Companies relying on self-encrypting drives (SEDs) to secure data stored on their employees’ laptops should be aware that the technology is not immune to attack and should carefully consider whether they want to use this rather than software-based approaches.
Daniel Boteanu and Kevvie Fowler from KPMG Canada demonstrated three data recovery methods against laptops using SEDs at the Black Hat Europe security conference in Amsterdam.
Self-encrypting drives perform the data encryption and decryption operations on a dedicated crypto processor that is part of the drive controller. That gives them several, mainly performance-related, benefits compared to software-based encryption products which rely on the CPU.
The main security benefit is that the encryption key is not stored in the OS memory, but on the disk itself, which makes it less exposed to theft. However, some attacks that work against software-based encryption products also affect SEDs, including evil maid attacks and those that bypass Windows authentication, the researchers said.
Boteanu and Fowler focused their research on laptops with SEDs that are compatible with the Trusted Computing Group (TCG) Storage Security Subsystem Class standard, also known as Opal, and Microsoft’s Encrypted Drive (eDrive) standard, which is based on Opal.
These drives are the most attractive for enterprise deployments because they can be easily managed. SEDs operating in eDrive mode for example are managed through BitLocker, Microsoft’s full disk encryption technology for Windows.
Two researchers demonstrated attacks against self-encrypting drives used in enterprise environments at the Black Hat Europe conference in Amsterdam.
Companies relying on self-encrypting drives (SEDs) to secure data stored on their employees’ laptops should be aware that this technology is not immune to attack and should carefully consider whether they want to use this rather than software-based approaches.
Daniel Boteanu and Kevvie Fowler from KPMG Canada demonstrated three data recovery methods against laptops using SEDs at the Black Hat Europe security conference in Amsterdam Thursday.
Self-encrypting drives perform the data encryption and decryption operations on a dedicated crypto processor that is part of the drive controller. That gives them several, mainly performance-related, benefits compared to software-based encryption products which rely on the CPU.
The main security benefit is that the encryption key is not stored in the OS memory, but on the disk itself, which makes it less exposed to theft. However, some attacks that work against software-based encryption products also affect SEDs, including evil maid attacks and those that bypass Windows authentication, the researchers said.
Boteanu and Fowler focused their research on laptops with SEDs that are compatible with the Trusted Computing Group (TCG) Storage Security Subsystem Class standard, also known as Opal, and Microsoft’s Encrypted Drive (eDrive) standard, which is based on Opal.
These drives are the most attractive for enterprise deployments because they can be easily managed. SEDs operating in eDrive mode for example are managed through BitLocker, Microsoft’s full disk encryption technology for Windows.
Lucian Constantin, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers