Talk:End-user Computer Security/Main content/Digital storage

Add umbrella parent section for the subsections that are each dedicated to a particular pair-wise comparison between storage types?
The subsections that each compare one type versus another, can probably be usefully placed under an umbrella parent section labelled something like 'Various pair-wise comparisons that compare different storage types (comparisons in the form of type A vs. type B)'.

MarkJFernandes (discuss • contribs) 13:41, 24 April 2020 (UTC)

Generalise name of §"Magnetic storage: tapes vs. discs"
Whilst tape storage appears to be mostly only available in magnetic-tape form, it makes sense to generalise the title of "Magnetic storage: tapes vs. discs" section so that the section is about a comparison between tape and disc storage in general (irrespective of the particular implementation). MarkJFernandes (discuss • contribs) 14:05, 4 May 2020 (UTC)

Add section called ' "Conspicuous markings on paper" based storage vs. "Non-conspicuous-data" based storage?
Such a section would perhaps focus on the aspect of being able to perform naked-eye visual inspections to confirm the correctness of the data. Andrew Huang (as mentioned elsewhere in this Wikibooks book) suggests that such visual inspection is beneficial for computer hardware: he specifically suggests using transparent materials for things like keyboards, so that users can easily confirm that the hardware internally looks as it should.

Being able to do such inspections is useful because if such inspections are not possible, you are likely going to have to rely on hardware to confirm data correctness, and that introduces, with respect to the relied-upon hardware, the possibility of firmware malware as well as of hardware-based tampering.

Examples of "Conspicuous markings on paper" based storage: QR codes; punched tape; paper-based ticker tape.

If adding such a section, it probably would be a good idea to link to the Wikipedia "Paper key" page.

Such "Conspicuous markings on paper" based storage might be good for BIOS/UEFI startup code.

MarkJFernandes (discuss • contribs) 09:45, 18 May 2020 (UTC)

Add info contrasting recoverable file deletion with data-sanitisation file deletion?
The topic of 'file deletion' in respect of whether it be recoverable deletion or data-sanitisation deletion, is currently not covered in this chapter. It probably should be covered, as it does concern end-user computer security.

MarkJFernandes (discuss • contribs) 07:57, 16 May 2020 (UTC)

Add information about storing data in volatile RAM not powered separately?
Storing data in volatile RAM not powered separately, may offer certain security advantages, in terms of not leaving traces after the computer has been powered-off. However, in "State considered harmful - A proposal for a stateless laptop" by Joanna Rutkowska, it is indicated that residual data can remain in powered-off DRAM for a long time; to blank such DRAM, a secure wiping (possibly zeroing) procedure could be performed on the DRAM (the paper mentions that short-circuiting pins on DRAM might work to do such blanking, short-circuiting could be quicker and more energy efficient). Mentioning these things might be worthwhile, if adding info about digital storage in volatile RAM not powered separately. Such RAM can be used for holding software including the OS(also see note about Puppy Linux and "Secure computing using Raspberry Pi for business purposes" project proposal that proposed to keep OS in volatile RAM without separate power) &mdash;if any malware infects such RAM, powering the computer off (including through rebooting), should effectively get rid of it. If you could solely use such RAM for a particular OS, it would likely be very fast, and also would perhaps preempt the need for the isolated virtualisation security model offered by Qubes OS in certain circumstances, because the OS would effectively be sandboxed. Perhaps this was part of the thinking behind the early computer models that required loading software from things like cassette tape to volatile RAM not separately powered?

Storing data in such RAM can have additional advantages if used in conjunction with using sleep mode during periods when the computer is not being used&mdash;see here for more about this.

Do SD cards suffer a security weakness with regard to potential clandestine embedded wireless technology?
SD cards can have WiFi tech in them, as described in the §⟪About using a Wi-Fi enabled SD card⟫ under the §⟪Regarding how to obtain software⟫ (in "Software based" chapter). Could this be a security weakness of SD cards? Perhaps devices that instead have their chips visible or at least easily open to visual inspection, are then better?

Storage and retrieval without needing to use any firmware
The use of firmware used specifically for a particular storage medium, is a point of weakness, and attack point, in respect of malware potentially being hidden in the firmware. This is the case with modern mass storage devices such as SD cards, memory sticks, SSD drives, etc. It is also the case with older storage technologies such as CD drives, DVD drives, hard disks, and probably also floppy disk drives (or at least probably all the brand new floppy disk drives that are nowadays available.)

By using a standard cassette tape player, maybe a walkman, perhaps an old one, data can be stored on magnetic-tape cassette tapes (like was done several decades ago for computers like the Spectrum 48k [back in the 80s]). Probably such tape players have no firmware. But even if they do have firmware, the re-purposing of the technology from being music technology to being data-storage technology, probably would overcome various security threats as adversaries would likely not consider developing malware for such tech and also would likely find it much harder to do any such development (see §⟪DIY security principle⟫ in the ⟪Broad Security Principles⟫ chapter for more about re-purposing as a broad security principle). Reusing an old tape player (maybe a walkman) that you have lying around, could be one way to ensure better that adversaries have not tampered with the tape player you use. The tape player can simply play audio into the mic-in of the computer, and receive audio through the headphone socket. The OS would provide the software for dealing with the data storage medium, and this is likely desirable as OS installations are often not so difficult to deal with in terms of malware removal and detection, as firmware is (such installations often being on "exposed" and large SSDs or HDDs). There is a chance that firmware in the sound card (or SoC for the sound card?), could pose a point of weakness in terms of potentially harbouring malware, but overall, if the tape player has no firmware, the number of points of weakness/attack should be smaller in respect of the number of firmware chips. As just outlined, there are also other reasons why such tech would likely be potentially more secure.

How much data can be stored on such tapes might be quite limiting. Perhaps such tapes might then be used for things like firmware code, maybe firmware backups.

Researching better than normal SD cards, or way to interface with SD-card slots to overcome SD-card vulnerabilities
So far, my researching these issues hasn't really found much out there to overcome the vulnerabilities posed by using 'SD card' slots. The only thing that I've found that might be promising is the 'TE0747 - MicroVault' open-source-hardware product. It could be that this product might be more 'trustable' than most products out there, just because it is based on open-source technology, and also because it might be produced in Germany. But what is more interesting, is that it may be readily possible to wipe the SD card's microcontroller firmware data, and reinstall a fresh firmware image. If possible, it could be one way to be able to make sure no malware is in the SD card's microcontroller firmware, which if present, is a serious concern.

Surprising that I have not been able to find any other solution.... Maybe there is a cover-up?

Cryptography can be leveraged to enable the safe use of potentially unsafe digital storage
See the "Dealing with the situation where you want to work with potentially security-compromised equipment" note for more about this; the paragraph on how to leverage cryptography technology, is the relevant one.

Digital-storage security through multiple copies of data
There appears to be a general digital-storage security principle, whereby greater security can be induced simply through keeping multiple copies of data. If such multiple copies are kept physically isolated from each other, perhaps some as backups where they may be stored miles away from the user's location, then even more security can perhaps be attained. The security is simply based on the fact that the likelihood of adversaries "messing" with every single copy of some data, is generally less than if no copies of the data were kept. The same principle is in play when users make backups of their data, although the threat in such cases may be less from adversaries and more from system failures. Whilst physical isolation can improve security, simply keeping multiple copies of your data on your own computer system may be beneficial. Being able to make multiple copies is dependent on such being affordable, and so making multiple copies using cheap DVDs/CDs and/or cheap cloud storage, may be the way to go for some people. Such security also requires that the copies be able to be checked for sameness, as an integral part of the security; fortunately, computing technology is quite able to do this.

This idea of keeping multiple copies of data, was touched upon in respect of keeping multiple copies of a live system DVD, in a Raspberry Pi project attempting to establish a secure computing environment for business purposes—see here for more about the project.

The note "How to compare live OS discs obtained using multiple channels, when you have no trusted OS...." is related to this note.

Can perhaps generalise §⟪Rewritable media vs optical ROM discs⟫ a little?
Whilst §⟪Rewritable media vs optical ROM discs⟫ probably is quite worthwhile, there is no mention on the page of other kinds of "OTP" (one-time programmable) storage: for example, the OTP microchip tech sometimes designated for portions of some firmware, is not mentioned. Deliberately using OTP tech. in a security-related way, may be a good idea for security. See https://www.raspberrypi.org/forums/viewtopic.php?f=41&t=286049&p=1731799#p1731432 for some info on how OTP tech can be leveraged for security. It might be possible to create OTP tech through the use of a USB security token, and non-ROM memory&mdash; see this Rasp Pi Forums post for particular info on this.

Talk about one-way storage?
One-way storage, such as that available with certain USB security tokens, might be a broad category of storage that could do with particular treatment in this chapter. Alternatively, it might be worth mentioning it in the "Passwords and digital keys" chapter, as its primary security advantage seems to be perhaps just in respect of the storage of private keys used for asymmetric-key cryptography. It is mentioned in passing in the Raspberry Pi Forums post here, as well in the Rasp Pi documentation in respect of making certain customer OTP (one-time programmable) bits unreadable here.