Attacking FDE hardware solutions: Difference between revisions
Jump to navigation
Jump to search
(added citations from seagate web page and hgst whitepaper, and links to hitachi entries in nist aes validation list) |
|||
Line 21: | Line 21: | ||
* IEEE | * IEEE | ||
** http://en.wikipedia.org/wiki/IEEE_P1619 | ** http://en.wikipedia.org/wiki/IEEE_P1619 | ||
** [http://grouper.ieee.org/groups/1619/email/msg01842.html Letter of Assurance from IBM re P1619.1/D17] | |||
* Seagate | * Seagate |
Revision as of 21:36, 18 January 2009
Many companies tout hard drives with built in encryption as the solution to the Cold Boot Attack. Additionally, these drives are sold as a major step forward in overall data security. In theory, this sounds like a good idea; in practice this could go horribly wrong.
This project is currently in a research state to find different drives that claim to offer specific security properties. It is expected that many products will fail even the most cursory look.
Please add links to products, vendors, standards, prices and places to purchase hardware. At some point, we'll start acquiring hardware to do specific implementation analysis.
Drive manufacturers and specific drive models
- Seagate
- Cheetah® 15K.6 and Cheetah FDE Hard Drives
"The Cheetah 15K.6 FDE drive is available only to major OEM suppliers."
- Cheetah® 15K.6 and Cheetah FDE Hard Drives
- Hitachi
"Hitachi offers the BDE option on all new 2.5-inch SATA hard disk drive products beginning with those launched in 2007, including both the 7200 RPM and 5400 RPM product lines. Hitachi also offers the BDE option on Deskstar products introduced in 2008 and beyond."
Previously published research
- Heise successfully attacked the Easy Nova Data Box PRO-25UE RFID
Standards and Whitepapers relating to FDE at the hardware level
- Seagate
- http://www.seagate.com/staticfiles/SeagateCryptofaceoff.pdf
- http://www.seagate.com/staticfiles/docs/pdf/whitepaper/tp596_128-bit_versus_256_bit.pdf
- http://www.seagate.com/staticfiles/docs/pdf/security/Tech_Paper_Enables_Robust_Security.pdf
- http://www.seagate.com/docs/pdf/whitepaper/HDpasswrd_TP580-1-0710US.pdf
- http://www.seagate.com/docs/pdf/whitepaper/Seagate-crypto-bakeoff.pdf
- http://www.seagate.com/docs/pdf/whitepaper/tp596_128-bit_versus_256_bit.pdf
- http://www.seagate.com/docs/pdf/whitepaper/Server&Drive%20Security%20Threats%20rev%204%203.pdf
- http://www.seagate.com/docs/pdf/whitepaper/DataCtrSec_TP583-1-0711USr4.pdf
- Hitachi
- http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
The above whitepaper refers to FIPS 197 certification and the NIST AES Validation List, which informs us that Hitachi uses AES 128 or 256 in ECB mode: Part # 1 entry, 128-bit Part # 4 entry, either 128-bit or 256-bit (NB: large slow HTML table) - Bulk Data Encryption FAQ
- http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
List of FDE (SW & HW) providers
Terminology
- FDE - Full Disk Encryption
- BDE - Bulk Data Encryption
- OTFE - On-the-fly encryption