Secure IDE? (fwd)
Bill Stewart
bill.stewart at pobox.com
Sun Aug 3 00:02:52 PDT 2003
Sarath or maybe Mike Rosing wrote:
>If the IV is not a secret how are we going to prevent
>block replay attacks on cipher text?
If you look at the usage models and threat models,
it's simply not a problem. This is a disk drive.
Anybody who has access to disk drive transactions
sufficient to try replay attacks already has deep-level
access to your hardware, so you're toast anyway
because they can see the unencrypted data before it's written.
What this kind of system is normally good for
is making sure that anybody who steals your hardware
when it's not running can't read your disk's data.
(Steals includes thieves with and without warrants or subpoenas...)
There's not really a risk of replay attacks there.
However, there's an emerging application for which
disk drives are more vulnerable, which is remote storage.
Some of the new disk interface standards, like Fibre Channel,
and probably some of the flavors of iSCSI,
can operate over distances of 20km and longer over fiber,
leading to businesses like colocation centers in New Jersey
providing big disk drive farms for New York City financial businesses
which have their mainframes in Manhattan.
For applications like that, it is important to do good IVs,
because control of the disk drive doesn't imply control of the machine.
More information about the cypherpunks-legacy
mailing list