From owner-freebsd-security Tue Oct 14 18:56:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA04873 for security-outgoing; Tue, 14 Oct 1997 18:56:23 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from dworkin.amber.org (petrilli@dworkin.amber.org [209.31.146.74]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA04862 for ; Tue, 14 Oct 1997 18:56:17 -0700 (PDT) (envelope-from petrilli@amber.org) Received: from localhost (petrilli@localhost) by dworkin.amber.org (8.8.7/8.8.7) with SMTP id VAA13031; Tue, 14 Oct 1997 21:56:29 -0400 (EDT) Date: Tue, 14 Oct 1997 21:56:28 -0400 (EDT) From: "Christopher G. Petrilli" To: Mike Smith cc: security@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? In-Reply-To: <199710150140.LAA00804@word.smith.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 15 Oct 1997, Mike Smith wrote: > > I will note that IBM recently release an analysis of smart-card designs > > that involved the use of residual memory imprints for recoverying private > > key information. I can find the references if you want. In addition, ifg > > you will search thru the patent database, you will find that the NSA holds > > about 40-50 patents in "data recovery" techniques. > > > > WHile it's not cheap, there are quantum residuals left behind in all > > environments which are measurable. > > Please note that I am *not* questioning whether, given analog access to > the storage device, previous data state(s) can be recovered; this is a > given. > > What I *am* questioning is why this is a requirement in a purely > software environment, where it is not possible via software to > determine anything other than the current value of a given storage > location. > > The only methods for obtaining the previous contents of a storage > location involve physical analog access to the hardware, and if you > have this then system security has already been compromised because you > could have recorded the original value when it was current. Security is an all-encompassing thing, not electornic, not physical. And without verified architecture, ther eis no "proof" that the only way to get access to the storage location is via physical access. Remember, that's why it costs a lot of money to build verified systems, one has to build a boolean algebra description of the system that is provable, rather than just "good enough." While things like Van Eck devices can be used for real-time access, hence the TEMPEST and ZONE restrictions on various foreign installations (TEMPEST is no longer mandetory for US classified, and ZONE is optional in many cases), these do not deal with residual data. My issue was that residual data can be read via various methods. > > That having been said, the pattern is more important on magnetic media, > > rather than DRAM. But I say use it all the time. In fact there is a > > specific set of 8 bit numbers that are tto be written in a specific order > > that are designed to exercise the memory in a specific pattern. I can get > > these if people are interested. > > Probably -chat and crypto-paranoia material. I'd like to see the > pattern and any commentary from people that might be able to map it > onto the behaviour of old core and/or bubble systems, for amusement > value if nothing else. The NSA does not invest millions of dollars into quantum physics for nothing, simply. This area is the field my company deals in, and operates in, simply said, it is also what I do for a living. FWIW, I know for a fact that various organizations under the DCI regularly use electron microscopes for tamper detection of semiconductor circuits. But this is wandering into the esoteric field of tamper detection at a scale which this organization (i.e. the cooperative that is FreeBSD) is neither prepared for nor appropriate. If someone wishes to detect data, they will, the issue with patterns is more related to less transient storage, such as disk/flash, etc. I believe that it is totally acceptable to do a single write over RAM, but that disk storage SHOULD be dealth with seperately with an appropriate pattern. The pattern is designed to stabilize the magnetic properties (remmeber, no single magnetic domain is totally independent of the ones around it) by exercising them in a specific order. This is hardly paranoia, but a provable physical property. Why do you think you can recover data off of an erased disk? :-) Chris