It doesn't really matter what you do. Attacker could always kill
power to your case, open it, and or your hard drive. After that
the game is over. The only thing that I could think of is to
install a battery power tamper detector which would fry the hd on
detection. I know that OpenBSD project is working on encrypted file
systems. You may see what is going on on that front. But even
in that case they make hardware key sniffers which are small enough
to install in the case, or in the keyboard. These are impossible to
detect without physical inspection of the hardware. When you type
in your passphrase to decrypt the hard drive, again game over.
Just putting some stuff out there. I realize that some protection is
better than none. With that in mind try a search for the keywords
case, hardened, kiosk.
Good luck, BMG
On Tue, Jul 18, 2000 at 01:28:25PM -0700, gustav wrote:
>
> I am in the unfortunate situation of having to run a server in a
> machineroom which I don't completely trust. I know the real solution
> to this is "run it in a machineroom you do trust", but I just don't
> have the resources to do that right now, and so my two alternatives
> are to scrap the project or install the machine with some kind of
> tamper-resistant case. I'm not going to scrap the project.
>
> The threat model is not NSA agents with neutrino-probing CAT-scanner
> eschelon TEMPEST devices, because there's nothing I could do about
> that anyway. I am worried about an attacker taking a screwdriver and
> opening the case and putting a logic probe on the bus, and then
> powering it back up, and trying to get encryption keys. I'm also
> worried about a more sophisticated attacker who might saw the case
> open, or drill, or similar attacks that would subvert a plain old
> magnetic switch on the case. An even more sophisticated attacker
> might saw the case open in the dark, to subvert a light detector which
> some cases have. I am worried about those kind of attacks, but
> nothing more.
>
> It should have an interface to Linux or OpenBSD in such a way that the
> OS would know not to boot if the case has been tampered with.
> Ideally, the harddrive would be rendered permenantly inoperable if the
> case has been opened, or something like that.
>
> Could anyone point me to a source of such a case for a rackmountable
> PC?
--
__O | Information wants to be free! | __O Bike
_-\<,_ | FreeBSD:The Power to Serve (easily) | _-\<,_ to
(_)/ (_) | OpenBSD:The Power to Serve (securely) | (_)/ (_) Work
