Self-Encrypting Hard Drives and the New Security

In a recent blog post, CNet's Jon Oitsik has called for a policy shift with respect to data encryption. A new standard by the Trusted Computing Group promises the availability of self-encrypting hard drives soon, leading some to call for immediate adoption. Will this create even more security problems due to lazy custodians, or should someone responsible for keeping your information safe be required to move to the new hardware? Hopefully the new hardware comes with a warning to continue to use other data protection measures as well.

self encrypting, probably self-defeating too

[petes_PoV]

And the very first thing the users will do is write down the encryption key, so they don't forget it.

After all, what's the point of having all your data on a disk that you can't access? It's far more likely that the user(s) will forget the key, than for the drive to fail. However, the result will be the same in both cases: inaccessible data and if past experience is anything to go by, no backups (which would also have to be encrypted, again with the isssue over keys).

Until the average PC user radically rethinks their attitude towards their computers - whether at work or play, this seems just one step too far.

Re:Propriety Encryption

[Shakrai]

You got a funny mod but it should be insightful. That was my first thought......

Don't worry though, it's for your protection. Think of the children/terrorists!

I want one with a removable key

[davidwr]

It's hard to do with fixed drives, but I want USB drives and memory sticks that come with their own dongle-key that plugs into the storage device, so they key can be separated from the drive. Even better if it has its own keypad or fingerprint reader for authentication. "Something you have, plus something you know."

Re:Propriety Encryption

[dgatwood]

I wouldn't worry about back doors. Given the history of "secure" hardware devices, I'd be more worried about them turning the password trivially into a 64-bit key, using XOR with the key, and storing the key in unencrypted flash for verification....

Encryption != Security

[elrous0]

If it's a proprietary system where some insecure company or insecure government agency has the keys, why even bother? If anything, it's only providing you with a dangerously false sense of "security."

Really?

[fuzzyfuzzyfungus]

I want some of what this guy is smoking. He seems to be under the impression that, because the encryption is handled in hardware, there will be no software to deal with. And what, pray tell, will configure the hardware, and set crypto keys, and hold them in escrow in case of the inevitable forgetting, and change them if needed, and so on and so forth?

Hardware encryption certainly has its advantages; but if you can't handle deploying software encryption now, I'm deeply skeptical of your ability to handle deploying hardware encryption.

Re:Multiple security layers

[GMFTatsujin]

Unless it does something unexpected, such as, say, making it a nightmare to recover files off the drive for legitimate reasons.

I foresee a lot of IT departments pulling their collective hair out on this one: some Executive Director with a penchant for buying the Shiny New Thing stores mission critical data on a self-encrypting drive, some motherboard component on the computer blows up, and now the hard drive -- while fine -- is inaccessible.

Yay.

Three problems

[Todd+Knarr]

Three problems with the idea:

1. Transferring media to new systems. I've already seen a case at work where an encrypted laptop drive was fully intact and working, but the laptop it was in was dead and had to be replaced. The drive was a complete loss, because it couldn't be used as the boot drive in the new laptop (different manufacturer) and there wasn't any software that could be used to supply the boot password to the drive when connected by any other method.
2. Suspend/hibernate. We've found that a lot of the laptop models where I work don't correctly handle returning from a suspend and/or hibernate state. The most common case is that the laptop simply returns to normal operation from the suspend state without requiring re-entry of passwords. Most users simply put their laptop into suspend state rather than powering it down, which means anyone stealing the laptop can completely ignore the drive encryption. Standard Windows screen locking doesn't help much, once the laptop's unsuspended it's network interface is active and it can be remotely compromised and the screen lock disabled.
3. Law enforcement. If the drive encryption is truely secure, LEOs will insist on having a back-door to let them decrypt a suspect's drive to search for evidence even if the suspect won't give them the passwords. If such a back-door exists, it'll quickly be broken and software produced to gain access to an encrypted drive through that channel rendering the encryption useless.

#2 can be dealt with going forward in the hardware and OS. #1 can be dealt with going forward with standardized encryption and hardware protocols. #3... is intractable.

Re:Multiple security layers

[Lord+Ender]

No. Worthless security measures are bad for security because they provide a false sense of security. This influences behavior. So bad "encryption" really can be worse than plain text.