Not even sure if this is applicable in KiCad. I’ve been using KiCad for years however after changing jobs I ran across an issue of design data security. Considering that everything is opensource and at first glance nothing stops a developer adding code that would copy all your designs and send them elsewhere - is there some kind of certification that KiCad can be used with proprietary data?
This is kind of a contradiction in my mind… the fact that it is open-source is what stops a developer doing that (because other developers would notice). With a proprietary program you have no such safeguards.
Agreed, but for the owner of the data this might not be enough of an assurance. I’m not familiar with this area at all but is there any kind of independent security verification mechanism? I’m sure there are plenty of open source projects that require data security
The mechanism is typically to pay a third-party to conduct a security audit.
If you are worried about KiCad developers sneaking in backdoor code to send info out to the internet then I would run the machines in a airgap environment with no connection to any networks/internet.
To be honest I would be more worried about a person copying data to a usb stick and walking out the front door with it.
How far down a rabbit hole do you want to go? How do you know the OS is not sending data to some external website? Can you be 100% your machine is not infected with some data stealing malware?
In case of the government related projects, that’s what they do. Disable your USB ports and do all kinds of other fun stuff that makes your life interesting. For private companies you can possibly rely on the fact that each commercial software provider would be liable for security breach if that breach is traced to that particular piece of software. However there is no such mechanism with the open source software. Air gaping or firewalling a development PC is not practical. You constantly need data sheets, libraries, footprints etc. You mentioning Malware made me think of something else - is KiCad distribution tested for it?
Hahahaha. Actually, some bury indemnification clauses in their licenses.
These days computers are cheap. If your project is critically sensitive in terms of information security, best way is to run the software on an off-line machine that never talks to the outside world.
Libraries and footprints can be stored off-line, and datasheets/online tasks can be done on another machine.
Not sure about virus checked but the windows binaries are code signed. Not that this guarantees its virus free. Saw a few threads a while back about SHA1/2 code being provided to verify it’s not been tampered with but can’t find and SHA keys so guess this was never implemented.
Guess all you can do to be sure is download it from a trusted source (Cern servers would be best candidate) and then virus check the file.
I would say use VirusTotal but then they only allow file attachments of up to 128MB
KiCad official binaries are signed, this means they have been built from the official sources and released by us. If you use unofficial builds, you are at your own risk.
There’s frankly no difference between Open Source and proprietary software here. If someone wanted to steal your data or do other malicious stuff, (s)he could provide you with a rigged version of KiCad, Altium, Mentor, whatever. Except in the case of open source you can at least verify if the binaries are consistent with the sources.
I am not aware of any built-in network functionality in KiCad itself, and it’s probably relatively easy to scan KiCad’s source code for this, which is of course available as it is a FOSS project, and you can build it yourself if you want to ensure that the binaries you have are made from the official (and maybe audited by you) source code.
But just leaking a few screenshots (made by malware) could leak a proprietary design made in KiCad, and if you’re concerned about this kind of stuff then you should take a lot more precautions then just KiCad itself.
But physically air gapping the PC, or running it in a monitored VM (without network stack?) could be an option.
How do you know KiCad is not compromised?
How do you know your OS is not compromised?
How do you know your firmware is not compromised?
How do you know your compiler is not compromised?
How do you know your hardware is not compromised?
How do you know your employee is not compromised?
When should I stop asking questions?
A lot of proprietary CAD software does online license checking, so there is a significant data transfer with the vendor, that could actually be leaking information
Worse now is the trend to “Cloud”, which means that your project is outside of your physical control, often out of your legal jurisdiction.
There are security programs, I think Tripwire is one, that will alert you to a change in a program. Pain in the axe after a major upgrade. You may be able to configure these programs to monitor and report on only specific programs. I haven’t used them in quite a while.
Just a thought about a difference between commercial product and an open source. Let’s say some wealthy Chinese entity decides that it may be a good idea to gain access to all designs done on KiCad seeing it is gaining traction in the commercial sector. In that case they would fund a couple of “developers” who can work their way up the ranks and then embed some code that would be sending all your project files somewhere mainland China. I suppose that could be done in case of commercial products as well but it seems it would be much easier to implement in the open source environment where amount of scrutiny is not as high.
I would say this is much easier to do in a commercial product where there are fewer eyes on it.
Anyone is free to view the source code of KiCad and look for vulnerabilities or suspect code, which is not the case with commercial software. The commercial code could be doing anything and you just have to trust that the company is not doing anything bad.
By looking through the various commits or pull requests, it should be fairly easy to find if out if files are being transferred somewhere.
Here is a interesting link to see how GitHib secures open source code.
Yep.
Air gapped workstations, physical & logical port security (concrete/ compound in USB Ports). Physical perimeter to screen for unauthorized storage or recording devices. Ah, yes: last but not least: properly grounded Faraday Cage for the work environment. That’s about it in a nutshell.
The rest is just means & discipline to enforce the rules and constraints, otherwise, it’s all for naught.
Alexander aka @hwreverse
Time to dig out the rubylith.
As a one who is not a KiCad developer (although I have submitted a bugfix) but still pretty involved and knowledgeable, I have only one word: impossible. I usually avoid absolutes but this time I won’t say “highly improbable” or anything like that. It’s just virtually impossible. Every part of it. From the premises to not being detected right away.
There’s one remotely related example from the Linux kernel development, but it’s very different than KiCad (or almost any other project ever).
I have worked network security. If your project is really that sensitive, keep that machine off the network. Period. Simply no other way. More often these machines are on heavily restricted access networks. These really aren’t hard to set up in a corporate environment.
Bottom line, this isn’t a Kicad responsibility. If you implement security, you own it. More resources would go into that than the electrical cad portion. This comes up periodically it seems. Files can be encrypted locally or they can use keys should they need to be shared. Again, this is well outside the scope of Kicad and I don’t see that changing unless some other open source entity drops a module or plugin that is compatible.