TPM alternative to securely store encription key inside a system
I need to deploy a server containing very sensitive data. More precisely, this (linux) server will be deployed on a van full of antennas spinning arround the world, and i need to prevent data leaks even in case of an untrusted van operator that will eventually gain directly access to the hard drive.
The actual (previous) configuration is based on a encrypted FS, and works fine until the server reside on some server room somewhere, even if this force t开发者_StackOverflowhe presence of someone trusted to enter the key on reboot.
But this solution is not applicable on this new scenario where the server will be rebooted often and will not be followed by someone authorized to access the data. Some of our new servers are equipped with TPM module, so the problem is solved the case, but most of servers provided do not include this security feature.
How can i store these sensitive data encrypted, without need of user intervention for decription at boot time and without saving the plain password on the hard drive?
We are thinking about some obfuscated-code-machine-checking-based key generator, in the same way some license validation software works, but I don't know from where to start.
You need a http://en.wikipedia.org/wiki/Hardware_Security_Module server like used in banks for storing private credit card paymament information (like pins). They have a physical security, so if you open the case of server without authorization, it will delete secret key.
TPM is not a real solution of the problem, as the server can be demounted and stolen. If it doesn't require a password on boot, it will use private information, decrypting it internally. There are some hardware-sniffing solutions to get this information from the working server, like this http://www.asset-intertech.com/products_interposers.htm (jtag debugger for CPU) or this http://www.zdnet.com/blog/security/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/900 (frozed dimm memory save the data after poweroff).
I'm not an expert in field of hardware security, so I only can recommend several web links, such as http://en.wikipedia.org/wiki/Tamper_resistance & http://en.wikipedia.org/wiki/FIPS_140-2 (levels 3&4)
Late answer, but might still be helpful for people stumbling on this question.
You can use the TPM to protect the key and not need to enter a password at each boot. You need to use the TPM Sealing functionality.
An example of this approach is the way Windows Bitlocker uses the TPM to protect the full disk encryption key.
The added benefit is that not only you store the key securely and don't need to enter your password, you also allow it to be used only if the specific software that you designate is loaded on the machine.
精彩评论