_
_
Turning Point in Internet security
Always-connected broadband Internet brings about a highly information-based society, but internet security problem is considered less serious. Security will be broken although a strong security software were developed. If you are a system(or network) administrator of your company, you should frequently update operateing system, firewall softwares and firmware of your system. It is very expensive to protect commercial networks and system today.
Security software can
respond to a new attack method only after first attack. A security software has no
effect on a vulnerability which is appeared after the release of the software.
The time lapse between security flaw announcements and exploits is shrinking.
Zero-day attack is hot topics in the Internet. "Zero day" refers to an exploit,
either a worm or a virus, that arrives on the heels of, or even before, the
public announcement of a vulnerability in a computer system. If Zero-Day attack
becomes a reality, quick development and release of patches makes little
sense.
In Japan, server computer shipment volume in 2003 is about 360 thousands, and server computer at work should be over a million.
Do you have any idea to protect over a million server computer from Zero-day attack? In an extreme case security by software is pipe dream.
Close
In Japan, server computer shipment volume in 2003 is about 360 thousands, and server computer at work should be over a million.
Do you have any idea to protect over a million server computer from Zero-day attack? In an extreme case security by software is pipe dream.
_
It's said that there is no perfection in security. But・・・
1. The read-only head which works independently is added to a hard disk drive. Then it is connected to a web server on the internet.
2.The PC connected to a read/write head of two-heads hard disk drive can maintenance your website.
No virus infection occurs because every viruses can work after it has been written on the disk.
No write head means no virus infection.
Nobody can break into the PC from the internet because there is no wiring to the PC from the internet.
Inside information doesn't leak at all.
It's also impossible to steel data like an address book from the PC.
It is clear to everyone that this system is abusolutely perfect in the future and
any kind of hacking software which nobody knows will break this system.
_
Concept implementation to an Electoric Circuit : IO Data Device Inc.
I-O data device Inc. has developed an electronic circuit.
It has two ports. One is a read only port and another is a read/write port.
The board is attached to HDD and swith input/output channel of HDD automatically from read only port to
read/write port or from read/write to read only.
2head hard disk drive looks more great than 2port hard disk drive.
However, 2port has advantages in productivity,maintenance and price.
R-SCW has a raid contoroller and a SCSI-IDE converter.
You can set up RAID level 1 or 3 or 5 using IDE HDD.
Evaluation Test by Little eArth Corporation Co., Ltd. (In conformity with ISO 15408. 56 test items)
The result of attack test and intrusion test from Internet to the server attached to read only port of R-SCW.
・・・・All write operation were rejected.
Expample of the test
1.Try to write(add, change and delete) some data on HDD of the R-SCW
2.Huge access to the server.
3.Try to write some data after intrusion into the server.
4.Direct attack to the SCSI interface at command level.
_
Mechanism of 2Port Server 'Gendarme'
In
Gendarme, HDD is connected to motherboard via R-SCW never accepts all write
instruction from motherboard.
Gendarme, a server connected to the Internet, can boot from R-SCW's read only port. So web contents, OS,
server-software and all configuration information on the Disk can never be falsified from the Internet.
If somebody could intrude into Gendarme, he can write some data(like virus) only on memory.
However, data on memory are deleted after reboot.
* Windows OS issues write commands when booting. Data by the write commands are written on memory(disk cache).
It looks like you can write some data on the boot drive, but you actually write the data on memory.
In Gendarme you can open e-mail with virus. Of course e-mail with virus are deleted after reboot.
_
Data from the Internet
You can receive a kind of data from the Internet by using print function of Gendarme.
Gendarme print out received data to a special printer buffer(not a printer) and then the PC read it from the buffer.
If the printer buffer cannot physically receive any data without character code, malicious binaly code cannot
pass through the buffer from the Internet. The buffer has no interactive communication function with Gendarme.
But, you should have security measures for malicious text data like cross site scripting.
Be careful not to be deceived by dot.con artist.
It is not very difficult to exterminate your script valunabilities.
There is a few second time-lag among the cycle of reading from buffer and the cycle of printout from Gendarme.
You can get accesslog on Gendarme and also can get some data like order data
from users of a commercial site on Gendarme.
You cannot operate a download site of binary files like picture, movie and music.
_
Server Specifications
Rackmount server will be comming soon.
Server Specifications
| Item | Details |
| CPU: | Intel Pentium4 2.66GHz |
| M/B: | Supermicro P4SGR |
| HDD: | 1.0GB ATA133/5400rpm, Maxtor 2F040L0-X1 (Connected to R-SCW) |
| RAM | DDR-SDRAM 256MB PC2700 ECC ×1 |
| CD-ROM: | MSI MS-8152M(52X CD-ROM) ATAPI |
| Data Update Port | Ultra 160 SCSI(LVD/MSE automatic change) |
| Network | On board |
| FDD: | Y/E Data FD-702D(2Mode FDD) |
| Case: | FCR-03 ATX (No power supplies) |
| Slots x Bays Total(available): | outside 5 (3), outside 3.5 (2), inside 3.5(2) |
| Power Supplies: | Nipro 300W ATX PCSA-300P-X2V |
| FAN: | 8cm FAN (ADDA) |
| CABLE: | Front USB2.0 Longport(2Port) |
| Others: | Attention) No support suspended function (because of some parts' driver and the version,) One year parts warranty |
R-SCW(electronic circuit board) specs
| Item | Hardware Spec |
| Drive Bays: | Holds up to 4 |
| RAID: | Level RAID 0/1/3/5 |
| Host Interface: | Ultra 160 SCSI(LVD/MSE automatic change) Read Write Port/Read only |
| Hard Disk Interface | PortATA Ultra DMA/66 or 33 |
| Supply Voltage: | 5V±5E/FONT> |
| Amperage:5V: | 1.4A(Typ.)/1.9A(Max.) |
software specifications
| Item | Spec |
| OS | WindowsXP Professional |
| Disk Cache reload | Designed for R-SCW |
| Write Emulation Filter | Designed for R-SCW |
| Application | Ask us details |
_
The comparison chart
See the
below column.This is the comparison chart of the effectiveness between 2Head/2Port HDD security and software security.
The difference between temporary falsification of HP and permanent falsification of HP is that falsified data can be disapeared by reboot or not.
_
Problems in security by software
Security hole(valunability) is software bugs. Hackers uses bugs
in our computer via Internet to
achieve there purposes. You have to solve the bugs if you want to fix security holes , but it is not easy to solve the bugs for various reasons. So, security software is used as a symptmatic solution.
Next
Close
achieve there purposes. You have to solve the bugs if you want to fix security holes , but it is not easy to solve the bugs for various reasons. So, security software is used as a symptmatic solution.
_
F.A.Q.
Q1:What is the advantage peculiar to this server system?
Q2: Is it said that there is no perfection in security?
Q3: Are there other advantages of this server system?
Q4: What is main disadvantages of this server system?
Q5.What is the advantage of security by software against this server system?
Q6:Isn't the same equipment made of an electronic circuit?
Q7: Some websites are operating on the stand alone server, and the contents are saved from the CD-R or magnetic tape
which copied in another computer. What is the difference of the way from this server system?
Q8: Is it easier than using 2head hard disk to mount a harddisk as read-only ?
Q9:What is the advantage to the trusted OS?
Q10:How does it correspond to a new kind of virus?
Q11: Is the special software for this server system necessary?
Q12:What kind of software is used on PC ?
Q13: Can you send the contents to this server system via internet ?
Q14:Even if a file has been updated throug the PC, is a disk cache of the server refleshed?
Q15: When the server is reading a file, the file is updated through the PC. What will be happend ?
Q16: Does Performance fall ?
Q17:What happens to a relation between a cryptographic system and this server system?
Q18:Can this system correspond to DNS misrepresentation?
Next
Q2: Is it said that there is no perfection in security?
Q3: Are there other advantages of this server system?
Q4: What is main disadvantages of this server system?
Q5.What is the advantage of security by software against this server system?
Q6:Isn't the same equipment made of an electronic circuit?
Q7: Some websites are operating on the stand alone server, and the contents are saved from the CD-R or magnetic tape
which copied in another computer. What is the difference of the way from this server system?
Q8: Is it easier than using 2head hard disk to mount a harddisk as read-only ?
Q9:What is the advantage to the trusted OS?
Q10:How does it correspond to a new kind of virus?
Q11: Is the special software for this server system necessary?
Q12:What kind of software is used on PC ?
Q13: Can you send the contents to this server system via internet ?
Q14:Even if a file has been updated throug the PC, is a disk cache of the server refleshed?
Q15: When the server is reading a file, the file is updated through the PC. What will be happend ?
Q16: Does Performance fall ?
Q17:What happens to a relation between a cryptographic system and this server system?
Q18:Can this system correspond to DNS misrepresentation?
Q1:What is the advantage
peculiar to this server system?
A1:
1. Absolute safety including the future.
Even if a hacker capture the route and rewrite all memories, there are no functions by which the data and the program on a hard disk are rewritten.
A server is be equipped with by this disk which contains OS software..., so it's impossible to change maliciously.
There is no wiring to the inner network.
An update of web contents is free but it's impossible to change maliciously.
An invasion to the inner PC (network) is impossible.
2. Almost no maintenance work and cost occur.
Even if a virus mail opens by the server in which mail software is installed, nothing is written in a disk and all one written on cache memory are also cleared by a restart.
No problems occur at all.
However, when trying, please remove a cable to the internet.
When trouble is given to a some other place, that would be a problem.
Q2: Is it said that there is no perfection in security?
A2: On this server system, three things below mentioned will be perfect including the future.
1. To defend contents and system programs on the hard disk
against malicious change and clear.
2.No infection by a virus.
3.Not permitting an invasion to the inner PC (network).
4.90% of hacking is said to be an inside job.
The software like intrusion detection system is necessary for an inside job and malicious mistake.
5.This server has no functions against which an availability is defended.
6.The software means are necessary to protect a server from the DOS(Denial of Service attack) and the attack which make a system be downed.
Q3: Are there other advantages of this server system?
A3: The safety is very easy to understand and simple.
1. Accountability to a customer can be achieved easily.
2. Not only safety but also easing your mind.
For disclosing information, the former property can be used on this server system.
Q4: What is main disadvantages of this server system?
A4: I'll give two examples below.
1.You are not be able to use for the purpose of bidirectional communication including a mail.
2.Two computers are necessary.
Q5.What is the advantage of security by software against this server system?
A5:First, I want you to know both the software for security and this server system will be compatible at the same time.
There is a possibility that the attack which can't be stopped only by this server system of Q2:4-6 can be stopped when using software at the same time.Also, A fire wall has the effect which reduces the load on a server by attacks.
Q6:Isn't the same equipment made of an electronic circuit?
A6:It is just I-O Data's R-SCW.
Q7: Some websites are operating on the stand alone server, and the contents are saved from the CD-R or magnetic tape which copied in another computer. What is the difference of the way from this server system?
A7: Safety will be same.
However, this server system is excellent overwhelmingly for the renewal rate of the contents and convenience.
For example, live camera relay can't be achieved at all by the way of Q7. But in every 10 seconds a picture of a live camera is being renewed by our test site.
Q8: Is it easier than using 2head hard disk to mount a harddisk as read-only ?
A8: Even if OS could be defended, there was an attack by which Driver and BIOS are rewritten.
The last hacking way to bypass OS and BIOS and attack a physical address of I/O register of HDD directly may come out.
Only the perfect software which has no security hole or 2-head hard disk will be solution to the way.
Q9:What is the advantage to the trusted OS?
A9:I think the update and the maintenance of HDD on this server system are incomparably easier than that of a trusted OS Server.
The price is also quite low.
Q10:How does it correspond to a new kind of virus?
A10: This server system is infected with no kind of viruses which will occur in the future.
Every kind of virus will work only after being written, but this server system has no writing devices.
Q11: Is the special software for this server system necessary?
A11: No, it isn't. However, the system should work on a read only drive. Also It's necessary that the file format of the disk is parallel with a PC's file format.
This server system will be able to work on diskless Computer. For example Windows Embedded, Linux booted from CD-ROM and Rom-based system which is poplular in Factory Automation.
WindowsXP Professional works on our demonstration website.
Q12:What kind of software is used on PC ?
A12:The PC and the server should have common file format. It is not necessary that the PC and the Server have common OS.
Q13: Can you send the contents to this server system via internet ?
A13:No, you can't.
But, let's assume that each departments has a Gendarme server in your company. If each department has their own disclosed contents on their server and a main server links to the servers, you can build a website without sending contents to a main server.
Also, it is same as malicious change objectively and technically to update the contents via internet.
Q14:Even if a file has been updated throug the PC, is a disk cache of the server refleshed?
A14:No, it isn't.
Just before the server reads a file, a disk cash is refreshed.
In our previous website, every time a page is loaded Windows API is published(Device_IO_Control). Or just after a file has been updated through the PC, a re-mount will be done. This is a way of refleshing a disk cache.
Q15: When the server is reading a file, the file is updated through the PC. What will be happend ?
A15: When being worst, it'll be the same thing as to read a broken file. To make assurance doubly sure, the server would be better to use a file after the server reads the file twice and it's identity can be confirmed.
However, in updating a file, the file should not be overwrited. The new file should be written on a free space and then the space in which the old file is written should be registered as a free space.
In this case, the old file can be readable.
Q16: Does Performance fall ?
A16:There is a problem of a disk cache reflesh on the server side, so I think the performance becomes short at this time.
When even an usual server updates a file, a file update and a cache reflesh are done at the same time.
A server file isn't updated by this server system (A PC does.), so, a cache reflesh will be done.
Q17:What happens to a relation between a cryptographic system and this server system?
A17:The premise of the public key cryptosystem is,
1.Private key and the original plane text will not leak.
2.Unlocking and locking system will not be destroyed.
It's to use the computer which has no security holes in other words.
This can be achieved by this server system certainly for the first time. Plane text, locking, an unlocking program and a private key are put in the local HDD of a PC, and then the cryptogram and public key should be written on a 2-head hard disk.
Q18:Can this system correspond to DNS misrepresentation?
A18:When coding a resource by a private key and opening it with a public key, you can find out that it is fake or not.
Close
A1:
1. Absolute safety including the future.
Even if a hacker capture the route and rewrite all memories, there are no functions by which the data and the program on a hard disk are rewritten.
A server is be equipped with by this disk which contains OS software..., so it's impossible to change maliciously.
There is no wiring to the inner network.
An update of web contents is free but it's impossible to change maliciously.
An invasion to the inner PC (network) is impossible.
2. Almost no maintenance work and cost occur.
Even if a virus mail opens by the server in which mail software is installed, nothing is written in a disk and all one written on cache memory are also cleared by a restart.
No problems occur at all.
However, when trying, please remove a cable to the internet.
When trouble is given to a some other place, that would be a problem.
Q2: Is it said that there is no perfection in security?
A2: On this server system, three things below mentioned will be perfect including the future.
1. To defend contents and system programs on the hard disk
against malicious change and clear.
2.No infection by a virus.
3.Not permitting an invasion to the inner PC (network).
4.90% of hacking is said to be an inside job.
The software like intrusion detection system is necessary for an inside job and malicious mistake.
5.This server has no functions against which an availability is defended.
6.The software means are necessary to protect a server from the DOS(Denial of Service attack) and the attack which make a system be downed.
Q3: Are there other advantages of this server system?
A3: The safety is very easy to understand and simple.
1. Accountability to a customer can be achieved easily.
2. Not only safety but also easing your mind.
For disclosing information, the former property can be used on this server system.
Q4: What is main disadvantages of this server system?
A4: I'll give two examples below.
1.You are not be able to use for the purpose of bidirectional communication including a mail.
2.Two computers are necessary.
Q5.What is the advantage of security by software against this server system?
A5:First, I want you to know both the software for security and this server system will be compatible at the same time.
There is a possibility that the attack which can't be stopped only by this server system of Q2:4-6 can be stopped when using software at the same time.Also, A fire wall has the effect which reduces the load on a server by attacks.
Q6:Isn't the same equipment made of an electronic circuit?
A6:It is just I-O Data's R-SCW.
Q7: Some websites are operating on the stand alone server, and the contents are saved from the CD-R or magnetic tape which copied in another computer. What is the difference of the way from this server system?
A7: Safety will be same.
However, this server system is excellent overwhelmingly for the renewal rate of the contents and convenience.
For example, live camera relay can't be achieved at all by the way of Q7. But in every 10 seconds a picture of a live camera is being renewed by our test site.
Q8: Is it easier than using 2head hard disk to mount a harddisk as read-only ?
A8: Even if OS could be defended, there was an attack by which Driver and BIOS are rewritten.
The last hacking way to bypass OS and BIOS and attack a physical address of I/O register of HDD directly may come out.
Only the perfect software which has no security hole or 2-head hard disk will be solution to the way.
Q9:What is the advantage to the trusted OS?
A9:I think the update and the maintenance of HDD on this server system are incomparably easier than that of a trusted OS Server.
The price is also quite low.
Q10:How does it correspond to a new kind of virus?
A10: This server system is infected with no kind of viruses which will occur in the future.
Every kind of virus will work only after being written, but this server system has no writing devices.
Q11: Is the special software for this server system necessary?
A11: No, it isn't. However, the system should work on a read only drive. Also It's necessary that the file format of the disk is parallel with a PC's file format.
This server system will be able to work on diskless Computer. For example Windows Embedded, Linux booted from CD-ROM and Rom-based system which is poplular in Factory Automation.
WindowsXP Professional works on our demonstration website.
Q12:What kind of software is used on PC ?
A12:The PC and the server should have common file format. It is not necessary that the PC and the Server have common OS.
Q13: Can you send the contents to this server system via internet ?
A13:No, you can't.
But, let's assume that each departments has a Gendarme server in your company. If each department has their own disclosed contents on their server and a main server links to the servers, you can build a website without sending contents to a main server.
Also, it is same as malicious change objectively and technically to update the contents via internet.
Q14:Even if a file has been updated throug the PC, is a disk cache of the server refleshed?
A14:No, it isn't.
Just before the server reads a file, a disk cash is refreshed.
In our previous website, every time a page is loaded Windows API is published(Device_IO_Control). Or just after a file has been updated through the PC, a re-mount will be done. This is a way of refleshing a disk cache.
Q15: When the server is reading a file, the file is updated through the PC. What will be happend ?
A15: When being worst, it'll be the same thing as to read a broken file. To make assurance doubly sure, the server would be better to use a file after the server reads the file twice and it's identity can be confirmed.
However, in updating a file, the file should not be overwrited. The new file should be written on a free space and then the space in which the old file is written should be registered as a free space.
In this case, the old file can be readable.
Q16: Does Performance fall ?
A16:There is a problem of a disk cache reflesh on the server side, so I think the performance becomes short at this time.
When even an usual server updates a file, a file update and a cache reflesh are done at the same time.
A server file isn't updated by this server system (A PC does.), so, a cache reflesh will be done.
Q17:What happens to a relation between a cryptographic system and this server system?
A17:The premise of the public key cryptosystem is,
1.Private key and the original plane text will not leak.
2.Unlocking and locking system will not be destroyed.
It's to use the computer which has no security holes in other words.
This can be achieved by this server system certainly for the first time. Plane text, locking, an unlocking program and a private key are put in the local HDD of a PC, and then the cryptogram and public key should be written on a 2-head hard disk.
Q18:Can this system correspond to DNS misrepresentation?
A18:When coding a resource by a private key and opening it with a public key, you can find out that it is fake or not.
_
Reverse Proxy Server
If a web server receives a search request for DB, the request is
sent to a DB server on Internal network.
Therefore, the DB server should never be broken into. But would you say that I got firewall(adress filtering) so
my network security will never be intruded ?
Next
Therefore, the DB server should never be broken into. But would you say that I got firewall(adress filtering) so
my network security will never be intruded ?
Reverse Proxy is a
solution. If a search request comes to a web server, a software on the server
search
the answer from internal network and meets the request. The software is reverse proxy software and it is
the way of reverse proxy to protect from intrusion.
Reverse Proxy Server Functions
A. Request from the Internet will nerver reach into Internal network
B. The server will search the answer of request from the Internet and gives it to the Internet.
The server with 2Head/Port HDD is the perfect reverse proxy. It is impossible to product a software without security holes.
Close
the answer from internal network and meets the request. The software is reverse proxy software and it is
the way of reverse proxy to protect from intrusion.
Reverse Proxy Server Functions
A. Request from the Internet will nerver reach into Internal network
B. The server will search the answer of request from the Internet and gives it to the Internet.
The server with 2Head/Port HDD is the perfect reverse proxy. It is impossible to product a software without security holes.
_
about hosting
Suppose that you edit some disclosure information on your computer in private network. If your company uses hosting service and you FTP the information to a web server from your computer, the private network is not private. It's open. If you want to isolate your private network perfectly,
burn the information onto a CD-R and send it by postal mail.
Suppose that you use
Gendarme. You update disclosure data on 2Head/Port HDD from your computer in
private network. Then you create hyperlinks from html documents on a hosting
server to the data on Gendarme via read-only port. The private network is
perfectly offline but you can update the disclosing data.
Close
_
an expample for disclosure
There are many websites which transmit frequent updated information and need to accept no binary data from the Internet. If you use a standard web server, an intrusion and virus infection on your server may occure.
However, nothing invades
Gendarme. If you install Gendarme at public information disclosure department
and connect it to the Internet, you don't have to take care of the security and
its cost.
Suitable for : official announcement, public notice, download sites, announcement of application results, software update information, ets.
Close
Suitable for : official announcement, public notice, download sites, announcement of application results, software update information, ets.
_
aa
Network server secured by off-line communications
Last several years, so many network servers have been intruded illegally through the Internet and serious troubles have been caused.
Two-head disk server system is proposed where all disk files of the system cannot be affected in principle. Because the server communicates with the administrator off-line, local information cannot be accessed from the Internet.
Most of current computers
are based on stored program system designed by Von Neuman. All data and software
even coming from the Internet, are aligned together in internal memories. This
situation is very convenient for illegal intrusion procedure like buffer over
flow. And successive attack to the hard disk, damages will become serious as
follows:
1. stealing of secret information including secret keys, passwords and account numbers,
2. falsification of files to execute malicious codes,
3. distribution of virus files by referring to mail address files, and 4. defacing of web sites.
To improve security, many recovering systems for disk files from cracking have been developed.
The question is who can guarantee such a recovering system from illegal intrusion?
The proposed system consists of a networked server, a private computer, and a special disk equipped two independent I/O channels (sets of head, controller and interface).
The computer and the server are connected to each I/O channel of the disk. I/O channel connected to the server is restricted to "read-only" by hardware, i.e. removing the writing coil on the head.
If the disk is a sole device of the server, affection to the disk files and virus infection is impossible. Whereas using the computer, all files can be updated as usual.
The server and the computer are off-line, intrusions cannot pierce into the computer. Information in the local disk of the computer including passwords, mail addresses and encrypting systems cannot be accessed from the network.
The characteristics of this proposed system is as follows:
1. no secret key, hidden algorithm or password is required to maintain its security,
2. if a betrayer operates the computer, this system can protect nothing by the native competence, and
3. This system cannot prevent the server being hacked or paralyzed by distributed denial of service attack.
By adding a new two-head disk between the server and the computer, information from the Internet can be received with security.
Assume a new two-head disk is equipped an add-only channel to be connected to the server, and a read/write channel to be connected to the computer.
Through add-only channel, one can add files in the disk but cannot find, read, delete and falsify the existing files.
All information received from the Internet can be added to the new add-only disk in file form.
Then the computer transfers those files from the new two-head disk to the former two-head disk by binary image copy. It is assumed that the computer does not open those files.
The server will be able to open those transferred files in the former two-head disk.
Then the server may be hacked. But it has no hardware apparatus to affect any existing files in the two two-head disks, no virus infection or disk cracking will occur.
Takano,N*, Takefuji,YEBR>*Scarabs Co., Ltd., 3-2-1 chuoh, Chiba, 260-0013 Japan, E-mail: takano@scarabs.com
†Faculty of Environmental Information, Keio University, 5322 Endo Fujisawa, 252-0816 Japan, e-mail:takefuji@sfc.keio.ac.jp
Figure 1
Two removable hard disk drives on the market were decomposed. One of the chassis was cut to remove the spindle motor and joined to the other entire chassis. Heads and voice coil motors were reassembled on the joined chassis. Each controller circuit boards were attached again and one of the writing functions is removed. Useless spindle motor and its servo are idling.
Experimental site (http://www.securecomputer.co.jp/Ephoto.asp) of live camera with this two-port disk is running now.
Close
1. stealing of secret information including secret keys, passwords and account numbers,
2. falsification of files to execute malicious codes,
3. distribution of virus files by referring to mail address files, and 4. defacing of web sites.
To improve security, many recovering systems for disk files from cracking have been developed.
The question is who can guarantee such a recovering system from illegal intrusion?
The proposed system consists of a networked server, a private computer, and a special disk equipped two independent I/O channels (sets of head, controller and interface).
The computer and the server are connected to each I/O channel of the disk. I/O channel connected to the server is restricted to "read-only" by hardware, i.e. removing the writing coil on the head.
If the disk is a sole device of the server, affection to the disk files and virus infection is impossible. Whereas using the computer, all files can be updated as usual.
The server and the computer are off-line, intrusions cannot pierce into the computer. Information in the local disk of the computer including passwords, mail addresses and encrypting systems cannot be accessed from the network.
The characteristics of this proposed system is as follows:
1. no secret key, hidden algorithm or password is required to maintain its security,
2. if a betrayer operates the computer, this system can protect nothing by the native competence, and
3. This system cannot prevent the server being hacked or paralyzed by distributed denial of service attack.
By adding a new two-head disk between the server and the computer, information from the Internet can be received with security.
Assume a new two-head disk is equipped an add-only channel to be connected to the server, and a read/write channel to be connected to the computer.
Through add-only channel, one can add files in the disk but cannot find, read, delete and falsify the existing files.
All information received from the Internet can be added to the new add-only disk in file form.
Then the computer transfers those files from the new two-head disk to the former two-head disk by binary image copy. It is assumed that the computer does not open those files.
The server will be able to open those transferred files in the former two-head disk.
Then the server may be hacked. But it has no hardware apparatus to affect any existing files in the two two-head disks, no virus infection or disk cracking will occur.
Takano,N*, Takefuji,YEBR>*Scarabs Co., Ltd., 3-2-1 chuoh, Chiba, 260-0013 Japan, E-mail: takano@scarabs.com
†Faculty of Environmental Information, Keio University, 5322 Endo Fujisawa, 252-0816 Japan, e-mail:takefuji@sfc.keio.ac.jp
Figure 1
Two removable hard disk drives on the market were decomposed. One of the chassis was cut to remove the spindle motor and joined to the other entire chassis. Heads and voice coil motors were reassembled on the joined chassis. Each controller circuit boards were attached again and one of the writing functions is removed. Useless spindle motor and its servo are idling.
Experimental site (http://www.securecomputer.co.jp/Ephoto.asp) of live camera with this two-port disk is running now.