Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Self-Encrypting Hard Drives and the New Security

ScuttleMonkey posted more than 5 years ago | from the you-can't-protect-against-stupid dept.

Security 205

In a recent blog post, CNet's Jon Oitsik has called for a policy shift with respect to data encryption. A new standard by the Trusted Computing Group promises the availability of self-encrypting hard drives soon, leading some to call for immediate adoption. Will this create even more security problems due to lazy custodians, or should someone responsible for keeping your information safe be required to move to the new hardware? Hopefully the new hardware comes with a warning to continue to use other data protection measures as well.

cancel ×

205 comments

Sorry! There are no comments related to the filter you selected.

"Hopefully a warning..." (5, Funny)

MaxwellEdison (1368785) | more than 5 years ago | (#27124115)

Oh there's a warning, it's just been encrypted for its own protection.

Propriety Encryption (5, Funny)

sheddd (592499) | more than 5 years ago | (#27124119)

Never has a backdoor!

Re:Propriety Encryption (4, Insightful)

Shakrai (717556) | more than 5 years ago | (#27124251)

You got a funny mod but it should be insightful. That was my first thought......

Don't worry though, it's for your protection. Think of the children/terrorists!

Re:Propriety Encryption (0)

Anonymous Coward | more than 5 years ago | (#27124695)

Those damn child terrorist bug the hell out of me. Good thing someone is finally telling me to think about them... again.

Re:Propriety Encryption (1)

mrsteveman1 (1010381) | more than 5 years ago | (#27124783)

You would have forgotten, and they are small enough to sneak up on you. You should be thankful for all the warnings.

Re:Propriety Encryption (4, Insightful)

dgatwood (11270) | more than 5 years ago | (#27124311)

I wouldn't worry about back doors. Given the history of "secure" hardware devices, I'd be more worried about them turning the password trivially into a 64-bit key, using XOR with the key, and storing the key in unencrypted flash for verification....

64-bit key? (3, Funny)

Jon.Laslow (809215) | more than 5 years ago | (#27124465)

All of my sensitive data is double-ROT-13 encrypted!

Re:64-bit key? (2, Informative)

Aphoxema (1088507) | more than 5 years ago | (#27124507)

I use Quadruple-rot-13, far more effective IMHO.

Re:64-bit key? (2, Funny)

UnderDark (869922) | more than 5 years ago | (#27124635)

4096 cycle rot-13 is much much more effective drain on cpu cycles

Re:64-bit key? (0)

Anonymous Coward | more than 5 years ago | (#27124681)

64-ROT-26 is where the money is. Backdoor proof.

Re:64-bit key? (2, Insightful)

sheddd (592499) | more than 5 years ago | (#27125151)

And you get modded informative. Nice!

Re:64-bit key? (3, Funny)

Anonymous Coward | more than 5 years ago | (#27125611)

I use Quadruple-rot-13, far more effective IMHO.

ROT-13 should be the new trigger for Godwin's law in Slashdot discussions.

Re:64-bit key? (1)

kalirion (728907) | more than 5 years ago | (#27125459)

I'm sorry, I couldn't read your post. Could you post the algorithm and key to unencrypt it?

FIPS 140-2 (2, Interesting)

Digital_Quartz (75366) | more than 5 years ago | (#27125573)

In theory, if these drives are being used by a US government agency for encryption, then the drives need to be FIPS 140-2 [nist.gov] certified.

In order be certified, there is a stringent list of algorithms that may be used, for both encryption and random number generation, and these algorithms need to be tested and certified themselves.

We'll have to see if the hard drive companies want to go through the headaches involved to get FIPS certification, or whether this is meant as a gimmick for consumers.

Re:Propriety Encryption (5, Informative)

hweimer (709734) | more than 5 years ago | (#27124633)

Actually, this is about a new specification created by the Trusted Computing Group, so it's fairly open stuff. However, I fail to see how this actually solves any of the problems related to recent data breaches. If you lose your notebook with all your data the attacker also gets access to the Trusted Platform Module and can decrypt the disk. If you want to securely transport your data, this is horribly inconvenient as the whole point is to be able to access the data on different machines (which this tries to prevent).

Re:Propriety Encryption (5, Informative)

Lumpy (12016) | more than 5 years ago | (#27124915)

Some people say no but I have seen this in action.

We had secure laptops here with encryption and smartcard security. Bought all Dell 620's with built in smartcard slot.. all was peachy.

We tested our security. 9 out of 10 laptops had the smartcard in them in the bag. AND their pin access number was on the laptop somewhere. os the encryption and any login security was overridden by user failure.

Re:Propriety Encryption (0)

Anonymous Coward | more than 5 years ago | (#27125451)

9 out of 10 laptops had the smartcard in them in the bag

A phone company guy working on my line had a laptop with a SecurId card taped to the laptop so it was easy to type in the number.

Re:Propriety Encryption (0)

Anonymous Coward | more than 5 years ago | (#27125227)

If you lose your notebook with all your data the attacker also gets access to the Trusted Platform Module and can decrypt the disk.

This probably takes care of the cases of using a portable drive, and for when a machine is decommissioned: you don't have to worry about wiping the disk if you separate it from motherboard. There have been a few stories of stand-alone, used disks being sold on eBay and various flee markets with personal information.

Nothing is stopping you for using software (OS-level, PGP) encryption in addition to whatever is in the hardware.

Re:Propriety Encryption (1)

PCM2 (4486) | more than 5 years ago | (#27125347)

If you lose your notebook with all your data the attacker also gets access to the Trusted Platform Module and can decrypt the disk.

Yes, but on the other hand, this seems like it could help prevent cases where employees steal the hard drives out of servers. (It's a lot easier to walk out the front door with a couple of hard drives in a duffel bag than it is to make off with two or three complete rack-mount servers.)

Re:Propriety Encryption (1)

eean (177028) | more than 5 years ago | (#27124641)

Is anyone talking about propriety encryption though? I mean the NSA has standards for encryption that obviously the Federal government would follow, but so does most of the industry.

Looks like DRM/proprietary lock-in (itsatrap) (1)

Khopesh (112447) | more than 5 years ago | (#27124657)

Oh good, so now I need a special driver with which to decrypt my hard drive, so it won't work with the Linux or BSD kernels.

I would buy such a product (encrypted HDD or encrypted SATA/SAS [RAID] controller) if it were completely open (as in GPL-compatible) firmware, open specs, and solid assurances of fair play with respect to patents, etc. Especially if the encryption/decryption is performed on a dedicated chip so as to keep resource costs from growing.

... and battery back-up (like other hw RAID controllers), confirmed writes via journal for data integrity, ... hmm, I have some high demands. Maybe I'll just stick with TrueCrypt [truecrypt.org] .

Re:Looks like DRM/proprietary lock-in (itsatrap) (3, Insightful)

mrsteveman1 (1010381) | more than 5 years ago | (#27124861)

Self encrypting would be in the drive no?

So to an operating system, once the drive has been unlocked by a firmware command it should appear as a cleartext ATA device.

Re:Propriety Encryption (0)

Anonymous Coward | more than 5 years ago | (#27125125)

Of course not! Even referring to one's back door is the height of impropriety.

Re:Propriety Encryption (1)

s0litaire (1205168) | more than 5 years ago | (#27125149)

Just to annoy them i'd use PGP encrypted files in a trucrypt container on the encrypted hard drive...

Decryption (3, Funny)

MrEricSir (398214) | more than 5 years ago | (#27124147)

Hopefully they're also self-decrypting. Although it would certainly be more secure without this feature.

Re:Decryption (1)

youthoftoday (975074) | more than 5 years ago | (#27124489)

at last! secure /dev/null !

If it's self encrypting and self decrypting (4, Funny)

Colin Smith (2679) | more than 5 years ago | (#27124795)

How will you know if your data was encrypted?

 

Re:If it's self encrypting and self decrypting (1)

MrEricSir (398214) | more than 5 years ago | (#27125571)

Don't worry, just send me the hard drive and the password, and I'll check for you.

Re:If it's self encrypting and self decrypting (0)

Anonymous Coward | more than 5 years ago | (#27125667)

Send me $20 and I will set your drive to automatically encrypt and decrypt with the activation of your power button. You don't even need to know a password, seamless integration! ;)

Multiple security layers (5, Informative)

leromarinvit (1462031) | more than 5 years ago | (#27124161)

An additional layer of encryption can't be bad. If it's a good implementation with no critical bugs and backdoors, great, you've just made it harder for someone to get your data. If it isn't, it's still no worse than storing plain text.

Just don't rely on this as your only security measure.

Re:Multiple security layers (5, Insightful)

GMFTatsujin (239569) | more than 5 years ago | (#27124339)

Unless it does something unexpected, such as, say, making it a nightmare to recover files off the drive for legitimate reasons.

I foresee a lot of IT departments pulling their collective hair out on this one: some Executive Director with a penchant for buying the Shiny New Thing stores mission critical data on a self-encrypting drive, some motherboard component on the computer blows up, and now the hard drive -- while fine -- is inaccessible.

Yay.

Re:Multiple security layers (3, Insightful)

Todd Knarr (15451) | more than 5 years ago | (#27124581)

Or worse, said Executive Director stores information on that drive that's relevant to a lawsuit. And when you have to tell the court that you've lost evidence because of this, you end up facing the possibility of losing some points in the case (or even the entire case) as sanction for spoliation of evidence. Even if the evidence would have exonerated your company. We won't even discuss the fun if it's tax- or SEC-related.

Re:Multiple security layers (2, Insightful)

mrsteveman1 (1010381) | more than 5 years ago | (#27124899)

That's why you do separate encrypted offsite backups. Encrypted transport over some cable or network to another encrypted container like a LUKS volume or something.

You should never rely entirely on one copy of data anyway, this seems to be just a way to protect drive data from theft.

I'll wait until the 3rd generation. (0)

Anonymous Coward | more than 5 years ago | (#27125279)

It seems reasonable to wait until the third generation of self-encrypting drives. Let everyone else experience the lost data.
Until then, Truecrypt is fine, and has the advantage of not being proprietary. Since the government believes it can operate in secret, proprietary systems may be forced to install back doors.

Re:Multiple security layers (1)

Jamu (852752) | more than 5 years ago | (#27124353)

An additional layer of encryption can't be bad.

Probably not with different encryption schemes. If it's the same encryption scheme applied twice though, couldn't the encryption be easier to break? This is obviously the case for a trivial scheme like ROT13, but what about more practical schemes like AES?

Re:Multiple security layers (1)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#27124467)

Depends on the scheme. ROT13 is obviously a toy example; but DES isn't(outmoded, yes) and, while you'll see DES and 3DES, you'll never see 2DES, for that reason.

Re:Multiple security layers (1)

leromarinvit (1462031) | more than 5 years ago | (#27124621)

IANAC (I am not a cryptographer), but isn't that only a problem if you use the "inverse" of the first key for the second encryption, where DES(key2) == DES^-1(key1)?

Re:Multiple security layers (1)

afidel (530433) | more than 5 years ago | (#27124645)

And even 3DES needs modification from the base algorithm, just applying straight DES three times does leave you less secure. This was one of those interesting things that the general public didn't find out until decades later but the NSA actually suggested a modification to the S-box in DES for use with triple DES. Turns out that modification prevented a particular class of EC analysis against 3DES, a technique that wasn't available in academic circles until almost two decades after the NSA change.

Re:Multiple security layers (1)

profplump (309017) | more than 5 years ago | (#27125407)

Where did you get this information? 3DES uses the same algorithm as 1DES, just applied three times. In fact, one of the design goals of 3DES was that in EDE (encrypt-decrypt-encrypt) mode, using the same key for all three stages, it was functionally equivalent to 1DES, thus allowing you to use the same hardware for both 1DES and 3DES. 3DES has also be implemented in EEE models, which are no less or more secure than the EDE model.

The only thing 3DES leaves you "less secure" than is perhaps a naive assumption of complexity -- while you might expect 168 effective key bits you really only get about 112, due to the meet-in-the-middle attack. But 112 is still a lot more than the 56 effective bits you get with 1DES.

Re:Multiple security layers (2, Funny)

mustafap (452510) | more than 5 years ago | (#27124669)

>you'll never see 2DES

Pity really, 'cause 2DES is very secure when hackers think it's triple DES :o)

Re:Multiple security layers (1)

profplump (309017) | more than 5 years ago | (#27125267)

Actually you'll never see 2DES because it only adds a trivial amount of security -- with a meet-in-the-middle attack it only provide about 57 bits effective key length, a mere one bit more than 1DES. Even 3DES only provides 112 effective key bits due to the same attack.

But 2DES is not less secure the 1DES, it's just not enough better to bother. 3DES also has the advantage of a encrypt-decrypt-encrypt mode with a single key, which allows you to use the same hardware to do both 1DES and 3DES.

Re:Multiple security layers (1)

icebike (68054) | more than 5 years ago | (#27125327)

An additional layer of encryption can't be bad.

Probably not with different encryption schemes.

My understanding is that dual (or any multiple) encryption provides no additional
protection because brute forcing the product is no more difficult than brute forcing
the first encryption.

Re:Multiple security layers (1)

hedwards (940851) | more than 5 years ago | (#27124357)

Except for the first clause of your second sentence. It's pretty much guaranteed that there'll be critical bugs or back doors. And more likely than not it'll be cracked soon after release leading to other problems.

Re:Multiple security layers (5, Insightful)

Lord Ender (156273) | more than 5 years ago | (#27124689)

No. Worthless security measures are bad for security because they provide a false sense of security. This influences behavior. So bad "encryption" really can be worse than plain text.

Re:Multiple security layers (0)

Anonymous Coward | more than 5 years ago | (#27124911)

If it's insecure and involves a performance overhead then yes it is worse than storing plain text. The security onion is a good principle but each layer comes at a price.

self encrypting, probably self-defeating too (4, Insightful)

petes_PoV (912422) | more than 5 years ago | (#27124167)

And the very first thing the users will do is write down the encryption key, so they don't forget it.

After all, what's the point of having all your data on a disk that you can't access? It's far more likely that the user(s) will forget the key, than for the drive to fail. However, the result will be the same in both cases: inaccessible data and if past experience is anything to go by, no backups (which would also have to be encrypted, again with the isssue over keys).

Until the average PC user radically rethinks their attitude towards their computers - whether at work or play, this seems just one step too far.

Re:self encrypting, probably self-defeating too (1)

John Hasler (414242) | more than 5 years ago | (#27124345)

> And the very first thing the users will do is write down the encryption key, so they
> don't forget it.

That's exactly what they should do, unless it's a corporate machine subject to central key management. They also should, of course, put the key somewhere secure and seperate from the computer.

Re:self encrypting, probably self-defeating too (2, Funny)

SBrach (1073190) | more than 5 years ago | (#27124601)

Like a post-it under the keyboard.

Re:self encrypting, probably self-defeating too (1)

icebike (68054) | more than 5 years ago | (#27124385)

I don't see it that way. Its no worse than a password protected account on a machine.

Do you write down a password you use every day?

If this implemented on a wide scale, you wouldn't need any other passwords on a single user machine such as a laptop.

Clearly, on a corporate or multi-user machine, its a problem (additional password), because you end up having to give it to every user.

Re:self encrypting, probably self-defeating too (0)

Anonymous Coward | more than 5 years ago | (#27124687)

I have one of these Full-Disc Encryption drives in my corporate laptop, it is exactly as you said, you use the key every time you start the computer, (and I, insecurely use the same pw as I use for windows start-up) so even if I don't remember the pw, my fingers do.

If I am incapacitated, however, the data is lost to my corporation, not sure if they took that into account.

Re:self encrypting, probably self-defeating too (1)

wastedlife (1319259) | more than 5 years ago | (#27125425)

If I am incapacitated, however, the data is lost to my corporation, not sure if they took that into account.

Are you sure your corporate IT staff does not have access to a master key/backdoor that could unlock your laptop in the case of you being unable to (i.e. you die, get fired, wind up in coma, etc)? Also, if your corp is worried about losing data, they should really have some sort of backup plan. Maybe encrypted backup over a VPN link so the data remains secure?

Re:self encrypting, probably self-defeating too (0)

Anonymous Coward | more than 5 years ago | (#27125683)

Different AC here.

At the place I work, we have to give our disc-encryption password on a piece of paper to HR. They lock it away, so then they have a record of my notebook's drive password if I'm ever incapacitated. Then I have a different password that changes every 90 days on my Windows account, which obviously can be easily reset by the IT guys.

In addition, we use an encrypted backup system like the one you mention.

Re:self encrypting, probably self-defeating too (1)

0100010001010011 (652467) | more than 5 years ago | (#27124509)

You say that like it's a bad thing. If it was a matter of losing everything I owned, I'd write the key down somewhere. I currently keep all my passwords on a hand written piece of paper in a safety deposit box at my house in case I die so someone can access my shell / accounts.

It's more than likely that someone is going to grab my laptop at the airport than when I'm sitting at it writing the password down.

Re:self encrypting, probably self-defeating too (2, Informative)

Snowblindeye (1085701) | more than 5 years ago | (#27124991)

And the very first thing the users will do is write down the encryption key, so they don't forget it.

Well, Bruce Schneier recommends writing down your passwords. [schneier.com]

Quote:

. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.

Re:self encrypting, probably self-defeating too (1)

nextekcarl (1402899) | more than 5 years ago | (#27125239)

That would suck if you got mugged (or like some people I know, have a habit of losing any small object you own at a moment's notice :sigh: ).

I don't mean that the muggers have your password, but more that if I write something down I tend to not remember it quite as well. After all, I have it written down, so why bother remembering it? I don't actually think that consciously, but it does seem to be the case (for me anyways).

hmm (4, Interesting)

n3tcat (664243) | more than 5 years ago | (#27124203)

if encrypted hard drives become the norm, will authorities be more apt to treat it as a protected right rather than as a method of hiding shit?

Re:hmm (2, Insightful)

Shakrai (717556) | more than 5 years ago | (#27124237)

My first thought was that the encrypted hard drives will probably have a back door built into them to keep us safe from all those kiddie pornographers..... Think of the children!

Kiddie porn? Think cell phones. (2, Informative)

davidwr (791652) | more than 5 years ago | (#27125251)

I wouldn't worry too much about children shooting porn and storing it on their laptops. Everyone knows they prefer to use cell phones [floridatoday.com] .

Re:hmm (1)

wastedlife (1319259) | more than 5 years ago | (#27125513)

Think of the children!

Why are these people always thinking about children? Jeez, you'd think they were pedophiles or something.

Re:hmm (1)

powerlord (28156) | more than 5 years ago | (#27125617)

Think of the children!

No! Think of the terrorists!

Heck, lets compromise ...

Think of the Children-Terrorists!

Old hat (0, Flamebait)

flyingfsck (986395) | more than 5 years ago | (#27124255)

Self encrypting drives have been available for years already. However, they are always behind the curve - small and slow.

I want one with a removable key (5, Insightful)

davidwr (791652) | more than 5 years ago | (#27124257)

It's hard to do with fixed drives, but I want USB drives and memory sticks that come with their own dongle-key that plugs into the storage device, so they key can be separated from the drive. Even better if it has its own keypad or fingerprint reader for authentication. "Something you have, plus something you know."

Re:I want one with a removable key (4, Informative)

afidel (530433) | more than 5 years ago | (#27124969)

Biometrics are actually pretty bad from a security perspective, they are a fact which means once exposed they cannot be changed to avoid further compromise. If a biometric system were perfectly implemented this wouldn't matter, but none of them are so it's best to just use a smartcard for the something you have portion.

Hardware crypto leads to better security? BULL! (3, Interesting)

Chas (5144) | more than 5 years ago | (#27124279)

Spoken (or typed in this case) like someone who's completely misunderstood the security process and thinks that [Insert Buzzword] = Security

Lock out vs lose data (5, Interesting)

uberdilligaff (988232) | more than 5 years ago | (#27124283)

While the focus will be on preventing data from being accessed when the PC is stolen, this will come with the rather severe side effect that a significant number of users will irreversibly lock themselves out of all their data by losing/forgetting their pass phrase. Too bad you can't reduce the first problem without increasing the second.

Re:Lock out vs lose data (3, Insightful)

TubeSteak (669689) | more than 5 years ago | (#27124593)

While the focus will be on preventing data from being accessed when the PC is stolen, this will come with the rather severe side effect that a significant number of users will irreversibly lock themselves out of all their data by losing/forgetting their pass phrase. Too bad you can't reduce the first problem without increasing the second.

Are the contents of your wallet at least as valuable, to you, as the content of that encrypted hard drive?
Good, then write down the passphrase and put it in your wallet.

I bet most people take a lot more care with their wallet than they do with their work passwords.

Re:Lock out vs lose data (1)

ACMENEWSLLC (940904) | more than 5 years ago | (#27124721)

For the average user what would be nice is if somehow this encryption talked wireless to a device I had tethered to my key chain.

Perhaps when I boot, I have to click on a button to unlock the encryption, just like I do to open my car.

While that is not governmental level security, it is something a user can understand. It means I don't have to remember anything other than my keys, which I already am use to. It also lets IT make backup devices (car lots can make you another key fob) in case the user looses theirs, the user quits, or IT needs access.

This would solve part of the lost laptop data problem. Of course, if the user just puts the laptop to sleep, that's an issue.

Key escrow (3, Interesting)

davidwr (791652) | more than 5 years ago | (#27125025)

If there were multiple keys, each one of which could unlock the drive this would be fine. The owner, i.e. the IT dept., gets the main key and the user and others get backup keys.

One way to implement it:

The drive will accept either its on-board key or a key from a dongle. The on-board key of course will be encrypted with a passphrase that can be changed without changing the underlying key. If EITHER the passphrase is entered OR another copy of the key with ITS passphrase is present, the drive is unlocked.

Paranoid users could invalidate the on-board key, requiring the use of a dongle to unlock the drive.

Another option:
A 3-layer version, where a heavily-encrypted "super key" is on the drive, with multiple "supplemental keys" which may or may not be on the drive which decrypt the super key AND which define access, e.g. a "read only" key, a "read/write key," and an "administration key." Zero or more of these could be stored on the drive, encrypted with passphrases. Others could be stored on dongles, again, encrypted with passphrases. In this scenario, IT would control the administrator key and the person in possession of the laptop would control the read-write key and the read-only key. The read-only key would be turned over in response to subpoenas or customs officials where required by law. In draconian societies like America^H^H^H^H^H^H^H China, an additional, non-removable backdoor key would probably be held by the government.

Encryption != Security (4, Insightful)

elrous0 (869638) | more than 5 years ago | (#27124321)

If it's a proprietary system where some insecure company or insecure government agency has the keys, why even bother? If anything, it's only providing you with a dangerously false sense of "security."

Re:Encryption != Security (0)

Anonymous Coward | more than 5 years ago | (#27125365)

If it's a proprietary system where some insecure company or insecure government agency has the keys, why even bother? If anything, it's only providing you with a dangerously false sense of "security."

For most people and organizations the government isn't the real risk you're trying to guard against.

I'm guessing you're in the US: the citizens of a lot of other countries aren't as paranoid as many Americans are when it comes to their governments.

Re:Encryption != Security (1)

elrous0 (869638) | more than 5 years ago | (#27125639)

Actually, lately it seems like Australia, the UK, and a lot of other European countries' governments are becoming way worse than the U.S. The U.S. government is far from a beacon of freedom, but at least our government isn't trying to firewall the whole country (not yet anyway).

Really? (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#27124323)

I want some of what this guy is smoking. He seems to be under the impression that, because the encryption is handled in hardware, there will be no software to deal with. And what, pray tell, will configure the hardware, and set crypto keys, and hold them in escrow in case of the inevitable forgetting, and change them if needed, and so on and so forth?

Hardware encryption certainly has its advantages; but if you can't handle deploying software encryption now, I'm deeply skeptical of your ability to handle deploying hardware encryption.

How can you trust it to not have a back door? (2, Insightful)

Eric Smith (4379) | more than 5 years ago | (#27124331)

The big risk with FDE is that the drive may, unbeknownst to the owner, cache and store the encryption keys somewhere inside the drive, either on the media or in nonvolatile memory, making it available to those that know where to find it.

Even if the standard drive firmware doesn't do that, how would you know that the firmware of the drive wasn't modified sometime after manufacture and before purchase to install such a back door?

If you were an agent of some government that wanted to be able to access data on disk drives whose owners believe them to be encrypted, what better way to do that than to either convince the drive vendors to install a back door for you, or to let you tamper with the drives at some point in the process? That would eliminate a whole lot of hassle for you, and there are only a few drive vendors you'd have to subvert.

I think I'll stick to LUKS and dm-crypt. It's not a perfect solution, and it's still possible that someone could subvert my encryption, but doing it in the software I have some measure of control over clearly makes it harder for them than doing it in hardware that I have no choice but to trust blindly.

Am I paranoid? Sure. Probably no one is trying to steal my keys or my data. But the likelyhood of the existence of a back door has NOTHING to do with whether the bad guys (or maybe the good guys?) are interested in my data. Even if no one intends to steal my data today, once a back door exists it can be used against me in the future.

Re:How can you trust it to not have a back door? (1)

icebike (68054) | more than 5 years ago | (#27124609)

> if you were an agend of some government...

You wouldn't have to "tamper" with drives after manufacture.
You would already have your built in back door.

Re:How can you trust it to not have a back door? (1)

Zerth (26112) | more than 5 years ago | (#27125373)

If it is anything like the various encrypted USB sticks, it'll be trivially cracked with a logic probe and maybe soldering on another controller/copying the firmware from another drive for which the key is known.

Encrypted laptop drives from online stores (1)

mikael (484) | more than 5 years ago | (#27124427)

Some of the online stores are already selling "encrypted hard disk drives". The firmware stores an encryption key that is used to process all data as it goes on and comes off the disk drive platters, so the data is encrypted at all times. When you want to erase the drive, you just change/erase the encryption key.

It sounds like a good idea, but can the encryption key be recovered. Is it really erased, or just shuffled to an alternative backup array encryption keys? Or does the manufacturer keep a list of serial numbers/original encryption keys just in case.

If not, how would data recovery service be able to recover the data off a disk drive in a clean-room environment without the dedicated firmware?

Trusted Computing Group reputation? (4, Interesting)

steve_bryan (2671) | more than 5 years ago | (#27124429)

I hope this proposal is considered with more than the usual amount of skeptical reserve. The name was changed more than once but I'm fairly certain that the "Trusted Computing" group was previously acting as a lackey of the entertainment cartel. They managed to introduce new points of possible breakage making computer based media more prone to failure (e.g. HDCP and the forced failure of expensive monitors purchased by early adopters).

If this is the same group then you can almost guarantee that they will include backdoors and other nastiness intended to inhibit unapproved behavior by the owner of the drive.

Re:Trusted Computing Group reputation? (3, Insightful)

afidel (530433) | more than 5 years ago | (#27125077)

No, the trusted computer group grew out of an effort at Microsoft to allow secure network booting of clients. Without hardware encryption and bidirectional authentication it was a feature that customers asked for but which they would never have been able to accomplish. There has been talk of using such technology to implement better DRM, but so far it has come to naught even with Vista/Win7. In fact the TPM keystore is available for anyone to use via a fully documented interface and I believe there is a Linux module that allows you to use it. The biggest problem I have is that many TPM 1.2 implementations allow the key out of the keystore along an unencrypted bus which means there is a non-trivial but attainable attack vector against them. Personally I wish Dell wasn't the only vendor supporting TPM in server class systems because I would love to use bitlocker for remote office servers but I can't stand Dell's equipment or support.

Speed (1)

qoncept (599709) | more than 5 years ago | (#27124441)

My work hard drive is encrypted with Safeboot and it's slow as hell. If hardware encryption can improve the performance it'd be worth it for me.

Power Outage Hickups (2, Interesting)

MBHkewl (807459) | more than 5 years ago | (#27124469)

So while the disk is self-encrypting itself, what if the power went out?

Complete data corruption/loss?

Or are you gonna mandate that everyone uses a UPS?

Re:Power Outage Hickups (1)

wastedlife (1319259) | more than 5 years ago | (#27125673)

I'm pretty sure the drive just encrypts and decrypts on the fly at the block level as it writes and reads the data. If the hardware is designed correctly, you would be at no more risk of data loss due to power loss than you are with a regular drive. Did you think it runs through and encrypts the whole drive at shutdown and runs a decrypt at startup?

Three problems (4, Insightful)

Todd Knarr (15451) | more than 5 years ago | (#27124483)

Three problems with the idea:

  1. Transferring media to new systems. I've already seen a case at work where an encrypted laptop drive was fully intact and working, but the laptop it was in was dead and had to be replaced. The drive was a complete loss, because it couldn't be used as the boot drive in the new laptop (different manufacturer) and there wasn't any software that could be used to supply the boot password to the drive when connected by any other method.
  2. Suspend/hibernate. We've found that a lot of the laptop models where I work don't correctly handle returning from a suspend and/or hibernate state. The most common case is that the laptop simply returns to normal operation from the suspend state without requiring re-entry of passwords. Most users simply put their laptop into suspend state rather than powering it down, which means anyone stealing the laptop can completely ignore the drive encryption. Standard Windows screen locking doesn't help much, once the laptop's unsuspended it's network interface is active and it can be remotely compromised and the screen lock disabled.
  3. Law enforcement. If the drive encryption is truely secure, LEOs will insist on having a back-door to let them decrypt a suspect's drive to search for evidence even if the suspect won't give them the passwords. If such a back-door exists, it'll quickly be broken and software produced to gain access to an encrypted drive through that channel rendering the encryption useless.

#2 can be dealt with going forward in the hardware and OS. #1 can be dealt with going forward with standardized encryption and hardware protocols. #3... is intractable.

Re:Three problems (3, Insightful)

Creepy Crawler (680178) | more than 5 years ago | (#27124753)

Then DM_CRYPT solves all three.

1. There's a /boot partition which provides basic bootup services, like entering pass phrases. Any machine that can read standard HD's can read the dm_crypt system.

2. Hibernate is inherently unsafe, unless the hibernation itself is encrypted. And once there, why not just fresh-boot? And about standby, require as a system policy to log out before standby. Then they must hack the standard system to get even a user account. Also, you did not specify memory holes like firewire. They're equally dangerous, if not moreso.

3. Linux is open source, so we would see any attempted exploits in dm_crypt. There might be, but we'll find it eventually.

Re:Three problems (1)

Aqualung812 (959532) | more than 5 years ago | (#27124767)

This standard they're working on would help with 1 and 2.

Going with OSS would fix #3.

Re:Three problems (1)

themacks (1197889) | more than 5 years ago | (#27124821)

For #1, wouldn't putting the drive in another of the same model laptop work?

#3 is not intractable (1)

davidwr (791652) | more than 5 years ago | (#27125081)

3. Law enforcement. If the drive encryption is truely secure, LEOs will insist on having a back-door to let them decrypt a suspect's drive to search for evidence even if the suspect won't give them the passwords. If such a back-door exists, it'll quickly be broken and software produced to gain access to an encrypted drive through that channel rendering the encryption useless.

#3... is intractable.

The solution is to create a society where LEOs do not insist on having a back-door.

Re:Three problems (1)

blueg3 (192743) | more than 5 years ago | (#27125349)

#3 is pure paranoia. There are plenty of commercial and open-source encryption products out there, including full-disk hardware and software encryption. They don't have law enforcement backdoors.

Sometimes hardware encryption implementations are absurdly broken (e.g., encrypting using single-key XOR), but if this is an intentional law enforcement backdoor, LE agencies are being awfully inefficient by reverse-engineering the devices to find ways to bypass the encryption (or paying commercial researchers to).

Hardware encryption... (2, Informative)

fractalrock (662410) | more than 5 years ago | (#27124541)

...is worthless. Proprietary, chip-based solutions are the opposite direction we should be going. An open source solution...and there are several great ones already available...is what I use and recommend/setup for all my clients.
Any and all of today's processors can handle the exertion necessary for on-the-fly encryption; most users (including, generally, myself) don't notice the difference.
As per usual, I question SM's logic.

Re:Hardware encryption... (2, Interesting)

afidel (530433) | more than 5 years ago | (#27125117)

How do you deal with the key in memory problem? That's right you can't without a hardware keystore, hardware is the only way to get true unbreakable encryption.

Bill of Rights (3, Interesting)

OldFish (1229566) | more than 5 years ago | (#27124567)

Just as important as the technology will be the legal framework that applies. Myself, I like the Bill of Rights and I want to see data storage be treated as an extension of my memory with all rights that apply to my testimony extended to the digital media that is protected by a key that is in my memory. I know, naive idealism is dumb.

Prove it's encrypted? (3, Interesting)

noidentity (188756) | more than 5 years ago | (#27124727)

How can a security-conscious end-user verify that my data is encrypted on one of these drives, as opposed to simply being stored in the clear and the drive just refusing to read it? Sure seems it'd be cheaper if they just left out the crypto and had the drive lie, taking only a few hundred bytes of extra firmware and no extra processing power to implement the new "encryption" command set. Who's going to know?

Re:Prove it's encrypted? (2, Informative)

Skapare (16644) | more than 5 years ago | (#27125579)

How can a security-conscious end-user verify that my data is encrypted on one of these drives, as opposed to simply being stored in the clear and the drive just refusing to read it? Sure seems it'd be cheaper if they just left out the crypto and had the drive lie, taking only a few hundred bytes of extra firmware and no extra processing power to implement the new "encryption" command set. Who's going to know?

This can be done by making the actual encryption completely open, with open source reference implementations in software. The disk drive would have two operating modes. Without a set key, it would write and read the data bits in the raw. With the key set (and stored in the drive controller only in SRAM that's designed to instantly lose the key upon power loss), the drive encrypts writes and decrypts reads. The verification is to set the drive key, write some data, then erase the key, read it back, and decrypt it with the reference software. The reverse verification is to encrypt some data with the reference software, write it when the drive has no key, set the key, read it back, and see if the data is the same as the original.

What cannot be verified is if the drive actually saved the key somewhere in some inaccessible spot on the platter, encrypted by a public key hard coded in the controller ROM, which can be decrypted by whoever has the private half of that PKC pair. THIS is the big risk of using these devices. It is a risk present in any sealed encryption hardware device, even if just a separate encryption core in a CPU or GPU. Government agencies with no names wouldn't care about that, as it would be their key.

Trusted Computing Group (0)

Anonymous Coward | more than 5 years ago | (#27124731)

Nothing like a generic, corporate, marketing-driven name to inspire my utter distrust.

if open firmware and algorithm modules (1)

electrogeist (1345919) | more than 5 years ago | (#27124789)

Self-encrypting hard drives would be a great thing IF they have a flexible and open firmware, with interchangable open source modules for algorithms. After a simple command to pass the key its accessed as a regular drive with no additional overhead for the computer.

With a closed proprietary approach those who need it will be too skeptical to use it, and it may just cause more trouble than it is worth.

My experience with encrypted media (3, Informative)

argent (18001) | more than 5 years ago | (#27124903)

My experience with hardware encrypted media makes me doubt anything good will come of this technology.

We had a large number of encrypted thumb drives, at one point, and all of them died and needed to be reformatted in short order... they were simply more vulnerable to data loss when (for example) you pulled them "too soon". One vendor wouldn't even allow us to reformat them without sending them a signed letter from the CEO (on corporate letterhead) asking for the formatting utility, and then when we provided it we got no further response from them.

We turfed all the "secure" thumb drives no matter what manufacturer and went back to application layer encryption.

Re:My experience with encrypted media (1)

Creepy Crawler (680178) | more than 5 years ago | (#27125057)

Who's "them"? I want to know who to avoid.

Re:My experience with encrypted media (1)

argent (18001) | more than 5 years ago | (#27125201)

I can't tell you who "them" is, this was back before I left $VBC, three jobs ago. But even the "best" (least worst?) hardware encryption was terribly fragile.

Flaws? So what. (4, Interesting)

manif3st (699952) | more than 5 years ago | (#27124999)

Personally, I can't wait for these to become commonplace. I use whole disk encryption not because I don't want my partner/friends accessing my data (my computer's on all the time anyway in an unencrypted state any business documents and porn are tucked away using TrueCrypt), not because I'm scared of LEOs or G-men (they're welcome to my files), but because I don't want some prick burgling my house, plugging in my hard drive to their computer, and posting my photographs and poking around looking for passwords to sell. So bring on the back doors, I can remember my passwords, and anyone with the knowledge to hack the hard drive to get at the data is doing it for more than my photos and old university papers. I can change my passwords faster than they can sell them.

the unmentioned scary TPM? (1, Troll)

frontloader (96227) | more than 5 years ago | (#27125065)

surely the worst part of any of this is the prospect of only 'certified' software applications able to do I/O on one of these hardware based encryption discs - think region encoded DVDs. i bet RIAA and the rest of the IP hounds cant wait for this one to go mainstream.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?