Previously oktokie said:
I work at company doing asset management and disposition. Often our
customer require harddrive DoD datawipe as option. When our customer
purchases the service, we'd like to provide some sort of certificate
as proof that service was performed. What are our options? Is there a
software which performs DoD datawipe and generates certificate upon
complete / per harddrive base?
Let me know if anyone know any sort of software or hardware system
which dispenses certificate.
Not really. Or at least not something that can very easily be
faked. The problems are mainly the following:
1) How do you prove the connection between the customer's data
and the deviece that was wiped?
2) How do you prove that the customer's data was only on that device?
3) For string certificates you would need a tamper-proof disk wipe
system. And a reliable way to tie the certificate to the disk.
Problems with that:
for 1): You basically cannot do this. If the customer had a 1:1 copy
of the disk, you could give them a checksum. But you could
then hand them the disk direcly instead. I take it that is
not really what you want to do.
for 2): You cannot do this with technological means.
for 3): Forget about such a device. Nobody in the security field
dares talk about tamper-proof today. "Tamper resistant"
is the most people arw willing to say, since so many thought
to be secure devices have been broken.
You still want to give the customer some assurance, that the
wipe was really done. After all, you could claim that and never
do it and save money. Here is what I propose:
For each customer and job, have some person be formally
responsible for the secure handling of the data.
1. Before you put any customer data on a disk, have the
person certify that this disk (with serial number from the
label, in a written statement on paper) is now designated
to be used for this specific data/job.
2. When the disk is to be wiped, again have the person
certify this with disk serial, date, time, place.
3. Wipe the disk and have the security person certify.
that it was wiped, agein with serial, time, place.
4. Send the wiped disk to the customer.
Make sure the doscuments are stored in a secure location
were the security person cannot get at them or alter
them afterwards. He/she can of course keep a copy.
You then can do surprise checks on whether doucmentation
and disks do actually match. Depending on the people
involved, these may be unnecessary. You have to trust them
anyways.
In any step you can have additional witnesses certify what happens. Do
not have the disk serial preprinted. Have it filled in by each
witness in their own handwriting and from the disk label. The wiping
should likely be done by somebody else so that there are at least two
witnesses. Step 4 assures that you actually have wiped some disk and
that the customer can at least verify that. Oh, and explain to the
customer how the procedure works. Then they can do surprise checks, if
they like, and check whether the document from step 1. actually exists
and matched the disk their data is on.
Still not perfect, but it significantly reduces any possible gain you
could have by just claiming to have wiped the disk. After all, you do
indeed need to wipe a disk and one in a credible size-range. And you
do need to send a working disk to the customer that has been wiped and
used for an appropriate time (can be checked in SMART data). The only
possible gain on your side I see is that you could slack off in the
documentation steps. But they represent only a minor amount of work,
so most of your incentive to cheat has been removed. Together with the
inspection possibility by the customer, this should be enough to
convince.
Arno
