Security

Architecture

EVE is air-gapped by design. There is no internet connection to compromise, no cloud server to breach, and no remote access vector. All data exists only on the local device and connected clients within the physical vicinity.

Encryption

All wireless communications are encrypted using WPA3 for WiFi transport security. Messaging uses end-to-end encryption, and file transfers are protected with AES-256. Keys are generated locally and never leave the device.

Authentication

Administrator access is protected by local-only authentication with configurable security policies including rate limiting and session timeouts. No credentials are transmitted externally — ever.

Data Persistence

By default, everetains no user data between sessions. All transient communication data is automatically purged. Administrators can configure persistent storage for specific services, but all data remains physically on the device and is encrypted at rest.

Firmware Updates

Firmware updates are delivered via cryptographically signed packages that can be loaded via USB or over the local network. All updates are verified against EVE's root certificate before installation. Rollback is always supported.

Physical Security

EVE Boxs feature tamper-evident enclosures and secure boot chains. If physical tampering is detected, the device can be configured to automatically wipe all stored data.

Responsible Disclosure

We welcome responsible security research. If you discover a vulnerability, please report it to security@eve.civoraa.org. We commit to acknowledging reports within 48 hours and providing a remediation timeline within 7 days.