Proposal: Personal Data Encryption (maybe SoC?)
Tobias Gruetzmacher
nospam at portfolio16.de
Sun Mar 18 22:41:42 CET 2007
Hi,
Am Sun, 18 Mar 2007 18:24:31 +0100 schrieb Henryk Plötz:
>> What I'm proposing is a user-friendly encryption scheme of the data the
>> user stores in his phone, so any illegitimate user will not be able to
>> get personal data about the owner of the phone.
>
> I was thinking about something similar but with a different direction.
> One problem I see is that a thief could just connect a debug board and
> dump the complete memory. Therefore any secret positively must not be
> stored in the phone but instead in a smartcard for example.
That is certainly a problem. It would be nice if the phone needed a power-
cycle before connecting the debug interface to counter such attacks.
> If so we could use this function to key the encryption without actually
> extracting the secret from the SIM (I vaguely remember reading something
> about "remotely keyed encryption" which could be used here). An attacker
> dumping the memory would gain only those decrypted blocks that were
> currently in use and nothing more.
That, of course, would be really cool. Does somebody have more info about
the SIM access of the GSM module? Would this approach be usable and fast
enough?
> The alternative approach of storing and retrieving the secret (e.g. as
> an address book entry) has the significant drawback that the secret must
> always be present in the phone's memory and can potentially be read from
> there.
Yes, I'm aware of that. It would be really useful if we could protect
against reading of memory (at least the phone does not have FireWire ;))
Greetings, Tobi
--
GPG-Key 0xE2BEA341 - signed/encrypted mail preferred
My, oh so small, homepage: http://portfolio16.de/
http://www.fli4l.de/ - ISDN- & DSL-Router on one disk!
Registered FLI4L-User #00000003
More information about the community
mailing list
