5

Consider a drive with Opal 2.0 support that works with Microsoft Bitlocker's "eDrive" feature. In this case, supposedly, the encryption key never leaves the disk (which might increase security, although the RAM of the machine obviously needs to have the "unlock" code stored somewhere).

Is there a certification that shows the technology has been audited to provide some level of tamper protection? The SSD vendors implement encryption internally because it helps balance out some electric stuff at the physical layer. Might the data encryption key be easily obtained from a chip on the drive? Similar to some TPMs that were "easily" opened and key material extracted?

MichaelGG
  • 380
  • 1
  • 9
  • 1
    Seeing how major manufacturers let you trivially reset the encryption key, I would bet that you could as well trivially find out where it is stored if you were decided to do so, even if there is no software exploit. Simply do a "secure erase" using the maintenance tool or use the recovery key printed on the case (WTF did they think when they did that anyway!), and look which bits flipped (or measure the electromagnetic field to find out where on the board is electric activity). Obviously, you would need _two_ drives, since you can't use the drive where you want to steal the key for that... – Damon Mar 03 '14 at 13:39

1 Answers1

3

In the United States, the validation (certification) you looking for in government and some regulated areas is listed in the NIST Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules list.

Per the FIPS 140-2 standard tamper based requirements start at Level 2.

FIPS 140-2 Security Level 2:

Security Level 2 enhances the physical security mechanisms of a Security Level 1 cryptographic module by adding the requirement for tamper-evidence, which includes the use of tamper-evident coatings or seals or for pick-resistant locks on removable covers or doors of the module. Tamper-evident coatings or seals are placed on a cryptographic module so that the coating or seal must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module. Tamper-evident seals or pick-resistant locks are placed on covers or doors to protect against unauthorized physical access.

and then FIPS 140-2 Security Level 3:

In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper detection/response circuitry that zeroizes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.

and Level 4, the highest:

Security Level 4 provides the highest level of security defined in this standard. At this security level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate zeroization of all plaintext CSPs. Security Level 4 cryptographic modules are useful for operation in physically unprotected environments.

There are some USB keys validated at FIPS 140-2 Overall Level 3; you'll have to check for actual drives, but that's where to look for the U.S.

Anti-weakpasswords
  • 9,785
  • 2
  • 23
  • 51
  • Aha. So FIPS 140-2 level 3/4 are the only ones that'd provide any protection against an attacker with physical access to the drive? (Assuming the drive just stores the key and does some sort of auth process to start up?) I see some SSDs marketed as "FIPS compliant" "FIPS-197 Validated". That's just a cute way to say they implemented AES, eh? Is FIPS 140-2 something an SSD vendor is likely to not to bother with, even if they could meet the requirements? – MichaelGG Mar 04 '14 at 07:37
  • 1
    Read the NIST validation list from the link above - search for "drive" or "SSD" or similar words - you'll find the vendors that actually do that sort of thing that way, and NIST keeps that list up to date. – Anti-weakpasswords Mar 04 '14 at 14:40