Commit 9c3d2656 authored by Xunnamius (Zara)'s avatar Xunnamius (Zara)

touchups

parent 9412df13
......@@ -145,16 +145,17 @@ ability to quickly converge the entire backing store to a single high-security
cipher leveraging SSD Instant Secure Erase (ISE).
Nation-state and other adversaries have extensive compute resources, knowledge
of obscure side-channels (\eg{Heartbleed}), and access to technology like
quantum computers. Suppose a scientist were attempting to re-enter her country
through a border entry point when she is stopped. Further suppose her laptop
containing sensitive priceless research data is confiscated from her custody.
Being a security researcher, she has a chance to trigger a remote wipe, where
the laptop uses Instant Secure Erase to reset its internal storage, permanently
destroying all her data. While she certainly doesn't want her data falling into
the wrong hands, she cannot afford to lose that data either. In such a scenario,
it would be useful if, instead of destroying the data, the storage layer could
switch itself to a more secure state as quickly as possible.
of obscure side-channels (\eg{Dual\_EC\_DRBG~\cite{DualECDRBG}}), and access to
technology like quantum computers. Suppose a scientist were attempting to
re-enter her country through a border entry point when she is stopped. Further
suppose her laptop containing sensitive priceless research data is confiscated
from her custody. Being a security researcher, she has a chance to trigger a
remote wipe, where the laptop uses Instant Secure Erase to reset its internal
storage, permanently destroying all her data. While she certainly doesn't want
her data falling into the wrong hands, she cannot afford to lose that data
either. In such a scenario, it would be useful if, instead of destroying the
data, the storage layer could switch itself to a more secure state as quickly as
possible.
\begin{figure}[ht] \textbf{Custody Panic Use Case: Security Goals vs Time}\par\medskip
\centering
......
......@@ -26,14 +26,13 @@ various cipher configurations dynamically.
However, trading off security for energy, performance, and other concerns is not
a new idea~\cite{ScalableSecurity, WolterReinecke, ZengChow1, ZengChow2,
HaleemEtAl, LiOmiecinski}. For instance: \textit{An Energy/Security Scalable
Encryption Processor Using an Embedded Variable Voltage DC/DC Converter},
published by Goodman et al. in 1998, introduced trading security for decreased
energy dissipated to encrypt a bit~\cite{ScalableSecurity}. Similar in intent to
VSRs and the Selective strategy (see \secref{usecases}), they minimize energy
consumption by separating low-priority data from high-priority and encrypting
them differently. Similarly, Wolter and Reinecke study performance and security
tradeoffs, exploring approaches to quantifying security~\cite{WolterReinecke}.
HaleemEtAl, LiOmiecinski}. For instance, Goodman et al. introduced trading
security for decreased energy dissipated to encrypt a bit back in
1998~\cite{ScalableSecurity}. Similar in intent to VSRs and the Selective
strategy (see \secref{usecases}), Goodman minimizes energy consumption by
separating low-priority data from high-priority and encrypting them differently.
Further, Wolter and Reinecke study performance and security tradeoffs, exploring
approaches to quantifying security~\cite{WolterReinecke}.
In the wild, companies like Google~\cite{AndroidM} and Apple~\cite{iOSFDE} have
explored performance-security tradeoffs in hardware when considering FDE
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment