Self-Encrypting Hard Drives and the New Security

In a recent blog post, CNet's Jon Oitsik has called for a policy shift with respect to data encryption. A new standard by the Trusted Computing Group promises the availability of self-encrypting hard drives soon, leading some to call for immediate adoption. Will this create even more security problems due to lazy custodians, or should someone responsible for keeping your information safe be required to move to the new hardware? Hopefully the new hardware comes with a warning to continue to use other data protection measures as well.

Multiple security layers

[leromarinvit]

An additional layer of encryption can't be bad. If it's a good implementation with no critical bugs and backdoors, great, you've just made it harder for someone to get your data. If it isn't, it's still no worse than storing plain text.

Just don't rely on this as your only security measure.

Re:64-bit key?

[Aphoxema]

I use Quadruple-rot-13, far more effective IMHO.

Hardware encryption...

[fractalrock]

...is worthless. Proprietary, chip-based solutions are the opposite direction we should be going. An open source solution...and there are several great ones already available...is what I use and recommend/setup for all my clients.
Any and all of today's processors can handle the exertion necessary for on-the-fly encryption; most users (including, generally, myself) don't notice the difference.
As per usual, I question SM's logic.

Re:Propriety Encryption

[hweimer]

Actually, this is about a new specification created by the Trusted Computing Group, so it's fairly open stuff. However, I fail to see how this actually solves any of the problems related to recent data breaches. If you lose your notebook with all your data the attacker also gets access to the Trusted Platform Module and can decrypt the disk. If you want to securely transport your data, this is horribly inconvenient as the whole point is to be able to access the data on different machines (which this tries to prevent).

My experience with encrypted media

[argent]

My experience with hardware encrypted media makes me doubt anything good will come of this technology.

We had a large number of encrypted thumb drives, at one point, and all of them died and needed to be reformatted in short order... they were simply more vulnerable to data loss when (for example) you pulled them "too soon". One vendor wouldn't even allow us to reformat them without sending them a signed letter from the CEO (on corporate letterhead) asking for the formatting utility, and then when we provided it we got no further response from them.

We turfed all the "secure" thumb drives no matter what manufacturer and went back to application layer encryption.

Re:Propriety Encryption

[Lumpy]

Some people say no but I have seen this in action.

We had secure laptops here with encryption and smartcard security. Bought all Dell 620's with built in smartcard slot.. all was peachy.

We tested our security. 9 out of 10 laptops had the smartcard in them in the bag. AND their pin access number was on the laptop somewhere. os the encryption and any login security was overridden by user failure.

Re:I want one with a removable key

[afidel]

Biometrics are actually pretty bad from a security perspective, they are a fact which means once exposed they cannot be changed to avoid further compromise. If a biometric system were perfectly implemented this wouldn't matter, but none of them are so it's best to just use a smartcard for the something you have portion.

Re:self encrypting, probably self-defeating too

[Snowblindeye]

And the very first thing the users will do is write down the encryption key, so they don't forget it.

Well, Bruce Schneier recommends writing down your passwords. [schneier.com]

Quote:

. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.

Kiddie porn? Think cell phones.

[davidwr]

I wouldn't worry too much about children shooting porn and storing it on their laptops. Everyone knows they prefer to use cell phones [floridatoday.com].

Re:Prove it's encrypted?

[Skapare]

How can a security-conscious end-user verify that my data is encrypted on one of these drives, as opposed to simply being stored in the clear and the drive just refusing to read it? Sure seems it'd be cheaper if they just left out the crypto and had the drive lie, taking only a few hundred bytes of extra firmware and no extra processing power to implement the new "encryption" command set. Who's going to know?

This can be done by making the actual encryption completely open, with open source reference implementations in software. The disk drive would have two operating modes. Without a set key, it would write and read the data bits in the raw. With the key set (and stored in the drive controller only in SRAM that's designed to instantly lose the key upon power loss), the drive encrypts writes and decrypts reads. The verification is to set the drive key, write some data, then erase the key, read it back, and decrypt it with the reference software. The reverse verification is to encrypt some data with the reference software, write it when the drive has no key, set the key, read it back, and see if the data is the same as the original.

What cannot be verified is if the drive actually saved the key somewhere in some inaccessible spot on the platter, encrypted by a public key hard coded in the controller ROM, which can be decrypted by whoever has the private half of that PKC pair. THIS is the big risk of using these devices. It is a risk present in any sealed encryption hardware device, even if just a separate encryption core in a CPU or GPU. Government agencies with no names wouldn't care about that, as it would be their key.