09/21/2011 Trusted Computing Basics: Self-Encrypting Drives Ryan C. Getek, Ph.D. CISSP-ISSEP Secure Storage Lead, Trusted Computing Division, NCSC Jason Cox Client Security Products Lead, Seagate Technology
Agenda Background TCG Storage Specifications/Docs Features and Architecture Quick Software-Based FDE Review Opal Device Layout Overview Use Cases and Why to Choose an Opal SED Availability and Cost Storage Market Summary 2
Background: Goals Always on encryption Dedicated encryption hardware Typically at or near line speed AES 128 or 256 bit encryption Mode discoverable, commonly CBC, XTS 32 byte authentication factors supported Multiple independent encryption ranges Strong access control Locking 3
Background: Technical Foundations ATA and SCSI command sets added commands to support security payloads Sometimes called container commands Used by both TCG and IEEE 1667 4
TCG Storage Specifications/Docs Core Specification (v1 2007, v2 2009) Security Subsystem Classes (SSCs) Define subsets of core features Enterprise SSC (2007) Opal SSC (2009) Storage Interface Interactions Specification Opal and Enterprise Application Notes TCG, Storage Developers. http://www.trustedcomputinggroup.org/developers/storage 5
Features and Architecture Not required, just common 6
Opal SSC Features and Architecture Users Opal v1: 1 admin, 4 users (minimum) Tables with methods Get, Set, Authenticate Also configuration and cryptographic methods LBA Ranges 1 Global, 4 configurable (minimum) Users have permissions in tables that control access to data in LBA Ranges and features 7
Features and Architecture Security Providers (SPs) Admin: For enabling and disabling Locking SP Locking: For actions such as taking ownership (wrapping MEK with user credentials), managing LBA ranges, and turning on/of MBR Shadowing Sample pseudo-commands Request: Get (tell) me the AES 256 mode! Response: CBC mode Request: Set MBR Shadowing to done! Response: Success 8
Quick SW-Based FDE Review User (LBA 0 to LBA [Max]) Device System Area Typically unencrypted A Single Partition 1. User/OEM installs OS 2. User/OEM installs FDE application 3. To support pre-boot authentication, an unencrypted area is needed for the associated application 9
Quick SW-Based FDE Review User (LBA 0 to LBA [Max]) Device System Area Typically unencrypted Partition 1 Partition 2 1. Start FDE initialization 2. Create a preboot partition 3. Install preboot code in partition 1 4. Encrypt-in-place user data in partition 2 Takes about 1 min per GB Plaintext may remain, depending on media type and characteristics 5. End of life 10
Opal Device Layout Overview User (LBA 0 to LBA [Max]) Device System Area Typically unencrypted User Data Area ALWAYS encrypted Ships from factory with media encryption key in the clear Works just like a nonencrypting drive until ownership is taken Unless you intentionally purchased an SED or perform discovery, you likely won t even know 11
Opal Device Layout Overview User (LBA 0 to LBA [Max]) Device Access with IF-SEND and IF-RECEIVE Typically contains pre-boot authentication app Typically contains pre-boot variables Default range, contains user data Admin-configured range, contains user data Admin-configured range, contains user data (rest of the default range that is not used by any admin-configured LBA ranges) 12
Opal Device Layout Overview User (LBA 0 to LBA [Max]) Device 1. User/OEM installs OS 2. User/OEM installs Opal software application 3. Take ownership 1. Device wraps MEK, access tables configured, set to lock on reset 2. Populate Shadow MBR with pre-boot code 3. If desired, place variables in DataStore area 4. Establishes LBA Ranges, if desired 5. Takes moments 13
Opal Device Layout Overview Ranges and associated configurations 14
Use Cases and Why to Choose Opal Data-At-Rest (DAR) on Lost or stolen laptop/pc Plus remote sanitization Strong encryption, strong authentication Discoverability Identity, capabilities, and state Performance Fast initialization Latency and throughput Simplicity No need to create pre-boot partition No need for encrypting OS filter driver 15
Use Cases and Why to Choose Opal Resistance to multi-visit attacks Read-only Shadow MBR Region But, primary use case is DAR Multi-boot different partitions Read only partition(s) Golden OS Secure Recovery of System Files OEM OS/App Recovery Partition Repurposing Internal or external 16
Use Cases and Why to Choose Opal All data always encrypted Problem with installing sw-based encryption on SSDs End of life sanitization of keys has related problem Performance BitLocker (software only) ~29.7% overhead 1 AES-NI assisted BitLocker ~17.5% overhead 1 Opal disk encryption ~0% overhead Note that overhead varies with file size, quantity, and transfer type Shimpi, Anand Lal. The Clarkdale Review: Intel's Core i5 661, i3 540 & i3 530. http://www.anandtech.com/show/2901/5 01/04/10. Retrieved 08/03/11. 17
Use Cases and Why to Choose Opal Explosion of unsecured devices A storage device without encryption, even if later encrypted, could retain sensitive data Tight coupling between storage device, encryption, and controller adds value Logical approach to Data-At-Rest protection Advanced applications (such as in use cases) End of life sanitization 18
Availability and Cost OEMs Dell HP Lenovo TCG Opal Drive Manufacturers Hitachi: platter-based Micron: solid state Samsung: solid state, FIPS 140 pending Seagate: platter-based, FIPS 140 Toshiba (and former Fujitsu): platter-based 19
Availability and Cost TCG Opal Software Vendors Absolute Software CryptoMill McAfee/Safeboot Secude Softex Sophos Symantec/GuardianEdge Wave Systems WinMagic 20
Availability and Cost TCG Enterprise Drive Manufacturers Hitachi: platter-based, solid state Seagate: platter-based, FIPS 140; solid state, FIPS pending Toshiba: platter-based TCG Enterprise Storage Controller Manufacturers LSI TCG Storage Device Controller vendors Marvell SandForce Device Qualification Test Suite ULINK 21
Availability and Cost Cost Examples Dell Optiplex HP 990 desktop 1 : 250GB (non-encr.) to 320GB FIPS 140 Opal: $18.84* E6420 laptop 1 : 320GB (non-encr.) to 320GB FIPS 140 Opal: $34.26* 8200 desktop 2 : 320GB (non-encr.) to 320GB SED: $18.00 Elitebook 8440w 2 : 320GB (non-encr.) to 320GB SED: $0.00 Froogle Seagate 2.5 (thin) 320Gb non-encr. vs. same drive as SED with FIPS 140 Non-encrypting 3 : $80.48, FIPS 140 SED 3 : $71.35 The SED is $9.13 cheaper 1 Dell Federal Online Store, USFF Optiplex 990, retrieved August 2, 2011 2 HP Enterprise Online Store, 8440w laptop, retrieved August 2, 2011 3 Froogle.com search for ST320LT007 and ST320LT009, retrieved August 2, 2011 *Dell Opal models also include additional features such as 512e/4K sectors 22
Secure Storage Market Summary Why isn t everyone using an SED 1? Poor timing Software filling the gap (industry now moving towards DLP) Lack of compelling functionality Faster and more secure, but users apathetic No market push OEMs not pushing SEDs Higher (perceived) cost 10% premium for PC with SED, plus purchase software (as per previous slide, this isn t true) 1 Oltsik, Jon. I Was Wrong About Self-Encrypting Hard Drives. http://m.networkworld.com/community/node/76934 NetworkWorld 07/27/11. Retrieved 08/03/11. 23
Conclusion SEDs offer substantial performance benefits SEDs offer strong data-at-rest protection SEDs are available today Range of software options for management Security ATA mode is another option SEDs serve many use cases Doing DAR well is just one of them Ask for Opal SEDs when purchasing PCs/laptops 24