11

Are there any known flaws in the full disk encryption on Intel 520 series SSD drives?

Specifically, it seems these drives generate an internal AES key automatically, even when no password is set. But is the ATA password (also known as "BIOS HDD password") really used to encrypt the internal AES key, or is that internal key stored in plaintext?

LTR
  • 213
  • 1
  • 2
  • 5
  • 9
    According to a forum posting by Intel, the BIOS HDD password is indeed used to secure the internal key: "Yes, ATA password is used to encrypt the encryption keys stores on the SSD." (http://communities.intel.com/message/120689#120689) The question remains whether there are any other known weaknesses. – LTR Sep 17 '12 at 13:48

3 Answers3

17

I will try to answer your question as specifically as possible.

I contacted Intel tech support to ask them exactly this question: Is the AES key on the Intel 520 encrypted with the ATA password. After weeks of back and forth, I finally received an explicit confirmation from them. I quote:

Yes, ATA password is used to encrypt the encryption keys stores on the SSD. In other words: The Encryption Keys depends on the ATA password to decrypt them. The ATA password is not used in combination with the Encryption Keys to encrypt the data.

I also found this Intel white paper http://communities.intel.com/docs/DOC-19512 that claims the following:

How Self-encrypting drives (SEDs) Work: SEDs, such as the Intel® SSD 320 Series and Intel® SSD 520 Series, have a drive ... Because the disk encryption key is encrypted with the ATA (Advanced Technology Attachment) passwords

I summarised most of my findings about SED SSDs in this blog post: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/

Charl Botha
  • 286
  • 2
  • 3
5

I read two questions:

  1. How secure is the Intel SSD encryption ?
  2. Are there any known flaws to the full-disk encryption of [specific models]?

To address the first question about "how secure" it is... As with any security the answer is always relative. Sector-based (hardware) encryption on-disk is orders of magnitude more secure than software based data security. Why? Access.

I worked at a data security software company for several years that had some of the best root-kit and Windows NTFS hackers in the world. After many attempts, they established and conceded that hardware/disk/sector based encryption was much more secure (and less complicated) than software. Software can be circumvented and fooled, especially the lower in the stack you get (all the way down to the BIOS). Hardware based encryption by Intel and others is device-based and as such I am not even aware of a BIOS hack that can get under it.

The military and secret data organizations regularly require disk based encryption to remedy the "stolen laptop" problem. Short of removing the disk drives and putting them in a fire-proof safe (which some organizations actually do), device based encryption from Intel and others is probably the best way to safeguard data [completely] at rest.

I have not read of any flaws in the design of such implementations and I suspect if they were found in the wild it would be a big headline. NIST and other groups strongly endorse and encourage use of this technology for securing data at rest.

Darrell Teague
  • 454
  • 3
  • 6
  • hardware keylogger may still be used to "crack" hardware HDD password-based encryption, isn't it? – Display Name Apr 20 '14 at 10:40
  • The key-logger would have to be deeper in the stack than the very low (BIOS I believe) input for the full-disk PW. This is lower than the normal (Windows for example) operating system device input path where most key-loggers target to get underneath. In any case, one could argue this is a hack to the interface versus the stolen disk (at rest) scenario. Still, there are no known key-loggers (virus/root kit) that get beneath the BIOS level password input. – Darrell Teague Apr 22 '14 at 21:03
  • Yes, a hardware keylogger inserted between the keyboard and USB connection could be used to get this (and any other) passwords entered. This would be more difficult for a laptop because of the internal ribbon connectors, lack of space, etc. but would certainly be possible for any government. – fencepost Sep 23 '15 at 18:54
  • Any empirical evidence to back said claims including the possibility for "any government" [to insert a key logger [via software, remotely] between the keyboard and encryption device interface]? – Darrell Teague Sep 30 '15 at 21:14
-1

Most any device that uses 256 bit or greater AES encryption is considered “safe” because the bit length is long enough to keep modern computer’s busy for years running brute force decryption. The problem is the misconception that once a HD or SSD is encrypted; the only way to acquire access to the data is through brute force attacks. The responses thus far to this question have been exclusively taking into account the software/firmware vulnerability side of the encryption.

It indeed is important to understand the correlation between FDE, the BIOS, and ATA passwords, but it’s more important to understand that locks only keep honest people out. A crook or law enforcement who wants access to your data will not spend time trying to guess or brute force your password. The fact is, a simple off the shelf hardware key logger (meaning on that installs between the keyboard and computer) will instantly begin logging keys the second power is applied, irrelevant of the execution of the bios. A simple test setup consisting of a key logger, a keyboard and an external power supply will demonstrate the logger capturing key strokes even without being connected to a computer.

There are dozens of techniques used to steal your password. Key loggers, hidden cameras focused on your keyboard, phishing, eavesdropping, breaking your arm, social engineering, rummaging through trash. Don’t forget about a subpoena to your ISP, email provider, bank, eBay, Paypal, credit card company, etc. requiring your password on file. Also be aware that to date, all encryption can be detected on all HDs and SSD even Truecrypt. This means that once it’s determined that your drive is encrypted; you can be compelled in court or through discovery to provide your password. Of course you always have the option of exercising your Fifth Amendment right which may or may not protect you from self-incrimination.

The question “How secure is Intel SSD Encryption” can’t be answered by only considering its hardware AES encryption. Data security is much more than encryption and you should never store anything on a drive that could incriminate you, even temporarily because tools exist that can can recover things you delete. Keeping your hard encrypted, keeping it in a secure location, having a unique password that you don’t use anywhere else, not sharing your password with anyone, awareness of social engineering, visual review of your working environment, a watchful eye on your surrounding for a crook, thug, or investigator, and routine inspection of your hardware for loggers and such will greatly increase the security of your data.

Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
Guest
  • 1
  • There is no "greater" than 256 bit AES. AES is defined for key sizes of 128, 192 and 256 bits, and *only* for those. Also compare [How does one scale encryption strength upwards from 256-bit?](https://crypto.stackexchange.com/q/870/1142) on [crypto.se]. – user Feb 05 '17 at 15:29