Self-Encrypting Hard Drives and the New Security 205
In a recent blog post, CNet's Jon Oitsik has called for a policy shift with respect to data encryption. A new standard by the Trusted Computing Group promises the availability of self-encrypting hard drives soon, leading some to call for immediate adoption. Will this create even more security problems due to lazy custodians, or should someone responsible for keeping your information safe be required to move to the new hardware? Hopefully the new hardware comes with a warning to continue to use other data protection measures as well.
hmm (Score:5, Interesting)
Hardware crypto leads to better security? BULL! (Score:4, Interesting)
Spoken (or typed in this case) like someone who's completely misunderstood the security process and thinks that [Insert Buzzword] = Security
Lock out vs lose data (Score:5, Interesting)
Trusted Computing Group reputation? (Score:5, Interesting)
I hope this proposal is considered with more than the usual amount of skeptical reserve. The name was changed more than once but I'm fairly certain that the "Trusted Computing" group was previously acting as a lackey of the entertainment cartel. They managed to introduce new points of possible breakage making computer based media more prone to failure (e.g. HDCP and the forced failure of expensive monitors purchased by early adopters).
If this is the same group then you can almost guarantee that they will include backdoors and other nastiness intended to inhibit unapproved behavior by the owner of the drive.
Power Outage Hickups (Score:2, Interesting)
So while the disk is self-encrypting itself, what if the power went out?
Complete data corruption/loss?
Or are you gonna mandate that everyone uses a UPS?
Bill of Rights (Score:3, Interesting)
Prove it's encrypted? (Score:4, Interesting)
Flaws? So what. (Score:4, Interesting)
Key escrow (Score:3, Interesting)
If there were multiple keys, each one of which could unlock the drive this would be fine. The owner, i.e. the IT dept., gets the main key and the user and others get backup keys.
One way to implement it:
The drive will accept either its on-board key or a key from a dongle. The on-board key of course will be encrypted with a passphrase that can be changed without changing the underlying key. If EITHER the passphrase is entered OR another copy of the key with ITS passphrase is present, the drive is unlocked.
Paranoid users could invalidate the on-board key, requiring the use of a dongle to unlock the drive.
Another option:
A 3-layer version, where a heavily-encrypted "super key" is on the drive, with multiple "supplemental keys" which may or may not be on the drive which decrypt the super key AND which define access, e.g. a "read only" key, a "read/write key," and an "administration key." Zero or more of these could be stored on the drive, encrypted with passphrases. Others could be stored on dongles, again, encrypted with passphrases. In this scenario, IT would control the administrator key and the person in possession of the laptop would control the read-write key and the read-only key. The read-only key would be turned over in response to subpoenas or customs officials where required by law. In draconian societies like America^H^H^H^H^H^H^H China, an additional, non-removable backdoor key would probably be held by the government.
Re:Hardware encryption... (Score:3, Interesting)
FIPS 140-2 (Score:3, Interesting)
In theory, if these drives are being used by a US government agency for encryption, then the drives need to be FIPS 140-2 [nist.gov] certified.
In order be certified, there is a stringent list of algorithms that may be used, for both encryption and random number generation, and these algorithms need to be tested and certified themselves.
We'll have to see if the hard drive companies want to go through the headaches involved to get FIPS certification, or whether this is meant as a gimmick for consumers.
Re:Propriety Encryption (Score:3, Interesting)
Re:self encrypting, probably self-defeating too (Score:2, Interesting)
I would agree with that, I was just commenting on the wallet as the best place to keep things.
I had a problem losing my wallet when I was about 14. This had two results. One, I became rather good at finding lost things. Two, I'm obsessive about knowing the location of certain things (wallet, cell phone, and keys mostly). Drives my wife nuts sometimes since she losing things all the time (actually, she's gotten much better in the last year or two) but I rarely have trouble finding anything.
Re:Propriety Encryption (Score:3, Interesting)
Even though the TPM is specced to not be armored against attack, it would take someone with access to a chip fab to try to get the key off the silicon itself.
With a TPM and a hard disk that can use this the way BitLocker does (where it boots to the OS without needing any passwords, but attempts to boot to other media to access the drive require access to the volume's recovery key), this is good protection for a laptop, making the main attack front the username/password of users or administrators. One can also have the TPM require a PIN and enough wrong guesses the TPM either locks access or adds substantial increasing delays between password attempts.
One note here:
This functionality is more aimed at the enterprise than individual users. The enterprise needs to be able to have some way of regaining access to a laptop of an employee should they forget their password or leave the company. They also require access due to data retention laws.
I'm almost certain that the drives will end up tested for FIPS compliance. If not, then they won't pass a lot of DAR (data at rest) encryption specs that the US government has put in place.
As for comparing this with TrueCrypt, this and TC are apples and oranges, or more like a ball peen hammer versus a claw hammer. Both hammer nails, but one is suited to one type of job versus another. For home machines where there is only one person using them, I'd go with TrueCrypt (because TC doesn't require hardware support to provide top notch protection). For machines that have more than one user, or require access by another party due to various regulations, I'd go with TPM based functionality. Or do like I do and use both. BitLocker functionality for the boot volume, and TrueCrypt to automount external drives using a keyfile. This way, if I need to use the volumes on a machine that doesn't support BitLocker, I can just plug them in, read the keyfile off a smart card, and mount it without needing Windows Server 2008 or Vista Enterprise/Ultimate [1].
[1] I really wish Microsoft would put BitLocker in Windows 7 Professional. It is hard to beat for "install and forget" protection of data.