What's up with all the anti-tamper technology?
Anti-tamper has been a hot topic for the military as of late. With so much information being sent to countless devices on the battlefield it's important that products offer the ability to render any data stored useless in case a device is lost or stolen. For those who are curious about anti-tamper methods and what the implications of them are, this blog will go over some of the more common ways of preventing data from being accessed.
Encryption is right up there on the list of easy ways to prevent data from being understood. A device may encrypt all of its data and be capable of deleting the keys required to read it, making the data a useless collection of bits. Of course, encryption is not fool proof since the data remains on the device. Commonly encryption is paired with methods of permanently deleting data.
Zeroing the drive (or whatever method of storage is used) is essentially the goal of anti-tamper procedures. Zeroing a device means writing all the bits so they read 0. A zeroed device is essentially a blank slate, completely free of information or any traces of information. The problem with attempting to simply wipe a device clean is the process can take hours depending on the size and method of storage used. A common tactic is to encrypt all data on a device and be capable of remotely deleting keys and starting a program that will zero all storage. This makes it so anyone who wants to access data needs to be able to not only decrypt the data, but they need to do so before it can be zeroed or stop the zeroing process.
Another method is to have all data on a device be sent to it via a secure network and contain no long-term storage. This allows a device to be rendered useless unless it can connect to the network or be captured while powered on. While data on a device such as this is secure, it contains a potentially dangerous link to whatever network it uses to power on. Proper network security mitigates these risks, but the threat remains.
The problem with these methods is that no form of anti-tamper is perfect. There are many other ways to render data useless (writing new data over old data, physically destroying the device, using a magnet to destroy stored information, etc.), but none are absolutely perfect. Even zeroing the drive is debated as to whether data can be restored or not. Whether the tradeoff is time, completeness or network security, anti-tamper has not yet been perfected.
As information on the battlefield gets sent to more and more devices, it might be the time to look more closely at anti-tamper and see where improvements can be made.
Encryption is right up there on the list of easy ways to prevent data from being understood. A device may encrypt all of its data and be capable of deleting the keys required to read it, making the data a useless collection of bits. Of course, encryption is not fool proof since the data remains on the device. Commonly encryption is paired with methods of permanently deleting data.
Zeroing the drive (or whatever method of storage is used) is essentially the goal of anti-tamper procedures. Zeroing a device means writing all the bits so they read 0. A zeroed device is essentially a blank slate, completely free of information or any traces of information. The problem with attempting to simply wipe a device clean is the process can take hours depending on the size and method of storage used. A common tactic is to encrypt all data on a device and be capable of remotely deleting keys and starting a program that will zero all storage. This makes it so anyone who wants to access data needs to be able to not only decrypt the data, but they need to do so before it can be zeroed or stop the zeroing process.
Another method is to have all data on a device be sent to it via a secure network and contain no long-term storage. This allows a device to be rendered useless unless it can connect to the network or be captured while powered on. While data on a device such as this is secure, it contains a potentially dangerous link to whatever network it uses to power on. Proper network security mitigates these risks, but the threat remains.
The problem with these methods is that no form of anti-tamper is perfect. There are many other ways to render data useless (writing new data over old data, physically destroying the device, using a magnet to destroy stored information, etc.), but none are absolutely perfect. Even zeroing the drive is debated as to whether data can be restored or not. Whether the tradeoff is time, completeness or network security, anti-tamper has not yet been perfected.
As information on the battlefield gets sent to more and more devices, it might be the time to look more closely at anti-tamper and see where improvements can be made.
John Keller is editor-in-chief of Military & Aerospace Electronics magazine, which provides extensive coverage and analysis of enabling electronic and optoelectronic technologies in military, space, and commercial aviation applications. A member of the Military & Aerospace Electronics staff since the magazine's founding in 1989, Mr. Keller took over as chief editor in 1995.
