy to carry around.

However, I'm not entirely comfortable with the presence of the built-in Wifi and Bluetooth, which while convenient, presents a security risk. Disabling wireless functionalities via software is possible but not bulletproof, since an adversary could in theory enable them surreptitiously, however improbable that is in practice. I also don't want to physically remove or disable the corresponding components, since that kind of modification is permanent. So I figured that the most straightforward method of air-gapping the device would be to physically shield it the wireless antenna using a RF-blocking material.

Now I have to confess that I know practically nothing about electrical engineering, which is why I've come here for help, in the hopes that someone more knowledgeable might be able to enlighten me and offer some input. I'm aware of Faraday cages and RF blocking wallets, but those require that the entire device be enclosed, which isn't feasible in this case due to the presence of cables.

So instead I was wondering whether it's possible to craft a slip-on RF-blocking "sleeve" using suitable materials and enclose only the antenna. Even if the triangular antenna is completely covered, the silicon board itself wouldn't be enclosed, and might therefore allow signals to pass through. Would that prevent this solution from working?

Thanks in advance.

 

[tech99]

I don't actually know this computer but I think the approach you describe is not very good, and even the slightest RF leakage will be detectable at close range.

 

[DaveE]

What you propose is not a simple design, but theoretically it is possible. You will need to have the smallest holes possible for any wires that cross through a six sided box of highly conductive material. You will probably also have to have RF filters in the wires that exit as currents can be induced into those wires inside the box that can flow outside on the wires and then re-radiate the radio signals.
IMO, it would be much easier to modify the PCBA to eliminate the wireless capability. I suspect that there are easier methods to do that than removing an IC, you may be able to cut a trace or add a short circuit in a strategic location.

 

[anorlunda]

No matter what your approach, unless you execute it perfectly, it will be potentially insecure. Security professionals would be unlikely to accept that. Amateur security of all forms is notorious for being less secure than the designer believe it is.

If this is government work, then there must be established protocols to certify something as secure. A security professional would start there.

 

[sophiecentaur]

A software approach could be worth considering. Perhaps including commands that check for the state of the Comms, on a regular basis, and that turn off the WiFi and Bluetooth AND notify the operator.
RF screening can be unreliable because input / output / power leads need vast amounts of filtering (large structures) to give you high levels of protection.

 

[Vanadium 50]

since that kind of modification is permanent

And? It costs something like $5. If later you need an unmodified one, just buy an unmodified one.

 

[Tom.G]

Still on their website and in stock is the Version 1.3 at $5, that's the one without the RF link.
https://www.adafruit.com/product/2885The downside is "MAX PER CUSTOMER: 1"

Cheers,
Tom