Article: Intel’s Plans for 3DXP DIMMs Emerge
By: Anon (no.delete@this.email.com), December 11, 2018 5:21 pm
Room: Moderated Discussions
Maynard Handley (name99.delete@this.name99.org) on December 11, 2018 7:20 am wrote:
>......
> The crypto has to be appropriate to the problem. This is NOT the equivalent of network crypto.
> For example, suppose the equivalent of a random key burned into the device is XOR'd with everything
> going into and out of an MRAM cache (maybe also XOR-in the relevant addresses).
> Is that good enough? On the off-chance that someone could extract the contents
> of the MRAM cache (which may or may not be true?) the assumption is always
> that they CANNOT extract the contents of these sorts of hardware keys.
Such a scheme would be about as secure as writing a key on a yellow postit on your monitor.
Unfortunately the fact is that good encryption is hard, and somewhat computationally involved.
Not to mention the fact that with a static key, both ends need that key, as as soon as it leaks, its game over.
Real security is about reducing threat envelopes, and adding complexity rarely does that - moving the secure data to its own completely separate physical device with the simplest possible interface, dedicated to just that function is generally a good start, but securing a high complexity shared resource such as a modern cloud server? good luck.. Securing something where a bad actor has physical access enough to remove memory? good lucky..
>......
> The crypto has to be appropriate to the problem. This is NOT the equivalent of network crypto.
> For example, suppose the equivalent of a random key burned into the device is XOR'd with everything
> going into and out of an MRAM cache (maybe also XOR-in the relevant addresses).
> Is that good enough? On the off-chance that someone could extract the contents
> of the MRAM cache (which may or may not be true?) the assumption is always
> that they CANNOT extract the contents of these sorts of hardware keys.
Such a scheme would be about as secure as writing a key on a yellow postit on your monitor.
Unfortunately the fact is that good encryption is hard, and somewhat computationally involved.
Not to mention the fact that with a static key, both ends need that key, as as soon as it leaks, its game over.
Real security is about reducing threat envelopes, and adding complexity rarely does that - moving the secure data to its own completely separate physical device with the simplest possible interface, dedicated to just that function is generally a good start, but securing a high complexity shared resource such as a modern cloud server? good luck.. Securing something where a bad actor has physical access enough to remove memory? good lucky..
| Topic | Posted By | Date |
|---|---|---|
| New article on Intel's 3DXP | David Kanter | 2018/07/23 10:02 AM |
| New article on Intel's 3DXP | Groo | 2018/07/23 01:53 PM |
| New article on Intel's 3DXP | Michael S | 2018/07/23 02:47 PM |
| New article on Intel's 3DXP | Teemo | 2018/07/23 05:38 PM |
| New article on Intel's 3DXP | Wes Felterw | 2018/07/23 09:41 PM |
| Flash DIMMs = bad idea | David Kanter | 2018/07/24 04:31 AM |
| Flash DIMMs = bad idea | Emil Briggs | 2018/07/24 06:30 AM |
| Flash DIMMs = bad idea | David Kanter | 2018/07/24 06:49 AM |
| Flash DIMMs = bad idea | Michael S | 2018/07/24 06:59 AM |
| Flash DIMMs = bad idea | Emil Briggs | 2018/07/24 08:29 AM |
| Flash DIMMs = bad idea | Doug S | 2018/07/24 08:49 AM |
| price | Michael S | 2018/07/24 03:16 PM |
| price | Doug S | 2018/07/24 03:32 PM |
| price | Michael S | 2018/07/24 03:49 PM |
| Flash DIMMs = bad idea | blaine | 2018/12/03 04:40 PM |
| Flash DIMMs = bad idea | Wes Felter | 2018/12/04 12:07 PM |
| Flash DIMMs = bad idea | RichardC | 2018/12/04 04:09 PM |
| Flash DIMMs = bad idea | Michael S | 2018/07/24 06:51 AM |
| Flash DIMMs = bad idea | Adrian | 2018/07/24 07:35 AM |
| Flash DIMMs = bad idea | Ricardo B | 2018/07/24 09:24 AM |
| Flash DIMMs = bad idea | bakaneko | 2018/07/24 06:55 PM |
| New article on Intel's 3DXP | Etienne | 2018/07/25 05:02 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/01 06:23 AM |
| New article on Intel's 3DXP | Michael S | 2018/12/01 08:56 AM |
| New article on Intel's 3DXP | anon | 2018/12/01 09:21 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/01 01:52 PM |
| New article on Intel's 3DXP | Adrian` | 2018/12/01 03:43 PM |
| New article on Intel's 3DXP | Adrian | 2018/12/01 11:05 PM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/11 05:17 AM |
| New article on Intel's 3DXP | Adrian | 2018/12/11 05:42 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/11 08:20 AM |
| New article on Intel's 3DXP | wumpus | 2018/12/11 09:36 AM |
| New article on Intel's 3DXP | Anon | 2018/12/11 05:21 PM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/11 05:32 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 12:29 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 11:32 AM |
| New article on Intel's 3DXP | wumpus | 2018/12/12 12:07 PM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 12:41 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 03:55 PM |
| New article on Intel's 3DXP | Anon | 2018/12/12 03:49 PM |
| New article on Intel's 3DXP | Anne O. Nymous | 2018/12/12 01:14 AM |
| New article on Intel's 3DXP | anon | 2018/12/12 06:28 AM |
| New article on Intel's 3DXP | Maynard Handley | 2018/12/12 11:26 AM |
| New article on Intel's 3DXP | Anne O. Nymous | 2018/12/12 02:10 PM |
| New article on Intel's 3DXP | innocent bystander | 2018/12/12 10:34 PM |
| New article on Intel's 3DXP | anon | 2018/12/12 02:42 PM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/02 05:53 AM |
| New article on Intel's 3DXP | Adrian | 2018/12/02 07:01 AM |
| New article on Intel's 3DXP | Howard Chu | 2018/12/02 11:34 AM |
| Intel's 3DXP availability | Etienne Lorrain | 2018/12/03 04:50 PM |
