Physical access to computers: can your computer be trusted?

Abstract

The proliferation of low cost computers has been a boon to productivity. Easier physical access, however, puts computer-based information at greater risk. The information at risk is not limited to unencrypted files stored in the exposed computer. Files encrypted using the exposed computer may be vulnerable. Any computer accessed through the exposed computer, or another computer on the same LAN, may be vulnerable. This paper examines some of the threats that can result from physical access. These include data scavenging, keystroke monitoring and network packet monitoring. Targeted information may be of value in its own right (primary information), or may provide the keys (secondary information) to protected information. Examples of secondary information targets include passwords or encryption keys.