Trusted Computing Basics: Self-Encrypting Drives

Trusted Computing Basics:

Self-Encrypting Drives

Ryan C. Getek, Ph.D. CISSP-ISSEP

Secure Storage Lead, Trusted Computing Division, NCSC Jason Cox

Agenda

• Background

• TCG Storage Specifications/Docs

• Features and Architecture

• Quick Software-Based FDE Review

• Opal Device Layout Overview

• Use Cases and Why to Choose an Opal SED

• Availability and Cost

Background: Goals

• Always on encryption

• Dedicated encryption hardware

– Typically at or near line speed

• AES 128 or 256 bit encryption

– Mode discoverable, commonly CBC, XTS

• 32 byte authentication factors supported

• Multiple independent encryption ranges

• Strong access control

Background: Technical Foundations

• ATA and SCSI command sets added commands

to support security payloads

– Sometimes called ‘container commands’ – Used by both TCG and IEEE 1667

TCG Storage Specifications/Docs

• Core Specification (v1 2007, v2 2009)

• Security Subsystem Classes (SSCs)

– Define subsets of core features – Enterprise SSC (2007)

– Opal SSC (2009)

• Storage Interface Interactions Specification

• Opal and Enterprise Application Notes

Features and Architecture

Opal SSC Features and Architecture

• Users

– Opal v1: 1 admin, 4 users (minimum)

• Tables with methods

– Get, Set, Authenticate

– Also configuration and cryptographic methods

• LBA Ranges

– 1 Global, 4 configurable (minimum)

• Users have permissions in tables that control

access to data in LBA Ranges and features

Features and Architecture

• Security Providers (SPs)

– Admin: For enabling and disabling Locking SP – Locking: For actions such as taking ownership

(wrapping MEK with user credentials), managing LBA ranges, and turning on/of MBR Shadowing

• Sample pseudo-commands

– Request: “Get (tell) me the AES 256 mode!” – Response: “CBC mode”

– Request: “Set MBR Shadowing to ‘done’!” – Response: “Success”

Quick SW-Based FDE Review

A Single Partition System Area

Typically unencrypted

1. User/OEM installs OS 2. User/OEM installs FDE

application

3. To support pre-boot authentication, an unencrypted area is needed for the

associated application… se r (L BA 0 to L BA [ M ax] ) Dev ic e

Quick SW-Based FDE Review

1. Start FDE initialization

2. Create a preboot partition 3. Install preboot code in

partition 1

4. Encrypt-in-place user data in partition 2

– Takes about 1 min per GB – Plaintext may remain,

depending on media type and characteristics

Opal Device Layout Overview

System Area

Typically unencrypted

User Data Area

ALWAYS encrypted

• Ships from factory with media encryption key in the clear

• Works just like a non-encrypting drive until ownership is taken

– Unless you intentionally purchased an SED or perform ‘discovery’, you likely won’t even know

se r (L BA 0 to L BA [ M ax] ) Dev ic e

U se r (L BA 0 to L BA [ M ax] ) Dev ic e

Opal Device Layout Overview

Access with IF-SEND and IF-RECEIVE

Typically contains pre-boot authentication app Typically contains pre-boot variables

Default range, contains user data

Admin-configured range, contains user data Admin-configured range, contains user data (rest of the default range that is not used by any admin-configured LBA ranges)

Opal Device Layout Overview

2. User/OEM installs Opal software application

3. Take ownership

1. Device wraps MEK,

access tables configured, set to lock on reset

2. Populate Shadow MBR with pre-boot code

3. If desired, place variables in DataStore area

4. Establishes LBA Ranges, if desired

Opal Device Layout Overview

Use Cases and Why to Choose Opal

• Data-At-Rest (DAR) on Lost or stolen laptop/PC

– Plus remote sanitization

– Strong encryption, strong authentication

• Discoverability

– Identity, capabilities, and state

• Performance

– Fast initialization

– Latency and throughput

• Simplicity

Use Cases and Why to Choose Opal

• Resistance to multi-visit attacks

– Read-only Shadow MBR Region – But, primary use case is DAR

• Multi-boot different partitions

• Read only partition(s)

– Golden OS

– Secure Recovery of System Files – OEM OS/App Recovery Partition

• Repurposing

Use Cases and Why to Choose Opal

• All data always encrypted

– Problem with installing sw-based encryption on SSDs – End of life sanitization of keys has related problem

• Performance

– BitLocker (software only) ~29.7% overhead1

– AES-NI assisted BitLocker ~17.5% overhead1

– Opal disk encryption ~0% overhead – Note that overhead varies with

Use Cases and Why to Choose Opal

• Explosion of unsecured devices

– A storage device without encryption, even if later encrypted, could retain sensitive data

• Tight coupling between storage device,

encryption, and controller adds value

• Logical approach to

– Data-At-Rest protection

– Advanced applications (such as in use cases) – End of life sanitization

Availability and Cost

• OEMs

– Dell – HP

– Lenovo

• TCG Opal Drive Manufacturers

– Hitachi: platter-based – Micron: solid state

– Samsung: solid state, FIPS 140 pending – Seagate: platter-based, FIPS 140

Availability and Cost

• TCG Opal Software Vendors

– Absolute Software – CryptoMill – McAfee/Safeboot – Secude – Softex – Sophos – Symantec/GuardianEdge – Wave Systems – WinMagic

Availability and Cost

• TCG Enterprise Drive Manufacturers

– Hitachi: platter-based, solid state

– Seagate: platter-based, FIPS 140; solid state, FIPS pending – Toshiba: platter-based

• TCG Enterprise Storage Controller Manufacturers

– LSI

• TCG Storage Device Controller vendors

– Marvell

– SandForce

Availability and Cost

• Cost Examples

– Dell Optiplex

• 990 desktop1_{:250GB (non-encr.) to 320GB FIPS 140 Opal: $18.84*}

• E6420 laptop1_{: 320GB (non-encr.) to 320GB FIPS 140 Opal: $34.26*}

– HP

• 8200 desktop2_{: 320GB (non-encr.) to 320GB SED: $18.00}

• Elitebook 8440w2_{: 320GB (non-encr.) to 320GB SED: $0.00}

– Froogle Seagate 2.5” (thin) 320Gb non-encr. vs. same drive as SED with FIPS 140

• Non-encrypting3_{: $80.48, FIPS 140 SED}3_{: $71.35}

• The SED is $9.13 cheaper

1_{Dell Federal Online Store, USFF Optiplex 990, retrieved August 2, 2011} 2_{HP Enterprise Online Store, 8440w laptop, retrieved August 2, 2011}

Secure Storage Market Summary

• Why isn’t everyone using an SED

?

– Poor timing

• Software filling the gap

• (industry now moving towards DLP)

– Lack of compelling functionality

• Faster and more secure, but users apathetic

– No market push

• OEMs not pushing SEDs

– Higher (perceived) cost

Conclusion

• SEDs offer substantial performance benefits

• SEDs offer strong data-at-rest protection

• SEDs are available today

– Range of software options for management – Security ATA mode is another option

• SEDs serve many use cases

– Doing DAR well is just one of them

• Ask for Opal SEDs when purchasing

PCs/laptops