Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: Threat Model

To: Shai Halevi <shaih@WATSON.IBM.COM>
Subject: Re: Threat Model
From: james Hughes <james_hughes@stortek.com>
Date: Tue, 13 Apr 2004 21:38:19 -0400
Cc: SISWG <stds-p1619@IEEE.ORG>, james Hughes <james_hughes@stortek.com>
In-Reply-To: <200404132101.23118.shaih@watson.ibm.com>
References: <200404132101.23118.shaih@watson.ibm.com>
Sender: owner-stds-p1619@LISTSERV.IEEE.ORG

The T10 protection profile is more towards allowing the application to
put this extra check data on the sector to use as a check to see that
the data is still correct once it is read. It is a fixed format 8 bytes
containing things like sequence number and a small (16 bit) CRC.

The benefit is that if this check comes back messed up, then reader
knows that the data does not have integrity.

If we consider the application is adding these 8 bytes and then later
we are EME (or similar) the entire 520 bytes, if the attacker tampers
with the data then the 8 byte check will be garbage and the reader
knows this.

The points along the way (between the host and the encryptor) can check
the 8 bytes for validity, and the points after the encryptor just
passes the bits.

This is more coverage than just adding an 8 byte integrity field
because it does not protect between the encryptor and the host, it only
protects between the encryptor and the disk and back...

Does this make more sense?

On Apr 13, 2004, at 9:01 PM, Shai Halevi wrote:

> On Tuesday 13 April 2004 08:19 pm, Nixon, Bob wrote:
>> [...]
>> The basic intention of the T10 protection information is that it is
>> generated by the application that writes the data, persisted by the
> storage
>> until overwritten, and returned unmodified to the reading application
> for
>> verification. It is allowed to be checked at points in transit, but
> the
>> storage is considered a point in transit, not an end point.
>
> This sounds like we cannot use it (since it belongs to the
> application),
> but then...
>
>> The allowance for recalculation is to permit intermediate storage
>> virtualization devices to overload a single instance of the protection
>> information field with both application-to-virtualizer and
>> virtualizer-to-physical media protection information. It is recognized
> that
>> this will lose some of the protection afforded by true
> writer-to-reader
>> integrity data.
>
> So the encryption device would be a "virtualizer"? I still don't see
> how this would work.
>
> -- Shai

Follow-Ups:
- Re: Threat Model
  - From: Shai Halevi

References:
- Re: Threat Model
  - From: Shai Halevi

Prev by Date: Re: Threat Model
Next by Date: Re: Threat Model
Prev by thread: Re: Threat Model
Next by thread: Re: Threat Model
Index(es):
- Date
- Thread