[Cryptography] Secure erasure
John Denker
jsd at av8n.com
Fri Sep 9 13:47:33 EDT 2016
On 09/08/2016 07:10 PM, Salz, Rich wrote:
>> (Side note: haven't we had enough of C and language discussions here?)
Non-peripheral non-parenthetical answer: The issues here are far broader
than C in particular, and far deeper than computation in general. I have
once again removed "C" from the Subject: line.
I recommend:
Laura J. Heath,
"An Analysis of the Systemic Security Weaknesses of
the U.S. Navy Fleet Broadcasting System, 1967-1974,
as Exploited by CWO John Walker"
Master's Thesis, U.S. Army Command and General Staff College (2005)
Here's the nut graf:
> A larger issue is the question of what is being audited. The FBS audit system
> checked the chain of custody on the key cards, on the implicit assumption that the key
> cards were what needed to be guarded. It attempted to exhaustively document who
> handled them, from their creation to their ultimate destruction, on the assumption, once
> again, that if only cleared personnel got access to the key cards, then they would be safe
> from compromise. Using the modern concepts of data confidentiality and availability,
> however, it is clear that the /data/ was what needed to be protected. Control of the paper
> key cards was important, but only because of the data punched onto them--which means,
> for example, that having two-man control over the destruction of key cards is irrelevant if
> there are no controls at all on the photocopier.
Emphasis in the original: /data/.
Protecting secret /data/ aka /information/ is a lot harder than protecting
secret documents.
As one small example of the larger problem, the "volatile" keyword is
supposed to tell the compiler something about the memory location where
you intended to store the information, but provides absolutely no
guarantees about the /information/ itself.
Furthermore, labeling the location as "volatile" does not make it so.
Context switching, caching, swapping, wear-leveling, etc. can make copies
of the /information/ at levels where your favorite programming language
has no control whatsoever.
All the «secure erasure» routines I've seen appear just as fatally flawed
as protecting the crypto key cards and other documents, but not protecting
the /information/ thereon. They reduce the attack surface "some" but not
very much. Small refinements are not going to help.
Here's the image that comes to mind:
http://haha-business.com/i/_interface/epic-fail-photos-security-fail.jpg
More information about the cryptography
mailing list