On 27.01.2008 23:32, Torsten Duwe wrote:
On Saturday 26 January 2008, Carl-Daniel Hailfinger wrote:
Hi Philipp,
On 25.01.2008 12:50, Philipp Marek wrote:
My question is this. I'd like to secure machines against the people that should work with them [1].
Ah. Classic DRM.
DRM does not work.
Single-chip solutions with an embedded TPM at least make attacks really difficult.
The only use I can think of is a student pool at the university.
Or maybe a company wants to secure their machines against their employees.
Do you control (manufacture) the hardware?
Even that does not help. Ask M$ about a thing called "Ex-box" (or so...)
Agreed. However, if somebody manufactures the hardware, he has a lot more options to make tampering difficult than someone whi simply sticks a board in a case and tries to solve the problem in software.
There is no easy way to set the bar higher. It will almost always cost you a lot more time to secure a machine than it takes the user to break it.
Not if it's under surveillance, like a student's computer pool room, subject to unannounced inspection. In that scenario cases with a single screw have proven themselves. That screw is then chained and locked.
Yes. Surveillance is indeed a very promising way for tamper prevention. Another way without direct surveillance would be installing an alarm system with a really loud acoustic signal. If the signal is guaranteed to be heard outside the room, you don't need surveillance inside the room. That option may help in case direct surveillance is prohibited by law.
Regards, Carl-Daniel