Seagate bakes security into hard-disk drive

TalkBack 36 of 40:

Next »

« Previous

• Thread View
• Flat View

But what about 'back door' holes?

As with the Clipper chip, it would be easy to have a back door in this encryption chip scheme and/or its BIOS/ROM etc.

We could see a nasty scenario whereby some poor user looses a lifetime's work when he/she loses or forgets the password. Seagate will say the data is irrecoverable, so will everybody else. In the meantime, the snoops will be transparently reading away as if encryption had never happened--AND quite content to let the poor unfortunates suffer for fear of revealing that they read everything.

The ONLY way hard disk drive encryption can work satisfactorily is for:

(a) The chip's technical parameters to be open, published and standardized a bit like the PGP algorithm is now (i.e.: the chip's encryption algorithm would be fully published and open to public scrutiny).

(b) The chip's silicon would need to be reverse-engineered to check for 'back-door' holes and any other potential security breaches. Some method of authenticating and certifying that the correct chip is actually installed needs to be deployed.

(c) Drive motherboards (which holds the encryption chip) must be continuously under surveillance and continuously authenticated to ensure that the correct chip is installed and is operational according to the standard, and also that at no time can the chip be bypassed. Similarly, at all times, the chip needs to under continuous authenticated surveillance to ensure it doesn't change.

(d) The encryption algorithm needs to be authenticated on-the-fly to ensure that the algorithm is not modified, added to or bypassed whilst in use.

(e) ALL user data MUST ALWAYS go via the encryption chip and that there is neither a method of bypassing the encryption nor bypassing the chip. Active monitoring will advise if the status changes.

(f) The drive needs anti-tamper technology installed (both physical and electronic) with active monitoring.

(g) Ideally, the chip would be socketed. This would allow the user to install his/her own chip with a user-installed algorithm etc. and thus be fully under control of the user and its operation fully verifiable.

There is nothing special about what I'm saying here, these measures are not over-the-top, rather they are just the normal rules and procedures required to encrypt, authenticate (verify) and to ensure there are no security leaks associated with the drive's security.

NOTE: this is just the drive's security. How to secure an operating PC is another matter entirely.

To date, the information about Seagate's drive security is so vague that one can but help wonder if this were not a scheme to lull average users into thinking they have secure drives whilst those in the know will have easy access.

In the meantime:

(a) Don't trust stuff you don't want seen by putting it on a hard disk, and;

(b) if you must store important info on your drive then use proven and well-tested encryption such as PGP or Blowfish etc. to secure it.

Posted by: Irritated_User   Posted on: 11/04/06 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Dell IT Cuts Energy Costs by Up to 40 Percent With a New Power Management Plan Dell Energy conservation is an increasingly important issue for organizations ... Download Now
• Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
• Smarter ways to make smarter products IBM Smarter Products is about creating products that integrate into our lives ... Download Now