Self-Encrypting Drives for
Servers, NAS and SAN Arrays
Both the data and the encryption key are
encrypted using the AES 128 algorithm, the
same encryption algorithm approved by the U.S.
government for protecting secret-level classified
information. When designing the drive, Seagate
assumed an attacker could obtain complete
knowledge of the drive’s design and the location
of any secrets held by the drive. Because there
are no clues on the drive that could aid in
deciphering the data, knowing the intricate details
of the drive’s design and construction cannot help
hackers. Similarly, breaking one drive provides no
secrets that would enable the attacker to break
other drives more easily.
In general, exposing cipher text can aid an
attacker. For example, if the file system on
the drive is a well-known structure, a hacker
might use the fact that certain sectors always
contain known values to begin an attack on the
encryption. Database structures are similarly
well known. A significant benefit unique to Self-
Encrypting Drives is that an SED does not send
cipher text from itself, effectively thwarting this
type of attack.
SEDs have the ability to essentially turn
themselves into bricks, after a pre-determined
number of authentication attempts have failed.
By contrast, an attacker who has a non-SED
that’s been encrypted by some other method
can attempt to authenticate indefinitely and the
drive has no protection. In addition, the SED
has protected firmware downloads; an attacker
cannot insert modified firmware into the drive.
Finally, to further minimize vulnerability to attack,
Seagate has put no security back doors in the
SED.
change and newer encryption technologies
are incorporated into hard drives, they can be
intermixed with older drives in storage systems
that support encryption without making any
changes specific to the new drives’ higher level of
protection.
Key management is also becoming interoperable.
IBM, LSI and Seagate will support the Key
Management Interoperability Protocol submitted
to OASIS for advancement through their open
standards process.
Government-Grade Security
Self-Encrypting Drives provide superior security,
making it less likely that the data security solution
will need to be ripped out and replaced in the
future due to more stringent regulations. As
noted earlier, SEDs do not weaken security by
needlessly encrypting the storage fabric and
exposing long-lived cipher text and keys. SEDs
also provide a host of other advantages that
makes their security stronger than other full disk
encryption technologies.
The United States National Security Agency (NSA)
has approved the first Self-Encrypting Drive, the
Momentus
®
5400 FDE hard drive, for protection
of information in computers deployed by U.S.
government agencies and contractors for national
security purposes. Also, the encryption algorithm
implementation in this first model is NIST AES
FIPS-197-compliant. Seagate is in the process of
pursuing similar acceptance on its future SEDs.
Figure 7 depicts what potential attackers will have
if they obtain a secured SED that was locked
when powered down. The encryption key never
leaves the drive; the key is unique to that drive
alone, generated by the drive itself. What’s more,
a clear encryption key is nowhere to be found—
only an encrypted version of the encryption key is
kept in the drive. There are no clear text secrets
anywhere on the drive, just a fingerprint (hash)
of the authentication key. In addition, hard drives
don’t utilize the type of memory that is susceptible
to a “cold-boot” attack.
12
Figure 7
