On Fri, 22 Jun 2001 [EMAIL PROTECTED] wrote:
> On Fri, 22 Jun 2001, Jim Rees wrote:
>
> > But if you really are concerned about "very skilled hackers" you will need
> > significant hardware protection, like a processor with integrated boot code
> > or an epoxy potted processor and boot rom module. Even then you won't be
> > able to completely protect the system against everyone.
>
> It seems to me, to do completely secure boot protection all one really
> needs is an encrypting disk controller.
>
> Imagine a device that sits between the drive and IDE (or SCSI) disk
> controller. This device encrypts every block of information going to
> the disk, and decrypts every block leaving the disk. The keying
> for this device can be done simply: a keypad is mounted in a
> 5.25" drive faceplate and the key is entered directly to the encryption
> device; the underlying computer architecture is not involved.
I believe one of the requirements from the original poster was that users
could not take the system (which is obviously "Linux-friendly") and use it
as their own workstation. Correct me if I'm wrong (I've deleted the
original email) but they plan on giving away the boxes as an "appliance"
for which they'd sell the service. They want to prevent what happened to
that one company (whose name I've forgotten, naturally) who was selling
web appliance service. They gave you a box for free (I think it ran QNX)
and expected you to buy monthly ISP service from them. Knowlegable Linux
hackers would sign up for the service, get a free appliance, cancel the
service, and install Linux on the box. Voila, free Xterm.
What is needed is some way to physically require some sort of
authentication, else the system is unusable. And it must be proof against
hardware hacking.
The military has stuff like this. And it's EXPENSIVE. We don't give it
out for free.
And nothing is tamper-proof. THere are only varying degrees of
tamper-resistance.
Then there's all the stuff about encrypting the data on disk, etc.
--Jeremy
Jeremy Impson
Sr. Associate Network Engineer
Advanced Technologies Department
Lockheed Martin Systems Integration
email: [EMAIL PROTECTED]
phone: 607-751-5618
fax: 607-751-6025
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
