RE: Secure logging

From: Keith Copenhagen <k_at_copetech_dot_com>
Date: Wed Nov 10 2004 - 17:12:48 CST

Thanks Robert,

I thought about proms, but came back to CDs, here's why :

At first blush, eproms are not really solving the problem, you don't buy
prom boards,
you buy prom chips, from someone far away .
Somehow that chip needs to be connected to the system requiring an audit
trail, then if it is consumed it will need replacement. In order to
destroy the data, you'll need electrical access to the chip either via
the pins or conceivably some type of electrical arc (like a static gun).
 Small write time is in the uSeconds.

Compare to a CD -
Drives are commodity and already tested and in the unit at point of
purchase.
CD Blanks are cheap and more available than literally anything I can
think of except coffee,
I've seen them at a 24hour convenience store, and street kiosks.
Small write time is 1000x slower that prom, 10s of mSec.
The plastic can be melted at lower temperatures, and can be broken using
ones hands. Assuming easy access to the CD-Rom drive.

I also have yet to be convinced that our audit requirement matches that
of the space shuttle.

I'm hopeful that we will find a way to not require persisting data and
requiring true audit on the DRE, since I think that is really hard. In
the end it will always be a matter of degree, Protecting the vote from a
suicide bomber is beyond the scope of verison 1.
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Nov 30 23:17:25 2004

This archive was generated by hypermail 2.1.8 : Tue Nov 30 2004 - 23:17:44 CST