Slashdot Mirror
Death On Demand Drive Tech
Xanderoth writes "Engadget has an article on 'Dead on Demand' technology to destroy your disk drive should it be compromised by any number of ways. From the article: 'Configurable triggers such as removal or tampering of the drive, removal of device from a resting GPS point, cellular telephone call, or even a change in temperature will release a chemical mist into the drive (not the computer) destroying it layer by layer.' Of course the drives, due out next year, are expected to be priced between $2,500 to $9,000 each, plus a yearly fee."
What drive do you want to nuke today?
Please make payment immediately to avoid automatic loss of data.
Please note that this is for your protection - since if your drive is not protected against theft, we will activate the antitheft device to ensure that your data won't fall into the wrong hands.
Why exactly would someone spend $2000 on self-destructive hardware when they can just encrypt the entire drive at the block level to begin with? It makes the data on the drive worthless to thieves, yet doesn't cost anything.
We do this all the time with our Linux laptops using loop-AES and a password and/or USB key before mounting the drive. Since unencrypted data never touches the disk itself, it can just be discarded or reused with a simple zero wipe.
Besides, the self destructive approach would never be acceptable in a military or top secret installation - certifiably strong full-disk encryption (not just a BIOS or hard disk based password) is mandated here anyway.
Apparently this is intended for Windows users who don't have the fully-encrypted-drive option.
For every N drives they sell, I would put at N the number of people who at some point say,
"Ooops -- oh, crap."
Is Murphy's Law just not taught any more?
Raise your children as if you were teaching them to raise your grandchildren, because you are.
Linux supports this natively on most distributions - Loop-AES is the preferred system and has very little overhead. Just make sure you encrypt *everything* - i.e. all filesystems and the swap partition - to avoid having any leaks. The encrypted filesystem should also check the signature of the running kernel to make sure it was not tampered with (since obviously the kernel itself cannot be encrypted or the system won't boot).
Loop-AES even goes so far as to scrub the RAM locations containing the key to avoid burn-in that could be traced later. In this configuration it meets many military grade security standards.
I can not directly relate this to a HD so this is probably somewhat off topic..
I created some user induced destructing car stereo amplifiers.
I removed the painted on "Pos(+)" and "Neg(-)" markings from the power terminals and painted new labels on them that were backwards. I also used a black wire for the positive wire and a red for the negative. I used stencils from some old electronic hobby kits I had laying around and they matched perfectly. Jump ahead about 5 years and sure enough, those amplifiers were stolen as well. I can only hope that the person that attempted to hook them up the first time fried them in the process. Yes, I had some free time on my hands back then but I was so frustrated when my stereo was taken the first time that the relabeling the replacement equipment did not seem like a such a waste of time. The fact that there is a good chance this equipment will be ruined does make me feel a little bit better.
Bad boys rape our young girls but Violet gives willingly.
not mentioning the technical questions:
.....
... I was in the jungle walking my dogs and my wife and recording custom routes for fun.
how will the hard drive see a GPS signal sitting in a HDD case, in a rack, in a room, in a building.
My garmin starts to bitch if I am under a tree and hey I am almost on the equator with 10+ satellites showing full reception
Actually it happened that with a clear view of the sky I just happened to be in the middle of the Atlantic ocean - well according to my gps.
No radio tower/cellphone station or any well seen human cause interference
My point is: if it happens to a trusted brand and quality but admittably a consumer device, it could happen by accident to any device.
Explosives - an intensive enough shock wave through the platter is going to have the same effect as raising the metal above the curie temperature - all magnetic info will be gone, in addition to portions of the drive getting propelled through the wall.
Heat - warm it up beyond the curie temperature, will probably also melt and burn any nearby plastic. As a bonus smoke will make it hard to get data from any drives not protected by this feature.
Really big electromagnets - it's hard to be sure you've removed all trace of magnetic information with a magnet, so go one step furthur and use those electromagnets as an induction furnace - melt that drive!
Hit it really hard - a shock wave through the material can change the phase and wipe out all that information, so something with a decent surface area moving around the speed of sound will probably do it.
At this point some form of chemical attack seems to make a lot more sense, since it can be compact and probably won't cause the building to burn to the ground.
For much less and zero maintenance fees you could just buy a big magnet and put it on top of your hard drive. Then have a missile style toggle switch with a red cover on your case to turn the magnet on. If really adventurous, you could tie the switch to a phone line. There would be no software involved and you'd probably save about $1.7k.
It'd be much cooler too.
Why not simply make sure nobody gets physical access to your HDD?
....
Maybe I'm served with a subpoena requiring me to give the drive to the FBI or whoever. Or maybe it's my data, but the drive is sitting in a colocation slot -- Federal Marshalls swoop down on the ISP, seize the drive.
Might be handy if the drive self-destructed
-kgj
-kgj
Software encryption is slow. Plus it requires a whole PKI infrastructure for large sytem deployments. That can be a nightmare for military operations.
:-), but it implements almost the entire UNIX filesystem semantics at this point and is pretty stable. Anyone who is interested in transparent cryptographic filesystems with strong key management and policy capabilities might want to keep an eye on this. And if you're in the mood for testing and/or contributing patches, please do. :-)
My cryptographic filesystem addresses this problem:
http://sourceforge.net/projects/ecryptfs/
It's got a pluggable PKI interface to facilitate integration into enterprise environments. But if all you need is plain old passphrase-based protection, it provides that too. It has Trusted Platform Module support, and it will soon have GnuPG support.
It's currently in the "experimental" stage, and will be for the next couple of months (or over the next year, depending on how the Linux kernel community treats it
Other crypto filesystems for Linux that I recommend include dm-crypt (it comes w/ the 2.6 kernel), EncFS, and CFS. Google around.
That said, this self-destruct hard drive is a pretty good idea in some cases, for reasons stated elsewhere in this thread. It's hard to apply "rubber hose" cryptanalysis on the user when the media itself is irreparably damaged. The real trick is to get this technology ubiquitously deployed, so that the very fact that you are using it does not arouse suspicion. The next trick is to prevent "false positives." Try explaining to a CEO why his critical documents are toast because some $8-an-hour IT intern inadvertently caused his hard drive to disentegrate.
Should the price tag drop by an order of magnitude and the false positive stats be low enough, I might consider getting one of these drives. Until then, I think that financial markets, military units, and other such high-risk/high-value will find these drives to be a worthy investment. I'm largely concerned with addressing the problem of some random crooks stealing my equipment, so good old fashioned crypto w/ a decent key protection scheme will do well enough for me.
An unjust law is no law at all. - St. Augustine
devmapper has a keying flaw that could result in a known plaintext attack on certain filesystems. This was discovered by Loop-AES maintainer Jari Ruusu and a workaround was implemented in Loop-AES but not devmapper. Hence I'd suggest using Loop-AES until this flaw is fixed.
Interesting that you mention that. I have had three consecutive failures of a 200GB Maxtor drive, and the drive that failed prior to this one was a Fujitsu 6.4GB drive that had been in service for many years. The symptom was that when power was applied, the drive would repeatedly spin up and spin down without ever coming online. Against popular wisdom, I obtained a second Fujitsu drive with the same model number on eBay, and swapped the drive PCB. Amazingly, I was able to recover all of the data without a single problem.
LRC, the best-read libertarian site on the web
For a much simpler method simply have a program load your private data into RAM on start-up and remove it from the disk with an insane number of write/erases, then put it back if you shut down properly (maybe a hidden key sequence and password).
When the cops come to raid you they will just hit the power and rip the machine off your desk (how many times have you seen cops carrying computers out of raids on the news?), and viola, not only have they destroyed the evidence (technically it was their incompetence and nothing to do with you), they have _also_ destroyed the data copying program (which also copied into RAM) so there's no evidence that there was any evidence in the first place.
Remember just destroying something is useless if you're left with a charred remains, that's evidence in itself and can get you into allot of trouble.
The great advantage of this method is its hardware independent - you could potentially install it on any system in minutes, its untraceable in almost every way (buying a physical piece of hardware might be tracable, especially if your credit card bill says 'data safe hard disk' on it) and with the insane explosion in memory you can easily fit most things on it.
The only downside would be unreliability if you lost power or had a crash but this can be over come with additional systems and UPS.
I just hope that in this day and age we're not breaking any laws by just talking about data destruction.
This comment does not represent the views or opinions of the user.
If the key is destroyed, all you have to do is look through 2^256 or however many combinations and see which of them decrypts the drive.
LOL!!!
You obviously have no idea just how large 2^256 is.
An interesting analysis of exactly that is found in Bruce Schneier's _Applied Cryptography_. He looked at the problem from a thermodynamic point of view, asking the question: "Assuming a maximally-efficient computer that used a minimum quantity of energy per bit transition, how much power would it take to count from 0 to 2^256?".
He assumed that the amount of energy required to toggle a single bit is the energy required to move a single electron from one orbit to another. Multiplying that extremely tiny amount of power by 2^256, an extremely enormous number, gives a result so large that, Schneier calculates, it would require the entire output of our sun for approximately two years. And we're talking about the entire output, not just the tiny fraction of it that lands on Earth. Break out your trusy Dyson Sphere
And that is just to count through the values, to say nothing of the energy required to do a trial decryption with each, and analyze the "decrypted" data to see if the key guessed is the right one. It also ignores the time required to do all of this work.
Of course, you could argue that reversible computing, a field in its infancy, might be able to cut the power consumption requirements significantly. But using real transistors, not theoretical devices that require the smallest possible unit of power, would increase them significantly.
I agree with Schneier's conclusion: 256-bit keys won't be brute-forceable until computers are made of something other than matter and occupy something other than space.
Nope. If a 256-bit key was used, and it's gone, your only hope is to attack the cipher, or weaknesses in the implementation of the encryption protocols, because you're not going to find that key with a brute force search.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.