background image
Tech Note #110: Concept for a Secure Network Computer
©
2000 Bionic Buffalo Corporation; All Rights Reserved.
         Tuesday, 11 January 2000
http://www.tatanka.com
  [tn0110]
Page 13 of 18
 
the internal data and operation of the SNC cannot be observed from the outside
 
the internal data and operation of the SNC cannot be modified
 
communication between the user and the SNC cannot be intercepted
 
attempts to compromise the security of the SNC will be detected
This is an architectural concept document, not a design description. Most of the problems of
physical security are design problems, involving specific technologies, design parameters, and
environmental and deployment considerations. Therefore, they are not addressed here.
However, it is appropriate to note them briefly, since they will be crucial to effective
implementation.
The concept of the SNC assumes that a legitimate user will not compromise the security of the
information domain. In other words, he or she will not convey information from a domain to
unauthorized parties, nor will he or she introduce inappropriate information into a domain.
Although it was not explicitly stated, the SNC is intended primarily for human interaction with
other computers in an information domain. It is a secure version of a typical desktop, palmtop,
or laptop computer. As such, it requires the usual peripherals: a keyboard, pointing device, and
display. These peripherals constitute the first area of physical vulnerability.
The obvious problem with the peripherals is possible direct eavesdropping. For example, a
camera might be placed so that the display and keyboard could be observed. Protecting against
such threats involves design parameters and technologies beyond the scope of this concept
document, but may involve devices such as alternative displays (narrow-focus displays) and VR
equipment (goggles and gloves).
Another problem with peripherals is more indirect interception, and possible modification of,
user-SNC interaction. For instance, the EMF generated by a display can be intercepted using an
antenna placed remotely from the target, and the display reconstructed at the receiving site.
Again, the defences are beyond the scope of this paper, but include devices such as shielding
around the peripherals to prevent unwanted entry or exit of EMF.
The second area of physical vulnerability is the system itself, which includes the components
described earlier in this Tech Note. Most computers, designed without consideration for
physical security, are extremely vulnerable to a variety of physical attacks. Common attacks
include:
 
simple disassembly, with possible replacement of components and subsequent re-assembly
 
interception of emitted EMF, to be analyzed to extract information about internal operation
and data
 
insertion of physical probes into the system, to observe or affect its behaviour (sometimes
involving processes such as use of chemical solvents or abrasive techniques for entry)