Can a hard drive store clear text data that is physically impossible to retrieve?

Question

I'm trying to study how HSM and TPM works when storing secret data in clear text. How can they achieve physical impossibility in retrieving secret data?

I get the point in software, if you just have input and no outputs then it should be impossible through software to retrieve something.

But, I want to know the hardware (physics) part as well. How can an IC achieve physical impossibility to retrieve data? Let's assume the data is stored in an hard drive permanently.

I once shorted the terminals on my motherboard where the button cell battery sits and wiped my usb keyboard drivers, so I might dig into some HP white papers. Had a hardware password set too so that day was pretty much a nightmare. — Q-Club, yesterday
If data is physically impossible to retrieve, then it hasn't been "stored" in any meaningful sense :) — hobbs, yesterday
I always store my backups in /dev/null, its quite impossible to retrieve them from there. — PlasmaHH, yesterday
It's not impossible, just tricky and rather expensive. The main point is that the chip has no interface to read the data, and as a bonus, the system tries to prevent tampering by wiping the memory if you trigger one of the safeguards. There's nothing physically preventing you from reading the data straight from the chip's memory, it's just that reading the state of a quantum EM nano-scale memory cell without affecting anything on the chip is considerably more difficult than saying "Chip, give me 12 bytes at address 42". The memory itself is volatile, and supported by continuous power supply. — Luaan, 23 hours ago
@hobbs I assume it's tongue-in-cheek, but... The implied claim is "impossible to retrieve from the outside". The chip itself can read it, use the data to perform some operation, and discard the data again without ever leaking the secret to the outside. — Luaan, 23 hours ago

Thomas Pornin · Accepted Answer · 2018-02-06 21:13:40Z

The normal way is to keep secret data in volatile static RAM (i.e. 6 transistors per bit, like in current CPU caches, not with capacitors like in DRAM). When the power is cut, the data is gone in a matter of microseconds. The HSM contains a small battery to keep the RAM up and running for up to a few weeks. The battery also powers an array of sensors, e.g. on temperature, light, physical integrity of the covering and so on. If anything goes amiss, the system automatically shuts down the power, and the keys are gone.

So the trick, really, is not to store the data "in an hard drive, permanently".

An amusing consequence is that if an HSM is unpowered for too much time, the keys can be lost. Pro-tip: when you ship an HSM to a factory in China, label it as "a network card". Otherwise, customs will keep it around for a month, and the keys will be lost.

The above is valid for HSM and payment terminals. Smart cards, on the other hand, employ other tricks, which are undocumented (and most of them are trade secrets).

If anything goes amiss, the system automatically shuts down the power, and the keys are gone. — I would not say "anything" as that's too general and could potentially provide base for misinterpretation. After all, HSM misconfiguration or glitches caused by the HSM API might well produce security problems (where the HSM will not wipe its keys). Yet, maybe I'm just nit-picking here. — e-sushi♦, yesterday
Recovery of data stored over a long period in SRAM has been shown. Also your protip is not advisable. Failure to declare cryptographic equipment, especially to a place like China, can cause significant legal problems. — user71659, 13 hours ago
And what about a Cold boot attack? Even the folks over at electronics know about freezing RAM. — Pharap, 13 hours ago

Ella Rose · Answer 2 · 2018-02-07 13:09:48Z

up vote 19 down vote

It is not physically impossible to retrieve data, merely very difficult. Physical sensors such as light sensors and mesh layers on chips can be bypassed.

Christopher Tarnovsky's work using a Focused Ion Beam (FIB) electron microscope is worth a watch. IIRC the FIB he's using cost him somewhere around $500,000 used, over 10 years ago. Renting time on one is about $400/hour. It takes months of work to figure out how to hack a given TPM/HSM, and destroys numerous sample devices. That's ignoring the costs of the time of a skilled semiconductor engineer to conduct the attack. It's very, very difficult, but not impossible.

edited 21 hours ago

Ella Rose

8,94322257

answered yesterday

SAI Peregrinus

1,34769

7

For further reading (not everyone will want to rely on a single youtube video), here's one of many articles out there about prominent HSM breaches in RealLife™ that worked without using expensive things like electron microscopes — cryptosense.com/real-hsm-breaches – e-sushi♦ yesterday
Yeah, I just wanted a single counterexample since that's all that's really needed to prove the "physically impossible" statement wrong. – SAI Peregrinus yesterday

add a comment |

Squeamish Ossifrage · Answer 3 · 2018-02-07 13:06:02Z

One way to address this question is not to ‘store’ secrets in the sense that they can be retrieved, but to create a circuit that only computes a pseudorandom function $f_{k} (c)$ of a challenge $c$ with a physically randomly chosen secret key $k$ , embedded in a medium that breaks down under attempts to merely read the secret key. This is called a PUF, physical unclonable function.

A typical application might be wired to an AES circuit to compute ${AES}_{f_{k} (c)} (m)$ . Nowhere is the key $k$ or the derived AES key $f_{k} (c)$ stored, per se, in a way that can reliably be read.

Of course, the devil is in the details of preventing someone from monitoring the electrical signals in the IC to recover the AES key while it is in use! There is a whole literature—and, no doubt, a private array of trade secrets—on how to physically design PUFs, and physically attack the designs, etc.

Is there an example of how to implement AES as a PUF? I thought physical unclonable functions would be more "random" than that (and thus not so easy to use for symmetric crypto). — Paŭlo Ebermann, yesterday
@PaŭloEbermann you don't implement AES as a PUF, you implement the key storage as a PUF. — Dmitry Grigoryev, 21 hours ago

Dmitry Grigoryev · Answer 4 · 2018-02-07 13:10:04Z

If an integrated circuit holding the data doesn't offer the interface to read it, the only way to get that data is a reverse engineering process known as chip decapping. Roughly speaking, one has to remove the IC case, then laser drill the area where the bits of interest are located, and read them out with probes or an electron microscope.

This process has a few problems when applied to modern chips:

it's destructive
it requires expensive equipment and expert knowledge
the chances of success on an individual chip are rather low. If you have a bunch of identical chips, you can be confident you'll get the data; with a single chip containing unique data it's a wild shot.

There are various non-destructive techniques commonly known as glitching which are used to bypass simple data protection mechanisms, when the interface to read the sensitive data exists, but is locked by a "protection" bit. Needless to say, HSMs which simply don't have the interface to access sensitive data are immune to such methods by design.

asked	yesterday
viewed	4,720 times
active	today

Stack Exchange Network

Can a hard drive store clear text data that is physically impossible to retrieve?

4 Answers 4

Your Answer

Not the answer you're looking for? Browse other questions tagged keys cryptographic-hardware or ask your own question.

Hot Network Questions

Can a hard drive store clear text data that is physically impossible to retrieve?

4 Answers 4

Your Answer

Sign up or log in

Post as a guest

Not the answer you're looking for? Browse other questions tagged keys cryptographic-hardware or ask your own question.

Related

Hot Network Questions