Re: {1495} Re: Looking for hardware storage device with erase
Two ideal solutions would be:
1) a hard drive with a small built in attached volitile/non-volitile
memory and a battery pack. The key can be written to this memory.
The only time the key should be erased is if the case is opened / the
drive is removed / or power is cut off for a long period of time
2) or, perhaps the key is stored in tamper proof (well... resistant)
hardware and is erased if started up in an environment that is was not
originally installed in.
A full disk encrypted hard drive is our ideal solution. I cannot find
any manufacturers that support what we are looking for. So far they
all either require a dongle or the user to type in a password on
boot. This requirement of physical access is not acceptable for a
solution.
I should also note that even though the threat is low, if the data was
readable, the damage could be very large.
The threat is not government level so electron microscopes and things
like that are nothing to worry about. We are worried about:
1) Some IT intern picks out the appliance and sells the hardware
mistaking it for a decom'd server. An unscrupulous person gets a hold
of the drives and reads the sensitive data
2) Somehow a competitor gets a hold of one of these appliances and
wishes to decompile our source code (It's Java so its not hard)
So, again, these are unlikely to happen. The largest damage would
come from #1. We want to be able to ensure to our customers that
their data is secure in the event that the hardware falls into the
wrong hands.
Do you guys have any suggestions for encrypted hard drives around the
price range of $300 - $400? Through my searches I have found many
patents that seem to be what I am talking about. It seems people like
thinking up ideas and leaving them for someone else to build :-).
Which is one reason why I hate patents.
Thanks.
On Apr 29, 7:25 pm, Thomas Shaddack <t..._at_shaddack.mauriceward.com>
wrote:
> The PCF8570 chip? It is a 256-byte SRAM with I2C interface. Use a small
> battery for data retention, and cut power when the case is opened. Perhaps
> use a supercapacitor charged from the power supply and shorted with a
> switch inside the case when the case is opened (advantage is that the
> supply voltage goes immediately to ground instead of potentially lingering
> on a capacitor; the chip itself needs only 1V/400nA (yes, 0.4 microamp)
> for data retention).
>
> Another possibility is using a microcontroller with a suitable program.
> This choice offers a wide range of options for the device behavior, tamper
> detection, PIN lock for data retrieval, etc.
>
> Choice of an optimal approach strongly depends on the specific demands on
> the application, the security model, and the balance of losses when the
> device misfires because it is too paranoid vs when the device does not
> erase itself because it misses a legitimate trigger event. For the cost of
> considerably more complicated code, we could also store the data inside
> the chip in an encrypted state, eg. make the key a hash of a PIN and a
> stored secret. Or perhaps a multipart secret, where the parts can be
> fetched over the network, after authorization. Way too many solutions are
> possible here to pick/suggest any without knowing more about the
> application.
>
> How it should be connected into the computer? Some motherboards have a
> connector with SMBUS. Is it this case? Or perhaps via USB or a RS232 port
> or a parallel port connector accessible inside the case?
>
> Is it a simple low-stakes application (the $300 budget suggests so), or
> does the threat model include people with electron microscopes and
> expensive laboratories, capable of retrieving remanent charge from memory
> cells, or able to see the changes in their structure caused by prolonged
> storage of the same value (exotic and limited, but somewhat doable)? Can
> the adversary monitor the EM emissions of the chip in operation, or can we
> afford to not bother with those countermeasures in the design?
>
> How skilled hardware designer are you? Are you limited to off-the-shelf
> commercial solutions, or can you build your own if pointed the right way?
>
> On Sun, 29 Apr 2007, kondrak wrote:
>
> > A cryptostick USB drive and folder lock?
>
> > SynRG wrote:
> > > We are creating a server appliance that we wish to protect with disk
> > > encryption. We would like to store the encryption key in some sort of
> > > volatile / non-volatile storage device that, when the case is opened
> > > is erased from the storage device.
>
> > > Obviously we don't need much space, just a few bytes actually. I
> > > would like to find something for less than $300 if possible.
>
> > > Do you know of any options?
>
> > > Thanks.
Received on Sat Mar 02 2024 - 00:57:17 CST
This archive was generated by hypermail 2.3.0
: Sat Mar 02 2024 - 01:11:44 CST