Seagate 10K.3 Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 12

Self-Encrypting Drives for Servers, NAS and SAN Arrays change and newer encryption technologies are incorporated into hard drives, they can be intermixed with older drives in storage systems that support encryption without making any changes specific to the new drives' higher level of protection. Key management is also becoming interoperable. IBM, LSI and Seagate will support the Key Management Interoperability Protocol submitted to OASIS for advancement through their open standards process. Figure 7 Government-Grade Security Self-Encrypting Drives provide superior security, making it less likely that the data security solution will need to be ripped out and replaced in the future due to more stringent regulations. As noted earlier, SEDs do not weaken security by needlessly encrypting the storage fabric and exposing long-lived cipher text and keys. SEDs also provide a host of other advantages that makes their security stronger than other full disk encryption technologies. The United States National Security Agency (NSA) has approved the first Self-Encrypting Drive, the Momentus® 5400 FDE hard drive, for protection of information in computers deployed by U.S. government agencies and contractors for national security purposes. Also, the encryption algorithm implementation in this first model is NIST AES FIPS-197-compliant. Seagate is in the process of pursuing similar acceptance on its future SEDs. Figure 7 depicts what potential attackers will have if they obtain a secured SED that was locked when powered down. The encryption key never leaves the drive; the key is unique to that drive alone, generated by the drive itself. What's more, a clear encryption key is nowhere to be found- only an encrypted version of the encryption key is kept in the drive. There are no clear text secrets anywhere on the drive, just a fingerprint (hash) of the authentication key. In addition, hard drives don't utilize the type of memory that is susceptible to a "cold-boot" attack. Both the data and the encryption key are encrypted using the AES 128 algorithm, the same encryption algorithm approved by the U.S. government for protecting secret-level classified information. When designing the drive, Seagate assumed an attacker could obtain complete knowledge of the drive's design and the location of any secrets held by the drive. Because there are no clues on the drive that could aid in deciphering the data, knowing the intricate details of the drive's design and construction cannot help hackers. Similarly, breaking one drive provides no secrets that would enable the attacker to break other drives more easily. In general, exposing cipher text can aid an attacker. For example, if the file system on the drive is a well-known structure, a hacker might use the fact that certain sectors always contain known values to begin an attack on the encryption. Database structures are similarly well known. A significant benefit unique to SelfEncrypting Drives is that an SED does not send cipher text from itself, effectively thwarting this type of attack. SEDs have the ability to essentially turn themselves into bricks, after a pre-determined number of authentication attempts have failed. By contrast, an attacker who has a non-SED that's been encrypted by some other method can attempt to authenticate indefinitely and the drive has no protection. In addition, the SED has protected firmware downloads; an attacker cannot insert modified firmware into the drive. Finally, to further minimize vulnerability to attack, Seagate has put no security back doors in the SED. 12