Year
2010
Abstract
Nuclear safeguards and security equipment often requires the use of secret keys, passwords, or identification numbers for access control, data authentication, or encryption. Being able to quickly and reliably erase these keys, passwords, or identification numbers (typically 8-256 bytes in length) when intrusion is detected is problematic for three reasons. Firstly, reliable detection of physical or electronic intrusion is a largely unsolved problem, especially against sophisticated adversaries such as the nation-states involved in arms control verification. Secondly, even if intrusion is detected, it is challenging to erase the secret information quickly enough to prevent an adversary from obtaining some or all of the information. Thirdly, data remanence is a risk even if erasure occurs. This paper discusses a technique that uses pointers and sometimes pseudo-random number generators to reduce the amount of information that needs to be quickly and reliably erased from 8- 256 bytes (or more) down to 1 or 2 bytes. We have demonstrated this approach on both notebook computers and inexpensive microprocessor circuits.