Slashdot Mirror

← Back to Stories (view on slashdot.org)

Self-Encrypting Drives Hardly Any Better Than Software-Based Encryption (cio.com)

Posted by Soulskill on from the sounds-a-lot-fancier-though dept.

itwbennett writes: The main security benefit of Self-Encrypting Drives (SEDs) is that the encryption key is not stored in the OS memory, but on the disk itself, which makes it less exposed to theft. However, some attacks that work against software-based encryption products also affect SEDs, including evil maid attacks and those that bypass Windows authentication. Once a SED is unlocked, it remains in that state until the power to it is cycled or a deauthentication command is sent. When the laptop is put in sleep mode the drive state is locked, but when it resumes from sleep, the pre-boot management software, which is already loaded in memory, unlocks the drive. [A team of] researchers devised three attacks to take advantage of this situation.

2 of 73 comments (clear)

  1. Summary lesson: Physical access trumps all. by idontgno · · Score: 3, Interesting

    All the example attacks cited in the article, and the evil maid attack in the summary, require uninterrupted physical access to the computer. While the specific techniques are interesting, they're all just applications of the the first principle that if an attacker gets unimpeded access to the hardware they're attacking, you have no defenses left.

    If your computer is stolen, the lesson here is to assume it's compromised because physical access trumps all.

    Makes you wish you could install anti-tamper self destruct on such systems.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  2. Re:Self encrypting hard drives are WORSE! by Anonymous Coward · · Score: 2, Interesting

    Speaking as someone with some knowledge of SED (work on them with a manufacturer, but I will not speak for them, so leaving them as simply one of the major manufacturers), I can say that the manufacturers have access to the default password as well as the 'reset' password (which we are required to delete), the reset password will crypto-erase the drive, so there is a potential for data loss, but not data leak.

    Also, there is nothing saying you can't have both hardware and software encryption, you just need to enter two passwords instead of one.

    I can also say that our 'random source' for the key is pretty secure, and is based on drive 'noise'.