Path: utzoo!utgpu!water!watmath!clyde!rutgers!ames!ucbcad!ucbvax!UCSCB.UCSC.EDU!lupin3 From: lupin3@UCSCB.UCSC.EDU (-=/ Larry Hastings /=-) Newsgroups: comp.sys.amiga Subject: Re: An Idea for Hardware Protection Message-ID: <8801110635.AA03499@ucscb.UCSC.EDU> Date: 11 Jan 88 06:35:36 GMT References: <8801090958.AA20842@ucscb.UCSC.EDU> <4779@videovax.Tek.COM> Sender: daemon@ucbvax.BERKELEY.EDU Reply-To: lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU Organization: Uncle Charlies Summer Camp (UC Santa Cruz) Lines: 109 +-In article <4779@videovax.Tek.COM>, stever@videovax.Tek.COM (Steven E. Rice, P.E.) wrote:- +---------- | | In article <8801090958.AA20842@ucscb.UCSC.EDU>, Larry Hastings | (lupin3@ucscb@ucscc.BITNETlupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU) writes: | | > . . . | | > First, every computer would be shipped with a "personal dongle" . . . | | > Second, buried DEEP within the OS, every time a disk is inserted into | > any drive, it's checked to see if it is a "secure" disk (PD disks, or | > storage disks, or whatever; don't necessarily have to be secure). If it | > is, and has the serial number imprinted on it, it accesses the dongle | > port, and checks to see if any of the serial numbers kicked out by the | > dongle port match; . . . | | > Of course, all disks would have a "developer number(s)" on them, so if you | > sent it back to the company THEY would be able to use it. :) | | > . . . | | Two problems immediately spring to mind: | | 1. What if you lost your dongle(s)? Can you get a replacement and get up | and running overnight, as you can if your hard disk dies? Or are you | stuck because there is no way to get a replacement? | | If you lose the dongle, you are up an odoriferous estuary without a means | of propulsion. If you buy a replacement dongle that has a different | number, at the very least you will have to send all your software back | to the manufacturers to have them wipe the dongle number out of it so | you can put the new dongle number in it. | +---------- You deleted then next phrase... it ~= said "First, every computer would be shipped with a 'personal dongle' (or probably two, just to be safe)". If you lost one, you use your backup, and send off to the company for another one (costing you $5 or something to get a new one made up). If you lose BOTH of them, then you lose out for a little while, but you're probably the kind of person who loses 3 car keys a week, and should order your dongles in batches of 20. +---------- | | 2. A fundamental rule of computer security (and one that has been ignored | by most [all?] posters on this subject) is that before the programs | that run on a computer can be secure, the computer must be physically | secure. While the DOD can do this (armed guards and the works!), this | is not possible with personal computers. | | But even more fatal to this idea is the existence of physically unsecure | computers (yours, mine, and everyone else's except DOD, NSA, and a few | others). No matter how "DEEP within the OS" you embed the checking, it | is rather simple to disassemble the OS, FileZap the check so it always | passes, and pirate merrily along. If the OS is in ROM, a quick ROM | modification will do the job nicely. No one would buy a computer which | was built like a bank vault and designed to self-destruct if anyone | tampered with it. Yet that is what it would take. Even then, some | would pry into it, just for the thrills. | +---------- I was thinking about this (because of mail I got on the subject) and decided that the security checker should also be the entire I/O chip, with either the ROM for security checking built on to the chip or attached to it somewheres; and that the whole assembly should be surrounded in epoxy and plugged in to the mother board. In any case, my original intention was to have this security checking so integral to the system that this couldn't be "rather simple" to do... sort of like the flying barnacles that attached themselves to your spinal column on Star Trek. You couldn't just surgically _remove_ them... +---------- | | If you didn't want to modify your operating system, you could FileZap | the disk to its "pristine" state. You might even do this on another | kind of machine, which doesn't normally use the same kind of file | system, but can be programmed to read and write foreign formats. And, | once you had it "pristine" again, you might decide to make a backup | copy or two or ten. . . | +---------- But, first of all, you shouldn't be able to putz around with the state of the security on the disk ("FileZapping it to the pristene state" would be hands off). Seeing as how all the file I/O goes through the I/O chip, perhaps it would not let you READ the security section of the disk. Anyways, all I can offer for the second suggestion is... if it's a secure disk for this _future_ machine, then the manufacturer wouldn't want you reading it on foreign machies, and could play hell with the format. If you didn't _know_ the format of storage on a secure disk, you couldn't read it... +---------- | Steve Rice | new: stever@videovax.tv.Tek.com | old: {decvax | hplabs | ihnp4 | uw-beaver}!tektronix!videovax!stever | +---------- -- .. . . . . . . . . . . . .. . . . . . . . . . . . | _ _ _ _ |_| _ _ |_ -__ _ _ ARPA: lupin3@ucscb.ucsc.EDU L_ (_\( ( (_/ | |(_\_\ (_ || )(_)_\ UUCP: ...!ucbvax!ucscc!ucscb!lupin3 larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET ^v^v^vBoy, I'm glad I don't live in an alternate universe!^v^v^v Disclaimer: All original text above was pointless & random, & it makes me proud. . . . . . . . . . . . .. . . . . . . . . . . . ..