On Fri, 22 Jun 2001, Jim Rees wrote:
> But if you really are concerned about "very skilled hackers" you will need
> significant hardware protection, like a processor with integrated boot code
> or an epoxy potted processor and boot rom module. Even then you won't be
> able to completely protect the system against everyone.
It seems to me, to do completely secure boot protection all one really
needs is an encrypting disk controller.
Imagine a device that sits between the drive and IDE (or SCSI) disk
controller. This device encrypts every block of information going to
the disk, and decrypts every block leaving the disk. The keying
for this device can be done simply: a keypad is mounted in a
5.25" drive faceplate and the key is entered directly to the encryption
device; the underlying computer architecture is not involved.
Now, of course, there are particular issues of concern here .. as to
how and when the user should key the device, and so forth. And data
integrity concerns if the user enters the wrong key. But much of this
can be handled in the same fashion as OS-supplied disk encryption methods.
We are just taking the OS out of the loop. The entire drive gets
encrypted, along with the OS, boot record, and partition table --
everything. Since the key is never handled by the main computer, hacking
it won't help.
One would need to inspect the encryption device itself while it is running
to extract the key. This can be made very difficult by using secure key
management techniques (ie, moving the key around in RAM, and XORing it
with known bit patterns, etc. This also prevents "burn in" of RAM and
takes care of data remanence issues). Also, tamper-proofing the device
is also a possibility.
Such a system, properly designed and implemented would be secure against
pretty much every attacker. Sure, there are sophisticated ways to get
by good tamper-proofing in the lab -- but unless the machine is IN the
lab already, its no good because at power-off the key is gone forever
(since you did the smart thing and took care of data remanence issues).
--
Michael Graffam ([EMAIL PROTECTED])
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
