I think of another way to make things harder for a hacker. - Use "data diode isolated" secure servers : one "incoming data diode" for requests reception and one "outgoing data diode" for document emissions. Make sure that each secure server is only connected to the exterior world by these two data diodes. - Introduce randomness in the "data diode isolated" secure servers : make it hard for a "malicious man in the middle" to "reverse engineer" your black box by the analysis of data collected from the observation of your "black box". - Design a distributed system : make your "data diode isolated" secure server exchange data with "dumb nodes." The "dumb nodes" do nothing except relay the responses (they act as proxies). When the secure server sends a response, it sends messages to many "dumb nodes" chosen randomly. Among all these messages, there is only one "real" message. Other messages are fake ones, but are indiscernible from the point of view of a "malicious man in the middle"). Thus, in order to "spy" your system (to collect data), you have to "spy" the entire "galaxy" of "dumb nodes"- and not only one server. This makes things much more difficult for "a malicious man in the middle," especially if your "dumb nodes" are located in different countries which intelligence agencies are not known to collaborate easily (because cracking such a system would require a lot of resources). "dumb nodes" do not need to be particularly secured. An attacker could disrupt your system (by hacking the "dumb nodes"), but it cannot alter the signed document - unless it has a way to crack RSA - or whatever algorithm you use (but, in this case, just forget your project...).
Tell me what you think. Regards. Le mar. 28 juil. 2020 à 12:19, Ayoub Misherghi via Gnupg-users < gnupg-users@gnupg.org> a écrit : > I am going to have a server machine doing encryption. How do you protect > against server operator or admin tampering. This is a scenario where internal > threat or hostility is high; you cannot trust your own guys. (Real situation; > not paranoid.) > > Thanks, > > Ayoub > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
