crypt question/server hotel

[Kent Borg]

Jozsi Vadkan wrote:
> I want to put my server in a "server hotel".
>
> But: I don't trust my "server hotel owner".
>
> What can I do?
>   

If you never store anything by encrypted data in the untrusted location,
then your plaintext data is not vulnerable in that location, but you
still need to have the plaintext in plaintext form someplace trusted.
Does it have to be in someone else's hands?


Maybe make the inside of you box somewhat trusted...

1. Put physical seals on your hardware to at least alert you after the
fact that your server has been opened.

2. Rig a physical switch that shuts off power if the server is opened.
But don't tell anyone about this switch (don't talk about it on open
mailing lists!), because once someone knows the switch is there they are
in a position get around it. If they know to freeze spray your DRAM the
instant they open the box they can recover keys pretty easily.

3. If you can't personally be there for every boot to supply a key,
maybe do still more clever rigging and figure out how to have the key
supplied by some device that will lose its memory when the box is
opened. Are there USB memory devices that are not flash, that can be
erased by removing power? Maybe you can booby-trap the box to destroy
the flash that holds the key. (But don't talk about this in public either.)


A lot of this hinges on who you think you are up against, how motivated
they are, how promptly you need to discover you have been attacked, and
whether they know in advance that you have taken precautions.


-kb