Re: [TSCM-L] {1495} Re: Looking for hardware storage device with
erase
The PCF8570 chip? It is a 256-byte SRAM with I2C interface. Use a small
battery for data retention, and cut power when the case is opened. Perhaps
use a supercapacitor charged from the power supply and shorted with a
switch inside the case when the case is opened (advantage is that the
supply voltage goes immediately to ground instead of potentially lingering
on a capacitor; the chip itself needs only 1V/400nA (yes, 0.4 microamp)
for data retention).
Another possibility is using a microcontroller with a suitable program.
This choice offers a wide range of options for the device behavior, tamper
detection, PIN lock for data retrieval, etc.
Choice of an optimal approach strongly depends on the specific demands on
the application, the security model, and the balance of losses when the
device misfires because it is too paranoid vs when the device does not
erase itself because it misses a legitimate trigger event. For the cost of
considerably more complicated code, we could also store the data inside
the chip in an encrypted state, eg. make the key a hash of a PIN and a
stored secret. Or perhaps a multipart secret, where the parts can be
fetched over the network, after authorization. Way too many solutions are
possible here to pick/suggest any without knowing more about the
application.
How it should be connected into the computer? Some motherboards have a
connector with SMBUS. Is it this case? Or perhaps via USB or a RS232 port
or a parallel port connector accessible inside the case?
Is it a simple low-stakes application (the $300 budget suggests so), or
does the threat model include people with electron microscopes and
expensive laboratories, capable of retrieving remanent charge from memory
cells, or able to see the changes in their structure caused by prolonged
storage of the same value (exotic and limited, but somewhat doable)? Can
the adversary monitor the EM emissions of the chip in operation, or can we
afford to not bother with those countermeasures in the design?
How skilled hardware designer are you? Are you limited to off-the-shelf
commercial solutions, or can you build your own if pointed the right way?
On Sun, 29 Apr 2007, kondrak wrote:
>
> A cryptostick USB drive and folder lock?
>
> SynRG wrote:
> > We are creating a server appliance that we wish to protect with disk
> > encryption. We would like to store the encryption key in some sort of
> > volatile / non-volatile storage device that, when the case is opened
> > is erased from the storage device.
> >
> > Obviously we don't need much space, just a few bytes actually. I
> > would like to find something for less than $300 if possible.
> >
> > Do you know of any options?
> >
> > Thanks.
> >
> >
> > >
> >
>
>
> >
Received on Sat Mar 02 2024 - 00:57:17 CST
This archive was generated by hypermail 2.3.0
: Sat Mar 02 2024 - 01:11:44 CST