Thanks you, this is a very good recapitulation. Even better that my first
mail ;-)
Quoting Jeremy Impson <[EMAIL PROTECTED]>:
> On Fri, 22 Jun 2001 [EMAIL PROTECTED] wrote:
>
> > On Fri, 22 Jun 2001, Jim Rees wrote:
> >
> > > But if you really are concerned about "very skilled hackers" you
> will need
> > > significant hardware protection, like a processor with integrated
> boot code
> > > or an epoxy potted processor and boot rom module. Even then you
> won't be
> > > able to completely protect the system against everyone.
> >
> > It seems to me, to do completely secure boot protection all one
> really
> > needs is an encrypting disk controller.
> >
> > Imagine a device that sits between the drive and IDE (or SCSI) disk
> > controller. This device encrypts every block of information going to
> > the disk, and decrypts every block leaving the disk. The keying
> > for this device can be done simply: a keypad is mounted in a
> > 5.25" drive faceplate and the key is entered directly to the
> encryption
> > device; the underlying computer architecture is not involved.
>
> I believe one of the requirements from the original poster was that
> users
> could not take the system (which is obviously "Linux-friendly") and use
> it
> as their own workstation. Correct me if I'm wrong (I've deleted the
> original email) but they plan on giving away the boxes as an
> "appliance"
> for which they'd sell the service. They want to prevent what happened
> to
> that one company (whose name I've forgotten, naturally) who was
> selling
> web appliance service. They gave you a box for free (I think it ran
> QNX)
> and expected you to buy monthly ISP service from them. Knowlegable
> Linux
> hackers would sign up for the service, get a free appliance, cancel
> the
> service, and install Linux on the box. Voila, free Xterm.
>
> What is needed is some way to physically require some sort of
> authentication, else the system is unusable. And it must be proof
> against
> hardware hacking.
>
> The military has stuff like this. And it's EXPENSIVE. We don't give
> it
> out for free.
>
> And nothing is tamper-proof. THere are only varying degrees of
> tamper-resistance.
>
> Then there's all the stuff about encrypting the data on disk, etc.
>
> --Jeremy
>
> Jeremy Impson
> Sr. Associate Network Engineer
> Advanced Technologies Department
> Lockheed Martin Systems Integration
> email: [EMAIL PROTECTED]
> phone: 607-751-5618
> fax: 607-751-6025
>
> ***************************************************************
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***************************************************************
>
---
-�) Patrick Valsecchi
/\\
_\_v http://dante.urbanet.ch/~patrick/index.html
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
