Is there a data center (cloud? colo?) which does a good job of warning customers against physical attacks on their servers?
The customer is expected to keep everything encrypted with disk encryption, and the warning system provides notice to allow the system to wipe the in-memory key. Thus only milliseconds of advance warning are necessary. I'm imagining physical intrusion detection alarms. Needs operating system support. Needs to work even if power is cut.
The maximal threat model I'm assuming is a government raid (e.g., China, though our government does this, too), which makes things very difficult; we need a tamper-resistant intrusion detection that remains functional even if the operator of the facility has been coerced into cooperating. Thieves could do this, too.
Because of cold boot attacks against memory, we need encrypted memory, too, or else in-memory data structures and disk caches may be compromised. This does not yet exist as far as I know, and will probably cause tremendous performance degradation. (Hardware support?) Or, with somewhat more advance warning (or hardware support?), the system could also wipe all memory when the tripwire is tripped.
There may be false alarms requiring the customer to supply the decryption key again. The next challenge is to prevent the thief from fooling the customer that a real alarm is a false alarm and tricking the customer into revealing the key while bringing the machine back up.
No comments :
Post a Comment