The simplest solution would be to store the keys in a tamper resistant
device, I've had very good luck with the Dallas Semiconductor Crypto
i-Button - its cheap, secure, and the interface can be as simple as a
RS-232 line.
If you are a do-it-yourself type person and just want secure storage, you
could grab yourself an ISA card wire-wrap prototyping card, add some SRAM
and a dozen odd buffers and latches for address decoding, and build a
memory block to store keys in. Rig up a dozen or two switches within the
case that disconnect power to the SRAM's, and you're in business. Just
make sure the 'self-erase' (forget the proper term for decay in SRAM) is
short enough. If you're really paranoid, add a LARGE cap, [optionally]
buffer the SRAM behind a bank of opto-isolators, and set the caps to
discharge across VCC/GND on tamper, done properly it can even ignite the
chips. If you're REALLY paranoid, nothing beats thermite.
At 01:28 PM 7/18/00 -0700, gustav wrote:
>
>I am in the unfortunate situation of having to run a server in a
>machineroom which I don't completely trust. I know the real solution
>to this is "run it in a machineroom you do trust", but I just don't
>have the resources to do that right now, and so my two alternatives
>are to scrap the project or install the machine with some kind of
>tamper-resistant case. I'm not going to scrap the project.
>
>The threat model is not NSA agents with neutrino-probing CAT-scanner
>eschelon TEMPEST devices, because there's nothing I could do about
>that anyway. I am worried about an attacker taking a screwdriver and
>opening the case and putting a logic probe on the bus, and then
>powering it back up, and trying to get encryption keys. I'm also
>worried about a more sophisticated attacker who might saw the case
>open, or drill, or similar attacks that would subvert a plain old
>magnetic switch on the case. An even more sophisticated attacker
>might saw the case open in the dark, to subvert a light detector which
>some cases have. I am worried about those kind of attacks, but
>nothing more.
>
>It should have an interface to Linux or OpenBSD in such a way that the
>OS would know not to boot if the case has been tampered with.
>Ideally, the harddrive would be rendered permenantly inoperable if the
>case has been opened, or something like that.
>
>Could anyone point me to a source of such a case for a rackmountable
>PC?
>
>
>
