Idea for tamper-resistant PC hardware

drevil at sidereal.kz drevil at sidereal.kz
Fri Jan 12 01:57:15 PST 2001 


Here's something I would like to see: a harddrive that is
tamper-resistant.  The threat model is a server is deployed in an
untrusted machineroom, and recovery of plaintext from the system is
unacceptable.  One obvious attack, involving an encrypted hard drive,
is for the attackers to have a "power failure" and then remove the
encrypted hard drive from the server, and reinstall it in an
"instrumented" server which can recover key data.  I want to defeat
that attack.

One obvious way to do that would be to have a bunch of thermite, or
explosives, or whatever that trigger when the thing is tampered with.
That's fine, but as a general rule, if the solution to the problem
requires explosives, I would rather try to find a different problem.

So here's another solution.  The hard drive itself is encrypted, and
the encryption/decryption hardware is part of the hard drive chips,
and all are mounted within a tamper-resistant enclosure.  Also mounted
in this enclosure is a little battery which will last for the lifetime
of the harddrive, and a large-enough capacitor.  When the enclosure is
tampered with, the capacitor sends a jolt through the chip that holds
the encryption key.  This jolt is big enough to melt the silicon, so
no key bits could be recovered (this would not require much of a jolt,
I would think).  Then the attacker would have the hard drive, but no
way to decrypt it.  Obviously, it would need sensors to detect
tampering with the case, and tricks liking freezing the thing, using
radiation, whatever.

This allows us to have data be permenantly destroyed, and the hard
drive permenantly deactivated, without doing any crazy stuff involving
pyrotechnics which looks bad in the media.  "The computer exploded,
injuring the thieves" looks much worse than "The thieves tripped a
safety mechanism and were unable to recover any data from the
computer."  It would also allow everyhting to be done in a
normal-looking PC case.

So the total solution would be a computer case with sensors which
trigger the capacitor in the hard drive, and also sensors in the hard
drive enclosure which trigger destruction of the key.

It seems like this wouldn't be such a complicated thing to implement.
Any thoughts on this?

More information about the cypherpunks-legacy mailing list