Browse Prior Art Database

Remote-Controlled Write-Lock in Hard Disk (HD) Controllers Disclosure Number: IPCOM000014977D
Original Publication Date: 2001-Jun-10
Included in the Prior Art Database: 2003-Jun-20

Publishing Venue



The idea relates to a remote-controlled write-lock in hard disk (HD) controllers. It is difficult to maintain securely machine's in corporate networks or public terminals. Even if we disregard physical tampering we are in deep trouble. Most operating systems are easily tamperable in software and secure ones are not in sight. In particular for shared machines it is difficult to maintain such machines remotely and keep them in a safe state, in particular given the regular need to patch such system after discovered vulnerabilities. The disk-controller (DC) is extended in a way which allows access control on writes, i.e., each write has to be bundled with an authorization code (MAC) using a key which is contained in the DC. To further enhance security these writes can be limited to the boot-time and combined with a secure boot-loaders which queries a secure server for security patches. The area of protection would either have to be the whole disk or particular partitions (e.g., all bootable partitions and partitions containing the main operating system). Key management would either be by pre- or one-time-install of shared-keys or one-time install of public keys which can then be used with stream signatures. A machine with a write-lock controlled operating system could be a low-cost enhancement of secure remote management. A user who comes to a machine and reboots it is sure that it will run the most up-to-date and untampered version of the operating system. This will provide more security than traditional means of using integrity-tools such as tripwire which can be easily subverted by a penetrator of a system software. Of course, a dedicated attacker attacking the hardware can tamper with the hard disk but this already requires quite a bit of sophistication and can be countered only with much more heavy machinery, e.g., tamper-resistant devices. (Note that in our case there is no real need for tamper-resistance as we are only trying to prevent remote or casual attackers). A final note on efficiency and overhead: Note that shared-key crypto is sufficient here and MAC schemes can be built easily and efficiently