6

I'm working on encryption techniques on SSD's and my question is: does the erase before write architecture of SSD's has anything to do with the encryption technique?

What are the problems I might face on implementing hard drive encryption to SSD's?

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
lferasu
  • 151
  • 1
  • 2

2 Answers2

11

The whole idea of encryption is that it is meant to bring you confidentiality regardless of how the physical media is managed. Details about how a bit is "erased" (or fails to be erased) is relevant to security; encryption is about getting said security without having to bother with those details.

It turns out that data on a SSD is a fickle thing and it is hard work to track out all the places where it goes; see this question for details. This just emphases that encryption is the only sure method to keep the data confidential.

Disk encryption on a SSD is not different to disk encryption on a "classical" magnetic disk. Their interface is identical: accesses by indexed 512-byte sectors. This does not make SSD encryption simple, only not harder. Disk encryption is by itself a complex problem: it must handle random access (both for reading and writing), be fast (disks have a huge bandwidth), be integrated in the operating system, and should resist active attackers who can shut down the machine, swap some sectors, and power it on again.

Community
  • 1
Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • 1
    One slight difference between encryption on an SSD versus some other device is that a real hard drive doesn't care which sectors are used or unused; filling unused sectors with random data to make them indistinguishable from used ones wouldn't adversely affect performance. By contrast, for maximum performance SD cards need to be able to recognize which sectors are used and which aren't. To yield good performance, an encryption scheme should not require that all unused blocks be filled with random data. – supercat Oct 10 '14 at 18:13
2

Here is one problem that you could have:

Let's say you have a file on your SSD ... it is physically located at address P1 which is currently mapped to the logical address L1.

Now you want to encrypt this file, and replace the plaintext with the ciphertext.

Neither reading the file from L1, nor encrypting it with some standard cipher like AES is a problem.

But now it comes to writing the ciphertext back to the SSD.

Since a SSD has a limited amount of write cycles before the device will fail, there are some wear leveling approaches to extend the lifetime of the SSD. The effect is that you can't be sure, that writing to a logical address twice will result in two writes to the same physical address.

so it could happen, especially if your file is small, that the encrypted file that is written to the logical address L1 will not be written to the physical address P1, but P2. In this case the unencrypted file would still be located at P1.

You wouldn't be able to access that address by usual means, since the SSD will work on logical addresses and let the firmware decide what physical address should be referenced, but this could be a potentially epic security fail if someone reads that file directly from the physical address (direct physical access to the memory chip, different firmware, special firmware specific commands to access physical addresses, etc)

Or if you are talking about encrypting the whole disk, you could be facing the same problem from a different point of view:

Let's say you encrypt everything with a key that is encrypted with a password and stored on that same SSD ...

Now you want to change that password, but keep the key so you don't need to reencrypt the whole disk.

Normally you would read the key, decrypt it with your old password, encrypt it with the new one, write it back.

But now you can't be sure that you will overwrite the old key, so there could still be that old key, encrypted with the old password stored on the SSD.

If you changed the password because someone knows it, changing the password may not be sufficient to ensure that only you can access the encrypted disk.

DarkSquirrel42
  • 121
  • 2
  • i don't know how to thank you. you gave me the very first enlightenment about the topic..i'm very familiar with Flash translation layer and all the SSD things... but i'm poor with security stuffs.... can you tell me what else i should consider for SSD encryption another problem is i couldn't find academic papers on the area.... what i was able to find is manual of True crypt... which doesn't explain everything to the details i need – lferasu Aug 11 '11 at 08:06
  • well, that's the first and only problem that i can see ... but i'm no guru ... i can tell you that this issue can be a problem, but i don't know if there are no other things that could go wrong ... sorry :-/ – DarkSquirrel42 Aug 11 '11 at 19:42
  • ok... how about this... do you know any previous work which consider the above problem?...i'm getting hard time to find them... or you can suggest me some ideas to consider. thanx – lferasu Aug 16 '11 at 14:05
  • ... sorry ... :-/ – DarkSquirrel42 Aug 16 '11 at 16:54