crypto question

Arnold G. Reinhold reinhold at world.std.com
Fri Mar 22 14:21:01 EST 2002 

There are groups with lots of money and dedicated, trained agents who 
are willing to die that would dearly like to steal a nuclear weapon. 
So far, they have not succeeded (if they do, I fear we will know 
about it quickly).  So someone has been able to do physical security 
right.

The problem is doing it in a way that is affordable and doesn't 
require an army. Designing computers that can detect an attack seems 
worth exploring. FIPS-140 envisions such an approach when it talks 
about wrapping security modules in a mesh of insulated wire whose 
penetration tells the module to zeroize.

I'm not sure what changes in your argument if you delete the word 
"physical."  Perhaps we should all just give up with this security 
nonsense.


Arnold reinhold



At 11:28 PM -0600 3/21/02, Jim Choate wrote:
>As someone who spent 5 years doing all the physical security for a major
>university I can say that ALL physical systems can be broken. No
>exception. The three laws of thermodynamics apply to security systems as
>well.
>
>There is ALWAYS a hole.
>
>On Thu, 21 Mar 2002, Arnold G. Reinhold wrote:
>
>> It's not clear to me what having the human present accomplishes.
>> While the power was out, the node computer could have been tampered
>> with, e.g. a key logger attached.
>
>> Who said you were allowed to lose power and stay secure? Laptops are
>> pretty cheap and come with multi-hour batteries.  There should be
>> enough physical security around the node to prevent someone from
>> "tripping" power.
>>
>> One approach might be to surround a remote node with enough sensors
>> so that it can detect an unauthorized attempt to physically approach
>> it.
>
>
> --
>    ____________________________________________________________________
>
>                 There is less in this than meets the eye.
>
>                                     Tellulah Bankhead
>     ravage at ssz.com                                         www.ssz.com
>     jchoate at open-forge.org                          www.open-forge.org
>    --------------------------------------------------------------------


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list