Discussion:
hardware hard disk encryption
(too old to reply)
MAx
2008-03-27 08:50:45 UTC
Permalink
Raw Message
Hi,
Our system is a DVR (set top box) working on sigma designs smp8634
board with
linux 2.6 kernel.
The OS will boot form the flash on the board.
A hard disk is interfaced with the board. The DVR apparently has a
record option
which when opted for should record the digital stream into the hard
disk.
I want that digital data to be encrypted when being written and
decrypted when being read from the hard disk.

I'm specifically inclined to using hardware hard disk encryption as
using software would
degrade the performance of the system.

I will be glad if you reply with a solution for this.


Thanks in advance
SafeBoot Simon
2008-03-27 22:09:04 UTC
Permalink
Raw Message
What kind of authentication are you planning? I assume that you don't
want any user interaction when the device powers up?

Also, what threat are you trying to mitigate? Someone stealing the
recorded content off the disk itself?

remember, encryption is just a way to force authentication. It's
nothing useful in itself.

S.
Hi,
    Our system is a DVR (set top box) working on sigma designs smp8634
board with
linux 2.6 kernel.
    The OS will boot form the flash on the board.
A hard disk is interfaced with the board. The DVR apparently has a
record option
which when opted for should record the digital stream into the hard
disk.
I want that digital data to be encrypted when being written and
decrypted when being read from the hard disk.
I'm specifically inclined to using hardware hard disk encryption as
using software would
degrade the performance of the system.
I will be glad if you reply with a solution for this.
Thanks in advance
MAx
2008-03-28 05:41:33 UTC
Permalink
Raw Message
Post by SafeBoot Simon
What kind of authentication are you planning? I assume that you don't
want any user interaction when the device powers up?
Also, what threat are you trying to mitigate? Someone stealing the
recorded content off the disk itself?
remember, encryption is just a way to force authentication. It's
nothing useful in itself.
S.
Hi,
    Our system is a DVR (set top box) working on sigma designs smp8634
board with
linux 2.6 kernel.
    The OS will boot form the flash on the board.
A hard disk is interfaced with the board. The DVR apparently has a
record option
which when opted for should record the digital stream into the hard
disk.
I want that digital data to be encrypted when being written and
decrypted when being read from the hard disk.
I'm specifically inclined to using hardware hard disk encryption as
using software would
degrade the performance of the system.
I will be glad if you reply with a solution for this.
Thanks in advance- Hide quoted text -
- Show quoted text -
If in case somebody steals the HDD, i dont want the person to be able
to
read the hard disk. i can do with user authentication using software
password
but not hardware key (like usb dongles etc).
If you know any product which is architecture independent and can
serve my purpose
i'll be happy to incorporate that.
i'd like something like a PCI card (mpci preferably)
SafeBoot Simon
2008-03-29 15:29:52 UTC
Permalink
Raw Message
Post by MAx
Post by SafeBoot Simon
What kind of authentication are you planning? I assume that you don't
want any user interaction when the device powers up?
Also, what threat are you trying to mitigate? Someone stealing the
recorded content off the disk itself?
remember, encryption is just a way to force authentication. It's
nothing useful in itself.
S.
Hi,
    Our system is a DVR (set top box) working on sigma designs smp8634
board with
linux 2.6 kernel.
    The OS will boot form the flash on the board.
A hard disk is interfaced with the board. The DVR apparently has a
record option
which when opted for should record the digital stream into the hard
disk.
I want that digital data to be encrypted when being written and
decrypted when being read from the hard disk.
I'm specifically inclined to using hardware hard disk encryption as
using software would
degrade the performance of the system.
I will be glad if you reply with a solution for this.
Thanks in advance- Hide quoted text -
- Show quoted text -
If in case somebody steals the HDD, i dont want the person to be able
to
read the hard disk. i can do with user authentication using software
password
but not hardware key (like usb dongles etc).
If you know any product which is architecture independent and can
serve my purpose
i'll be happy to incorporate that.
i'd like something like a PCI card (mpci preferably)- Hide quoted text -
- Show quoted text -
It all depends on how strong you want it to be - unless you contain
the keys in some tamper proof hardware, then it's pretty easy to
reverse engineer.

Does your box have a smartcard or anything?

You're pretty much going to have to write something yourself - there's
plenty of off the shelf technology, but nothing ready made - My
company can design something for you easy enough, but unless the
volume is high it would be cost prohibitive. Why not simply use
seagate drives and set the drive password to be something related to
the box serial number? again, pretty easy to reverse engineer, but how
strong are you trying to make this solution?

My advice is to start by documenting the threats you're trying to
defend against, then put a price on how much each will cost you. Then
you can work out how much protection to add - the harder you want it
to be to break, the more it's going to cost you in terms of dev and
parts.

S.
MAx
2008-03-31 04:58:02 UTC
Permalink
Raw Message
Post by SafeBoot Simon
Post by MAx
Post by SafeBoot Simon
What kind of authentication are you planning? I assume that you don't
want any user interaction when the device powers up?
Also, what threat are you trying to mitigate? Someone stealing the
recorded content off the disk itself?
remember, encryption is just a way to force authentication. It's
nothing useful in itself.
S.
Hi,
    Our system is a DVR (set top box) working on sigma designs smp8634
board with
linux 2.6 kernel.
    The OS will boot form the flash on the board.
A hard disk is interfaced with the board. The DVR apparently has a
record option
which when opted for should record the digital stream into the hard
disk.
I want that digital data to be encrypted when being written and
decrypted when being read from the hard disk.
I'm specifically inclined to using hardware hard disk encryption as
using software would
degrade the performance of the system.
I will be glad if you reply with a solution for this.
Thanks in advance- Hide quoted text -
- Show quoted text -
If in case somebody steals the HDD, i dont want the person to be able
to
read the hard disk. i can do with user authentication using software
password
but not hardware key (like usb dongles etc).
If you know any product which is architecture independent and can
serve my purpose
i'll be happy to incorporate that.
i'd like something like a PCI card (mpci preferably)- Hide quoted text -
- Show quoted text -
It all depends on how strong you want it to be - unless you contain
the keys in some tamper proof hardware, then it's pretty easy to
reverse engineer.
Does your box have a smartcard or anything?
You're pretty much going to have to write something yourself - there's
plenty of off the shelf technology, but nothing ready made - My
company can design something for you easy enough, but unless the
volume is high it would be cost prohibitive. Why not simply use
seagate drives and set the drive password to be something related to
the box serial number? again, pretty easy to reverse engineer, but how
strong are you trying to make this solution?
My advice is to start by documenting the threats you're trying to
defend against, then put a price on how much each will cost you. Then
you can work out how much protection to add - the harder you want it
to be to break, the more it's going to cost you in terms of dev and
parts.
S.- Hide quoted text -
- Show quoted text -
We did initially think of seagate FDE but 160GB would not be enough to
record HD stuff.
Do you have any idea of how to lock a seagate DB35 series HDD to a
system like ours?
They are made for DVRs and home media servers etc.

Regards
SafeBoot Simon
2008-04-01 20:24:51 UTC
Permalink
Raw Message
Post by MAx
Post by SafeBoot Simon
Post by MAx
Post by SafeBoot Simon
What kind of authentication are you planning? I assume that you don't
want any user interaction when the device powers up?
Also, what threat are you trying to mitigate? Someone stealing the
recorded content off the disk itself?
remember, encryption is just a way to force authentication. It's
nothing useful in itself.
S.
Hi,
    Our system is a DVR (set top box) working on sigma designs smp8634
board with
linux 2.6 kernel.
    The OS will boot form the flash on the board.
A hard disk is interfaced with the board. The DVR apparently has a
record option
which when opted for should record the digital stream into the hard
disk.
I want that digital data to be encrypted when being written and
decrypted when being read from the hard disk.
I'm specifically inclined to using hardware hard disk encryption as
using software would
degrade the performance of the system.
I will be glad if you reply with a solution for this.
Thanks in advance- Hide quoted text -
- Show quoted text -
If in case somebody steals the HDD, i dont want the person to be able
to
read the hard disk. i can do with user authentication using software
password
but not hardware key (like usb dongles etc).
If you know any product which is architecture independent and can
serve my purpose
i'll be happy to incorporate that.
i'd like something like a PCI card (mpci preferably)- Hide quoted text -
- Show quoted text -
It all depends on how strong you want it to be - unless you contain
the keys in some tamper proof hardware, then it's pretty easy to
reverse engineer.
Does your box have a smartcard or anything?
You're pretty much going to have to write something yourself - there's
plenty of off the shelf technology, but nothing ready made - My
company can design something for you easy enough, but unless the
volume is high it would be cost prohibitive. Why not simply use
seagate drives and set the drive password to be something related to
the box serial number? again, pretty easy to reverse engineer, but how
strong are you trying to make this solution?
My advice is to start by documenting the threats you're trying to
defend against, then put a price on how much each will cost you. Then
you can work out how much protection to add - the harder you want it
to be to break, the more it's going to cost you in terms of dev and
parts.
S.- Hide quoted text -
- Show quoted text -
We did initially think of seagate FDE but 160GB would not be enough to
record HD stuff.
Do you have any idea of how to lock a seagate DB35 series HDD to a
system like ours?
They are made for DVRs and home media servers etc.
Regards- Hide quoted text -
- Show quoted text -
yes, but you'd need to implement something. If you only have software
(no hardware or TPM at least) it's not possible to do anything robust.
We could talk about this as a prof services arrangement if you like -
mail me if you're interested. The cost for us to do it would not be
cheap though.

Loading...