Re: [TSCM-L] {1497} Re: Looking for hardware storage device with
erase
Thomas Shaddack wrote:
>
> The PCF8570 chip? It is a 256-byte SRAM with I2C interface. Use a small
> battery for data retention, and cut power when the case is opened. Perhaps
> use a supercapacitor charged from the power supply and shorted with a
> switch inside the case when the case is opened (advantage is that the
> supply voltage goes immediately to ground instead of potentially lingering
> on a capacitor; the chip itself needs only 1V/400nA (yes, 0.4 microamp)
> for data retention).
>
> Another possibility is using a microcontroller with a suitable program.
> This choice offers a wide range of options for the device behavior, tamper
> detection, PIN lock for data retrieval, etc.
>
> Choice of an optimal approach strongly depends on the specific demands on
> the application, the security model, and the balance of losses when the
> device misfires because it is too paranoid vs when the device does not
> erase itself because it misses a legitimate trigger event. For the cost of
> considerably more complicated code, we could also store the data inside
> the chip in an encrypted state, eg. make the key a hash of a PIN and a
> stored secret. Or perhaps a multipart secret, where the parts can be
> fetched over the network, after authorization. Way too many solutions are
> possible here to pick/suggest any without knowing more about the
> application.
>
> How it should be connected into the computer? Some motherboards have a
> connector with SMBUS. Is it this case? Or perhaps via USB or a RS232 port
> or a parallel port connector accessible inside the case?
>
> Is it a simple low-stakes application (the $300 budget suggests so), or
> does the threat model include people with electron microscopes and
> expensive laboratories, capable of retrieving remanent charge from memory
> cells, or able to see the changes in their structure caused by prolonged
> storage of the same value (exotic and limited, but somewhat doable)? Can
> the adversary monitor the EM emissions of the chip in operation, or can we
> afford to not bother with those countermeasures in the design?
>
> How skilled hardware designer are you? Are you limited to off-the-shelf
> commercial solutions, or can you build your own if pointed the right way?
>
>
>
>
> On Sun, 29 Apr 2007, kondrak wrote:
>
>> A cryptostick USB drive and folder lock?
>>
>> SynRG wrote:
>>> We are creating a server appliance that we wish to protect with disk
>>> encryption. We would like to store the encryption key in some sort of
>>> volatile / non-volatile storage device that, when the case is opened
>>> is erased from the storage device.
>>>
>>> Obviously we don't need much space, just a few bytes actually. I
>>> would like to find something for less than $300 if possible.
>>>
>>> Do you know of any options?
>>>
>>> Thanks.
>>>
>>>
>>
>
> >
>
Received on Sat Mar 02 2024 - 00:57:17 CST
This archive was generated by hypermail 2.3.0
: Sat Mar 02 2024 - 01:11:44 CST