mgraffam
Fri, 22 Jun 2001 08:58:32 -0700
On Fri, 22 Jun 2001, Jim Rees wrote: > But if you really are concerned about "very skilled hackers" you will need > significant hardware protection, like a processor with integrated boot code > or an epoxy potted processor and boot rom module. Even then you won't be > able to completely protect the system against everyone. It seems to me, to do completely secure boot protection all one really needs is an encrypting disk controller. Imagine a device that sits between the drive and IDE (or SCSI) disk controller. This device encrypts every block of information going to the disk, and decrypts every block leaving the disk. The keying for this device can be done simply: a keypad is mounted in a 5.25" drive faceplate and the key is entered directly to the encryption device; the underlying computer architecture is not involved. Now, of course, there are particular issues of concern here .. as to how and when the user should key the device, and so forth. And data integrity concerns if the user enters the wrong key. But much of this can be handled in the same fashion as OS-supplied disk encryption methods. We are just taking the OS out of the loop. The entire drive gets encrypted, along with the OS, boot record, and partition table -- everything. Since the key is never handled by the main computer, hacking it won't help. One would need to inspect the encryption device itself while it is running to extract the key. This can be made very difficult by using secure key management techniques (ie, moving the key around in RAM, and XORing it with known bit patterns, etc. This also prevents "burn in" of RAM and takes care of data remanence issues). Also, tamper-proofing the device is also a possibility. Such a system, properly designed and implemented would be secure against pretty much every attacker. Sure, there are sophisticated ways to get by good tamper-proofing in the lab -- but unless the machine is IN the lab already, its no good because at power-off the key is gone forever (since you did the smart thing and took care of data remanence issues). -- Michael Graffam ([EMAIL PROTECTED]) *************************************************************** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***************************************************************