Schneier on Security
A blog covering security and security technology.
« Worldwide Browser Patch Rates |
| Another Interview with Me »
February 13, 2009
The Doghouse: Raidon's Staray-S Encrypted Hard Drives
Turns out the algorithm is linear.
When you're buying security products, you have to trust the vendor. That's why I don't buy any of these hardware-encrypted drives. I don't trust the vendors.
Posted on February 13, 2009 at 11:35 AM
• 13 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Crappy hardware encryption is almost a non-story these days.
I wonder, are the hard drive manufacturers publishing the method used for the new encryption-enabled hard drives? If not, that's useless too.
I think the only reason so many hardware encryption devices are sold is that people don't know about Truecrypt and its ilk.
Most of the major vendors will use AES, although not necessarily in a complex cipher mode (such as AES-XTS) because of cost concerns. Margins are pretty narrow, so extra logic is too expensive. For most applications this should be fine - the types of attacks on the simpler modes are matters of privacy and integrity, which is _not_ what these drives are meant to solve.
What's hardest is to prove that they in fact do encrypt, and do so well enough. Supposedly one cannot directly access the encrypted data stream (basically as a physical security feature that would require platter removal for access), although I've heard some rumors about alternate access possibilities.
I would say, though, that for most business purposes (read: PCI compliance and other PII issues) these drives do the trick just fine.
Margins are not a problem if users encrypt using their own software. Most popular current OSs are well capable of encrypting your data without getting into the hardware level.
Perhaps each level should concentrate on what it does best?
They may not allow access to the unencoded data stream (in fact, they probably don't just by default since most drives only have one big honkin' chip on them these days). However, it should be trivial to access the output of the head pre-amps, and data encoding on the platters isn't any big secret, it's just one of the standard modulations. Even if they put the encryption chip as part of the pre-amps, inside the drive, it's not that hard to get in there and intercept the analog signal from the heads.
If you grab the output or input of the pre-amps, it's probably not a big leap to decoding the modulation yourself and therefore getting to the unencrypted stream.
"Perhaps each level should concentrate on what it does best?"
But that would break the entire software industry!
Glad to see more reporting on this issue of HDE, thanks.
Bad crypto makes a prohibition market for lawsuits and destructive forces.
Current defacto 'rules' about ITAR and hardware crypto might be very problematic in a post 9/11 world.
Why not a simple control mechanism to test drive, with test vectors?
Sure would be great to have more open source hardware and hacking going on, with explicit protection for the release and construction of ALL items. GRR, and world peace is coming soon.
Rr: ".. attacks on the simpler modes are matters of privacy and integrity, which is _not_ what these drives are meant to solve."
Out of curiosity, if you're not encrypting to protect privacy or integrity, what *are* you trying to protect with encryption?
Alan (2): "Most popular current OSs are well capable of encrypting your data without getting into the hardware level."
But if you've got the skills to set up an encrypted filesystem at the OS level, then you probably aren't the target market for these drives.
There is a difference between business users and consumers. The assurance that a user cannot (easily) turn off encryption when using self-encrypting hardware can be very beneficial to businesses.
Also, the lines between, and functionality of, so-called layers has been blurring for a while now. On top of which, hardware is where you can provide higher assurance of things like tamper-resistance (and resistance against things like cold-boot attacks.) So "what it does best" is a matter of perspective and need (as with most things in security.)
The hardware versus software trade-off isn't a simple matter of trust for any but the most paranoid.
The privacy attacks I'm referring to are things like watermarking (i.e. proving the existence of something without being able to decrypt)
Granted, confidentiality and privacy mean different things to different people, so I should probably have elaborated in the original post :)
No matter how bad the encryption on these kind of products - if a government agency (I'm looking at the uk government here) lost data on one of these disks they could claim it is protected and that there is little risk.
Job done for the product and the vendor. As has been noted many times in these pages - the appearance of security is often of more interest than actual security for a lot of people.
(mind you the government agencies aren't even clever enough to use weak encryption)
As has been pointed out in previous blog page,
"What is the threat model"
That the encryption is ment to mitigate.
If as has been sugested it's for PR to stop "egg on face" or reduce legal liability etc then, the HD manufacture might as well EXOR with the HD serial number or some such because it enables the purchaser to "Claim encryption" because the drives where purchased as "Being encrypting"...
The real problem with encrypting drives is that it does not solve the two real data loss threat models associated with laptops,
1, OS in hiebernation
2, Hot Snatch.
In either case the decryption key is available in the laptop memory so the security is by passed at that point. And it's going to be the people most likley to have working access to confidential data that are going to fall prey to these (ie executives).
The use of encryption software however alows you to decied when and which encrypted volumes you open or make visable so volumes can be "unmounted" etc by heibernation script or screen saver or other timeout script thus either removing or vastly reducing the threat window of oportunity.
Me I would use the drives simply because the price difference on the drives will quickly become marginal and will stop ordinary "theft" potential. BUT I will assume that they offer NO security as I cannot reasonably check each and every drive I purchase...
More features/complexity can betray you.
Encryption can be a weapon, a negotiation tool, especially when in hardware.
I do not trust the vendors as well. Less is more.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.