Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
It's the thought that counts.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.



Crypto-secured Power Supply

A Cryptographic or Quantum secured PSU for sensitive data
  (+9, -4)
(+9, -4)
  [vote for,

When dealing with sensitive data on your computer or server, nefarious people are always trying to seize and take your computer. Computer forensics is getting more and more sophisticated, and now people are able to take your computer without powering it down, using a variety of products, one called HotPlug (see link #1). Very cool. This type of product enables the taker to potentially keep encrypted drives decrypted, passwords typed in, and access to a lot more data than if they shut the PC down. Plus any crypto keys would still be stored in memory, and the taker could take the computer home, freeze the memory, dump the contents of the memory, and then whamo, they've got your crypto keys. Oops.

How to get around this? A cryptographic signal, sent between a signal generator somewhere in the house, over the AC in the house, similar to how X10 sends signals over AC, to a special PSU (power supply) in the computer.

The firmware in the PSU and the firmware in the signal generator are set using the same crypto key (or a Public/Private key), so that the PSU and signal generator know what to send and receive. The signal changes with time, as with one-time passwords, and using A-GPS (which can work indoors) to generate the signal, prevents moving of the signal generator to another location.

If the signal is incorrect at any time, the PSU can start a user-defined process -- disk wiping, shutting down disk decryption running in memory to prevent physical freezing of memory to retain the crypto keys used for decryption (see link #2), some sort of physical destruction of platters or SSD, etc. The PSU would be somehow connected to the system and would be able to take action without changing the screen output (in theory), without letting on that something is occurring in the server that might prevent forensic analysis or data theft.

Sure, this would suck if your wife unplugged your signal generator accidentally, or a power surge took out the signal generator, but not your PC, or the power went out and the signal didn't come through to your PC. But better safe than sorry.

Likely users would include corporations who store sensitive data, and physical theft of sensitive data could cost them millions or billions of dollars; lawyers that keep highly confidential data in central servers; the government, who we all know are keeping big files on all of us. :-) hehe

With quantum computing gaining traction and feasibility, that too could be used instead of cryptographically generated signals.

ooglek, Jun 14 2008

Wiebetech HotPlug http://www.engadget...hout-shutting-them/
Physically moving a computer without disconnecting power. [ooglek, Jun 14 2008]

Freezing Computer Memory for Forensics http://www.physorg.com/news122820185.html
How to physically freeze computer RAM to enable copying its contents, potentially revealing cryptographic keys used for encryption. [ooglek, Jun 14 2008]


       Considering the nefarious persons have access to your PC anyway (and time to cut the outlet from the wall, connect power, and cart it off), and you keep it logged in, powered on, and drives decrypted, why don't they crack it while it's sitting at your desk?   

       And why not build that A-GPS thing into the hardware of the computer?
Amos Kito, Jun 14 2008

       The half-baked idea is to thwart removal of the running computer. How you secure your computer when it doesn't move is up to you. Adding AGPS to the PC would work, depending on how you set up what happens if you lose AGPS signal entirely (they wrap your running computer on HotPlug in lead or tin foil to cut off the external wireless signal).
ooglek, Jun 16 2008

       I'd change that: Simply put on a wireless encrypted heartbeat signal - removal of that signal means immediate shutdown.
erlehmann, Jun 18 2008

       Interesting. It would be a good idea to encrypt the hard drive with the same key as the heartbeat generator and have each disk access use the key it is receiving.
Spacecoyote, Sep 30 2008


back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle