Idea for tamper-resistant PC hardware
Here's something I would like to see: a harddrive that is tamper-resistant. The threat model is a server is deployed in an untrusted machineroom, and recovery of plaintext from the system is unacceptable. One obvious attack, involving an encrypted hard drive, is for the attackers to have a "power failure" and then remove the encrypted hard drive from the server, and reinstall it in an "instrumented" server which can recover key data. I want to defeat that attack. One obvious way to do that would be to have a bunch of thermite, or explosives, or whatever that trigger when the thing is tampered with. That's fine, but as a general rule, if the solution to the problem requires explosives, I would rather try to find a different problem. So here's another solution. The hard drive itself is encrypted, and the encryption/decryption hardware is part of the hard drive chips, and all are mounted within a tamper-resistant enclosure. Also mounted in this enclosure is a little battery which will last for the lifetime of the harddrive, and a large-enough capacitor. When the enclosure is tampered with, the capacitor sends a jolt through the chip that holds the encryption key. This jolt is big enough to melt the silicon, so no key bits could be recovered (this would not require much of a jolt, I would think). Then the attacker would have the hard drive, but no way to decrypt it. Obviously, it would need sensors to detect tampering with the case, and tricks liking freezing the thing, using radiation, whatever. This allows us to have data be permenantly destroyed, and the hard drive permenantly deactivated, without doing any crazy stuff involving pyrotechnics which looks bad in the media. "The computer exploded, injuring the thieves" looks much worse than "The thieves tripped a safety mechanism and were unable to recover any data from the computer." It would also allow everyhting to be done in a normal-looking PC case. So the total solution would be a computer case with sensors which trigger the capacitor in the hard drive, and also sensors in the hard drive enclosure which trigger destruction of the key. It seems like this wouldn't be such a complicated thing to implement. Any thoughts on this?
SGBvsLei@aol.com
At 08:52 PM 1/11/01 -0500, [EMAIL PROTECTED] wrote: i saw ur name somewhere on a board,... u were talking about NORTON YOUR EYES ONLY,.. i was wondering if u knew where i could get the US version or if u could send,... thanx,... Soliciting to steal software? We've contacted the BSA and AOL. Expect a visit at home sometime soon. You *do* have licenses for what's on your hard drive, don't you? Chump.
Re: Idea for tamper-resistant PC hardware
I guess if your critical server is simply some sort of service provider and the only data requiring security are the operating keys then your hostile location is OK since rebuilding a system and restoring a few keys ( which can be hidden just about anywhere ) is easily done. Otherwise the loss of the data could be costly. If your data is static then it would be relatively easy to stash a copy somewhere. If your data is dynamic then backups are necessary. Backups can be tracked to their resting place. So their location needs to be ( physically and legally ) secure from the threat(s). Unless you can readily hand carry the backups to the secure storage area it will need to be connected in which case you might as well locate your server there in the first place.
Unable to pay your supplier?
ATTENTION BUSINESS OWNER/OPERATOR 15 From time to time, most companies experience a cash flow problem. These problems can range from temporary cash crunches with the inability to pay trade creditors and suppliers within the granted credit terms to more serious problems including bankruptcy and liquidation. If you own or operate a company with a cash flow problem, we can help. Brown MacMillan is a national consulting company specializing in reducing problem debts for companies of all sizes. Since our inception in 1994, we have helped hundreds of companies including small "mom and pops" to large multi-national organizations. We keep our clients out of the legal system so they can concentrate on their business enabling a large savings in both time and money. We typically reduce our client's accounts payable and other debts to less than 20 cents on the dollar! In fact, our settlements rarely go higher than 35 cents on the dollar. Furthermore, we put our clients in a no lose situation. We always give them the opportunity to accept or reject any settlement we negotiate for them. If they do not like the settlement we negotiated, we charge them nothing. If they accept, our fee is based on a small percentage of what we saved them over the original amount owed. Therefore, we don't charge by the hour, never charge a retainer, but only get paid when you accept a satisfactory settlement that we have negotiated on your behalf. If your creditors are constantly calling your company for payment, or have even retained a collection agency or attorney, I strongly urge you to fill out the form below and fax it back to us. Just imagine what your cash and working capital positions would look like in a few short weeks after an 80% reduction of debt. You have absolutely nothing to lose. Sincerely, Brown MacMillan Please fill out this form and Fax to 1-775-402-4756. If this line is busy, please try faxing to 1-413-845-9314. Name: _ Company: __ Phone Number: __ Best Time to Call: ** Another Internet Ad campaign produced and distributed by: Global Advertising Systems, Fort Worth, TX 76112. If you would like to be removed from our mailing list email [EMAIL PROTECTED] with remove as the subject. *
This is going to be a GREAT year for you! Take 5 min.
This is going to be a GREAT year for you! Take 5 min. Please read all of this! EARN $100,000 PER YEAR SENDING E-MAIL!!! *** You can earn $50,000 or more in the next 90 days sending e-mail, seem impossible? Read on for details (no, there is no 'catch')... --- "AS SEEN ON NATIONAL T.V." Thank you for your time and Interest. This is the letter you've been hearing about in the news lately. Due to the popularity of this letter on the internet, a major nightly news program recently devoted an entire show to the investigation of the program, described below, to see if it really can make people money. The show also investigated whether or not the program was legal. Their findings proved once and for all that there are, absolutely no laws prohibiting the participation in the program. This has helped to show people that this is a simple, harmless and fun way to make some extra money at home. The results of this show have been truly remarkable. Since so many people are participating now, those involved are doing much better than ever before. Everyone makes more as more people try it out. It is very, very exciting to be a part of this plan. You will understand once you experience it. "HERE IT IS, BELOW" *** Print This Now For Future Reference *** The following income opportunity is one you may be interested in taking a look at. It can be started with VERY LITTLE investment and the income return is TREMENDOUS!!! If you would like to make at least $50,000 in less than 90 days! Please read the enclosed program...THEN READ IT AGAIN!!! THIS IS A LEGITIMATE, LEGAL, MONEY MAKING OPPORTUNITY. It does not require you to come into contact with people, do any hard work and best of all, you never have to leave the house except to get the mail. If you believe that someday you'll get that big break that you've been waiting for, THIS IS IT! Simply follow the instructions, and your dreams will come true. This e-mail marketing program works perfectly...100%, EVERY TIME. E-mail is the sales tool of the future. Take advantage of this non-commercialized method of advertising NOW!!! The longer you wait, the more people will be doing business using e-mail. Get your piece of this program now! MULTI-LEVEL MARKETING (MLM) has finally gained respectability. It is being taught in the Harvard Business School, both Stanford Research and the Wall Street Journal have stated that between 50% and 65% of all goods and services will be sold through multi-level methods by the late 1990's. This is a Multi-Billion Dollar industry and of the 500,000 millionaires in the U.S., 20% (100,000) made their fortune in the last few years in MLM. Moreover, statistics show 45 people become millionaires everyday through Multi-Level Marketing. You may have heard this story before, but over the summer Donald Trump made an appearance on the David Letterman Show. Dave asked him what he would do if he lost everything and had to start over from scratch. Without hesitating, Trump said he would find a good network marketing company and get to work. The audience started to hoot and boo him. He looked out at the audience and dead-panned his response - "That's why I'm sitting up here and you are all sitting out there!" With network marketing you have two sources of income. Direct commissions from sales you make yourself and commissions from sales made by people you introduce to the business. Residual income is the secret of the wealthy. It means investing time or money once and getting paid again and again and again. In network marketing, it also means getting paid for the work of others. The enclosed information is something I almost let slip through my fingers. Fortunately, sometime later I re-read everything and gave some thought and study to it. My name is Ellie Gilbert. Two years ago, the corporation I worked for, the past twelve years, down-sized and my position was eliminated. After many unproductive job interviews, I decided to open my own business. Over the past year, I incurred many unforeseen financial problems. I owed my family, friends and creditors over $40,000.. I just couldn't seem to make ends meet. I had to refinance and borrow against my home to support my family and struggling business. AT THAT MOMENT something significant happened in my life and I am writing to share the experience in hopes that this will change your life, FINANCIALLY, FOREVER!!! In mid December, I received this program via e-mail. Six month's prior to receiving this program I had been sending away for information on various business opportunities. All of the programs I received, in my opinion, were not
Re: NONSTOP Crypto Query
John Young wrote: We've been unable to retrieve more than a few words from the redacted portions (by use of xerography to reveal text below the overwrites), and would appreciate any leads on what NONSTOP means. Joel McNamara has been searching for NONSTOP info for some time: I happen to admin a Tandem "NonStop" K-200. Not sure how truly secure they are, but from my experience I'd say it's more security thru obscurity than anything else, i.e., almost nobody has any knowledge or experience with the OS, unlike unix and windoze, so info doesn't get shared around, etc. The OS is Guardian and is extremely primitive. They don't run C or anything else known to mankind. Well, there is know a "unix shell" that runs on top of Guardian, with an extremely limited command set and functionality, which does allow C code to run, but it's not accessing low-level stuff, no hardware calls, etc. Tandem was/is used mostly in banks and the like. The "nonstop" is a bit of a joke, really -- yes, the hardware is robust, everything is hot-swapable, but the software (at least ours) crashes a lot. You could have a much better and more robust system with a unix cluster. And of course, Tandem was a dead horse on the verge of bankruptcy when it was bought by Compaq, about the same time Compaq bought DEC. So now they've got Tandem "NonStop" servers which run the DEC Alpha processors and unix. I'm sure Compaq will kill off the old Tandem line as soon as they can, just like they are with the DEC Vaxes. Support, yes, but no further development. So the bottom line here is this -- I'd really rather doubt that the NONSTOP referred to above has anything to do with Tandems. Certainly they aren't running Tandem stuff on planes and vehicles -- this is heavy iron -- and if the fedz are depending upon anything as primitive as the Tandem OS to protect secrets, I pity them. -- Harmon Seaver, MLIS Systems Librarian Arrowhead Library SystemVirginia, MN (218) 741-3840 [EMAIL PROTECTED] http://harmon.arrowhead.lib.mn.us
Crypto sci fi: The Talking Kit
Mary tried to ignore the sobbing of her sister in the next room. It had been two days since They came to her village and she was still in shock. Two days is the minimum time to wait, Alex had said, before Talking. Alex was the fellow from the Engineers Sans Frontiers who had given her the Kit. This was not first time she had to use it, but it was over a year ago... she tried not to remember. The ESF had come into her wartorn country, as they always did whereever they saw the poverty that follows tyranny. The Engineers, Mary had heard, got their money from some anonymous group of California Norte businessmen, from that place they called Sallay-Vallay, but Mary knew little of such distant things. They had the geopolitical immunity of the Red Circle or Docteurs Sans Frontiers agencies but were more like the Corps of Engineers. The ESF had come to build (or rather, repair) the roads into the villages. This was permitted by the Rulers, it was after all free help. They could set up generators but that was about all that the Rulers wanted the peasants to have. There were not enough trusted police to monitor all the calls if every village had phones, after all. Besides the bulldozers, chainsaws, and other machinery for turning jungle into road, the ESF brought equiptment that let them stay in touch with their headquarters. They had some kind of telephones, that didn't need wires. But their communications were as controlled as the peasants. Armed soldiers loitered around the engineers' base and kept an ear towards the phone station. The ESF were guests of the Rulers, dismissable at their whims. Much like the Soldiers dismissed peasants in night raids, only with less permenance. ... During her regular chores, Mary snuck out to The Place where she had buried It. Under the jungle mould was an olive drab case that she brushed off and lifted out onto the ground. She unlatched it and took out the metal box within. Then she put the waterproof case back under cover. She moved away from that site, taking the metal box. Sitting down, she took a key from around her neck and unlocked it. Inside was a pocket-sized computer, a solar panel and some batteries, and a small tin that originally held mints but now had electronics inside and a pair of buttons and LEDs outside. There were some other cables in there too. Mary knew none of these words, indeed she could not read or write. But Alex had explained to her how to use it, and made her demonstrate what he had taught until she was confident. Mary slid the little black stone on the side of the larger, silvery slab with the shiny window. It beeped, lit up, then pictures appeared in the glowing window. A little blue line at the bottom of the window was most of the width of the window, which was good: it meant she wouldn't need to fill up the little yellow cylinders, which took a day. You had to put the cylinders into metal holders in the back of the blue plate and then leave the plate in the sun for a day. Blue side up. And the cylinders had to be pointed the right way, though there were little pictures near the holders to show you ---the cylinders had a nipple on one end and were flat on the other. The ends had different markings, too, one like the cross worn by the missionaries who occasionally visited, and one a single line. It was also possible to make fuel by turning the handle of a little gadget that Mary had seen, which was good because you didn't have to wait for the sun, but she didn't have one of those. One of her neighbors had a radio that worked with such a handle; turning the handle for a minute would play about half an hour's worth of music from the one station that they could hear. You could see inside this radio, and there was a coiled spring in there, and it rapidly turned the shaft of something that actually made the fuel for the cylinders. Turning the handle coiled the spring, which then turned the fuel-maker. How spinning a shaft could make fuel was beyond Mary's comprehension, but it worked. The missionaries had been impressed by Mary's ability to turn fur into fine thread with a spinning shaft, but you could *see* that; making radio-fuel by spinning was invisible. That radio had also been a gift from another fellow with the ESR. The little window now showed a padlock, which told Mary that the box had checked itself over and was healthy. She also looked at the sides of the box, and saw that the wax along its sides was unscratched. It wasn't wax exactly, it was wax that hardened into stone, "metal poxxi" Alex had called it. It made it very difficult to open the window-box (except for where you put the cylinders into it), and nearly impossible to open and put back together without it being evident. But no one had found the buried case or opened the locked tin or changed the insides of the window-box. Alex had explained that she was trusting the box to protect her secrets, and that if someone tampered with it it
Re: Consensus Actions in Cipherspace?
At 06:01 PM 1/12/01 -0500, Ray Dillinger wrote: Crucial facts about a protocol that does the right thing would be: 1) DOES NOT create any single priveleged user or machine. 2) Resistant to denial-of-service attacks and attempts to "stack the vote." (Requires user authentication) 3) No altered versions of the agent ought to be able to gather enough information to force an action as long as at least the majority of agents are unaltered. 4) Once a consensus is reached, a majority of the agents acting together should be able to take whatever action is found even if the dissenters' agents don't cooperate with them. (a consensus reassembles a key? But then that key can't be used again, what's the next key?) Interesting idea. Starting with 1 user who can admit (by virtue of having 100% of the vote) and then letting the users vote to add others. I don't think reassembling the key is the final stage. I think the server could simply use a voting protocol to get (or timeout) permission to do proposed actions. We are assuming that the server is trusted, right? The server could send signed PGP-encrypted email to all members saying: "The following script has been proposed to be run by GroupServer for your Group.. to vote yes or no, sign a yes or no message and encrypt and send it to GroupServer. This vote closes in 3 days, and votes are acknowleged immediately." Perhaps I'm not clear on what constitutes an action that could be distributed without relying on a trusted actor (server). (Thinking out loud) Maybe the actions require access to a distributed N-of-M database? How do you prevent someone from reusing the reconstructed database? Or uncooperatives refusing to update their slice of the DB?
Jim on EM
Jim, I remember that whole Faraday cage discussion - it was painful. When it comes to EM you're really off in the tall grass. Mike
Re: NONSTOP Crypto Query
David's suggestion makes sense to me. But if NONSTOP is a codeword, it would be classified at least secret, and manufacturers of such products would be discouraged by their customers at NSA from labeling their products with such a name. -Declan On Fri, Jan 12, 2001 at 07:47:00PM -0500, David Honig wrote: At 12:32 PM 1/12/01 -0500, Tim May wrote: The Tandem Computers "NONSTOP" was a product line in use by various government agencies for secure (fault-tolerant) computing for a long time. I'd look there for starters. (I thought this was too speculative, but given Tim's guess..) I have also thought that NONSTOP refers to fault-tolerant under high-RF conditions. Also useful when flying (etc.) near your own antennas, dishes, etc. A sort of military version of the FCC standard for consumer electronics: doesn't emit bad (informative) radiation, accepts bad radiation without interference. Note that shielding that worked for tempest would also help nonstop; and that some of the gear at a testing site (antennas) serves both purposes. (After reading Harmon Seaver's piece) Since this is the NSA, maybe they were testing that high-RF environments didn't cause info leakage -someone else tests that the stuff simply works under field conditions. Maybe the thing they wanted not stopped was tempest protection.
Re: NONSTOP Crypto Query
At 10:56 PM 1/12/01 -0500, Declan McCullagh wrote:
David's suggestion makes sense to me. But if NONSTOP is a codeword, it
would be classified at least secret, and manufacturers of such
products would be discouraged by their customers at NSA from labeling
their products with such a name.
-Declan
I agree... this remains a problem with my thesis. Perhaps it is
from an earlier time, before they randomly chose short words or word-pairs
from lists as opaque labels?
I just finished Rowlett's _Magic_ and in there, someone
had to point out to the SIS cryptanalysts that you shouldn't refer to what
the ca. WWII Japanese called "Cipher Machine, type A" in English as the
"type A machine". Thus their arbitrary designators ("red", "purple") were
chosen.
--
The great thing about humans is they can come up with a theory for anything.
Re: NONSTOP Crypto Query
-=|[ duuh... ]|=- "NONSTOP" is moreso a protocol and general criteria for operations. It is not soley restricted to physical, TEMPEST, hij/abduct, intel, crypto, or any other specific protection mechanism. NONSTOP is more a general idea and concept, with implications and implementations across all interrelated elements which probibly 'shouldn't stop'... JYA has an email from me directly with more basic info/'theory'. (he will review and use whatever content desired thereof) You note NONSTOP"" with hijack type associated logic... Although these phrases refer to some unknown ic/dod/etc protocols, it is also quite well founded in reality... NONSTOP protections prevent hijack. End of point. How? Research this. A previous cp CDR message about a year ago referenced HIJACK/NONSTOP training at the afb in san-antonio TX... It had TEMPEST shielding protocol as a parallel course to NONSTOP... Any logical speculation as to why? -- With 'baaah' in mind, -Wilfred [EMAIL PROTECTED] -=|[.]|=- At 10:54 PM 1/12/2001 -0500, you wrote: At 10:56 PM 1/12/01 -0500, Declan McCullagh wrote: David's suggestion makes sense to me. But if NONSTOP is a codeword, it would be classified at least secret, and manufacturers of such products would be discouraged by their customers at NSA from labeling their products with such a name. -Declan
Re: Consensus Actions in Cipherspace?
On Fri, 12 Jan 2001, David Honig wrote: the server could simply use a voting protocol to get (or timeout) permission to do proposed actions. We are assuming that the server is trusted, right? Actually, no. That creates a single priveleged machine, which is also a point of failure, which is also a point of attack, which is also subject to subpeonas or outright theft. Ideally, this is something that runs on the distributed machines of the participants. I think that's the only way to be safe from the "lawsuit attack". Perhaps I'm not clear on what constitutes an action that could be distributed without relying on a trusted actor (server). For example, consider a robo-moderated mailing list formed by cat owners. They have a "posting protocol" that requires you to submit a digital coin worth a dollar or two along with your letter. If enough people click on the "this is spam" button, the group agents donate the coin to an animal shelter and you can't spend it. Otherwise, you get your coin back when your message expires. The posting protocols etc. are wrapped in scripts, of course; on your end you get a message box that says "Are you willing to post a two-dollar bond that says most of the people on the list don't think this is spam?" and yes/no buttons. The subscribers just have another little button on their mail reader - So it goes Next message, delete, reply, reply all, spam. I'd really like it if somebody has figured out a way for a group to form consensus and act on that consensus as though it were a single individual -- capable of participating in general protocols. But individual solutions to problems like the above would be a great start. Bear At 06:01 PM 1/12/01 -0500, Ray Dillinger wrote: Crucial facts about a protocol that does the right thing would be: 1) DOES NOT create any single priveleged user or machine. 2) Resistant to denial-of-service attacks and attempts to "stack the vote." (Requires user authentication) 3) No altered versions of the agent ought to be able to gather enough information to force an action as long as at least the majority of agents are unaltered. 4) Once a consensus is reached, a majority of the agents acting together should be able to take whatever action is found even if the dissenters' agents don't cooperate with them. (a consensus reassembles a key? But then that key can't be used again, what's the next key?) Interesting idea. Starting with 1 user who can admit (by virtue of having 100% of the vote) and then letting the users vote to add others. I don't think reassembling the key is the final stage. I think the server could simply use a voting protocol to get (or timeout) permission to do proposed actions. We are assuming that the server is trusted, right? The server could send signed PGP-encrypted email to all members saying: "The following script has been proposed to be run by GroupServer for your Group.. to vote yes or no, sign a yes or no message and encrypt and send it to GroupServer. This vote closes in 3 days, and votes are acknowleged immediately." (Thinking out loud) Maybe the actions require access to a distributed N-of-M database? How do you prevent someone from reusing the reconstructed database? Or uncooperatives refusing to update their slice of the DB?
Re: Consensus Actions in Cipherspace?
On Sat, 13 Jan 2001, Ray Dillinger wrote: list don't think this is spam?" and yes/no buttons. The subscribers just have another little button on their mail reader - So it goes Next message, delete, reply, reply all, spam. Well, the totally trivial and stupid thing is for a list reader to sign a message saying "I think message X is spam" and send it to the list server. Actually, he doesn't even have to send the message; he can just send the signature if the message is in some canonical format. The server can verify the signature, verify the user's ID, increment a counter, and throw away the signature. When the counter passes a threshold T, -chomp- the server eats the bond. The server can even keep the signatures around if it wants to prove to the luser later that yes, lots of people really did think his message was spam. This has at least two problems 1) Identifies the user who says "I think this is spam." Not a good idea in principle, possibly not a good idea in practice. A potential solution would be a way for a user to sign a message in such a way that * no one can determine which individual public key signed the message * yet anyone can determine that the signer's public key belongs to a specific set of public keys (chosen by the signer and fixed at signature time to avoid the problem with "well, remove one public key and try again!") in this case, the set of eligible list voters. There's probably some crypto voting paper which solves a problem much like this. I'm not up on that. 2) Keeping an audit trail so the server can prove that the majority really did think message X was spam. With this proposal audit trails consist of up to T signatures, where T is the threshold used to trigger the spam alert. At like 1K per signature and many e-mails, this could be sizable. -David
Re: Consensus Actions in Cipherspace?
Well, the totally trivial and stupid thing is for a list reader to sign a message saying "I think message X is spam" and send it to the list Sorry, I re-read your message and noted the requirement to ahve no central server. How about this: 1) To post a message, sender S takes a 2-dollar coin and then uses some kind of verifiable secret sharing protocol to split it into shares. 2) S sends the shares to the group agents. 3) Each group agent verifies that it has a share consistent with the other group agents (see Byzantine Agreement for this one). If any share fails, then something bad happens (what?). The other problem is what happens if S just submitted a bunch of garbage; I'm not sure how to deal with this DoS attack. 4) If a group agent thinks the message is spam, it sends its share to Engineers Sans Frontiers or whoever. Otherwise it keeps mum. Now if enough group agents (1/2, 1/3, whatever) think the message is spam, enough shares collect at step 4) to reconstruct the 2-dollar coin. Otherwise not enough shares collect and the coin is never reconstructed. Presumably S kept a copy and can spend it later. No central server now, just needs a verifiable secret sharing scheme. Pedersen has one, and another is part of the Proactive Security work I mentioned previously. -David
