Re: Hard Drive Destruct System?

From: Al Dykes (adykes_at_panix.com)
Date: 11/29/04 

Date: 29 Nov 2004 12:51:45 -0500

In article <41ab2f4d$0$65124$e4fe514c@news.xs4all.nl>,
Casper H.S. *** <Casper.***@Sun.COM> wrote:
>roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) writes:
>
>>How would you know the proper nonce and counter to use for
>>any particular disk block? You have distinguished between the
>>nonce and the key, so either "nonce + counter" is calculated by
>>a constant formula for any given disk block, or else the user
>>would have to enter two "keys", one of which is really the nonce.
>
>The "nonce" is part of the key but used differently in the
>algorithm, just like the initial IV is a part of the
>key in some algorithms; the counter would be derived from the
>address which presumably is always the same for the same
>block of the disk.
>
>>Recall that this isn't a message transmission stream where a nonce
>>can be generated and security interchanged during the authentication
>>phase.
>
>No, it's indeed part of the key.
>
>>If "nonce + counter" is calculated by a constant formula for any
>>particular disk sector, then if the attacker can get access to
>>the system while it is operational with the valid key, they can
>>read the encrypted contents of a disk block and then have the system
>>write the block with known contents (e.g., all blanks.) They would
>>then read off the encrypted result and xor it with the contents
>>they knew they wrote there, and that would give them
>>the Encrypt(Key, Nonce + Counter) that was valid for that disk block.
>>They would take that value and xor it with the previously recorded
>>encrypted contents, and the result they would get back would be
>>the original unencrypted content of the block.
>
>I would assume that an attacker who get access to a system which is
>operating and keyed with proper key+nonce can always read the
>disk content be accessing it through the proper (decrypting) way.
>
>If you can get the system to write an encrypted block, surely you
>can get them to read it too?
>
>>Further to this: if the attackers can gain read access to the encrypted
>>drive even when it is not writing under the aegis of the appropriate
>>key, they can image the disk and withdraw. At a later time when
>>some interesting information has been written to the disk, they can
>>come back and re-image it. If they then xor the two recorded images,
>>the Encrypt(Key, Nonce + Counter) for each disk block will cancel
>>out, leaving them with the xor of the changes to the drive contents.
>>In any block in which the original plaintext content was NULLs
>>[e.g. because nothing had been written there yet], the new disk
>>block content after the series of xor's will be the plaintext of the
>>new disk block contents; similarily, in any block in which the
>>original plaintext content was not null but was overwritten with NULLs
>>[e.g., because the block was released from use], the new disk block
>>content after the series of xor's will be the plaintext of the
>>original block contents.
>
>If you can observe the encrypted contents of a system, it is likely
>that you can also observe much more, such as key material used and so on.
>
>There is protection offered against disks or computeres stolen.
>Casper
>--

If the Bad Guys can put their hands on your system, unsupervised,
you've probably lost the game.

The conjectured sector-level hardware encryption of a disk containing
a Well Known operating system on it probably has some inherant
"known-text" exploit exposure, but the crypto algorithm would chosen
to make the attack as hard as possible, and major supercomputer assets
would have to be brought to bear to crack each disk. Your data is
effectivly encrypted for commercial purposes.

IMO, the existance of a back door known to IBM would be so sensitive
that it would only be used in National Security cases where the
existance of the back door would never be admitted in open court and
protected for 50 years, or whatever. Since IBM also sells crypto
systems to financial institutions and other governments, if the
existence of a back door even came to light it would be a major
embarassment.

I'm not a crypto guy, but I have years of Risk Management experience
and have handled crypto material while working for a major bank. 

-- 
a d y k e s @ p a n i x . c o m 
----
Quantcast