Delkin Blog

Encryption and Security Development in Solid State Storage Devices (SSD)

 

General

This article will describe the  use of Encryption and Security measures in Sold State Drives (SSDs).

 What is Data Encryption?

Data encryption converts data into an unintelligible form, so that it can only be used if converted back to its original form via decryption. Decryption is the reverse process of encryption. Decryption requires access to a secret key ( a decryption key) and an optional password to accomplish this. Encrypted data is commonly referred to as cipher text, while unencrypted data is called plain text. Additional security measures and encryption can be combined to form a very effective data protection mechanism, especially for SSDs as we shall see.

Categories of Encryption

Two main categories of data encryption exist – asymmetric encryption, also known as public-key encryption, and symmetric encryption also known as private key encryption.

 Symmetric key/Private key

In symmetric-key schemes the encryption and decryption keys are the same. Sending/Writing, Receiving/Reading parties must have the same key in order to achieve secure data transfer.

Public key

In Public Key schemes, the encryption key is published for anyone to use and encrypt sent/written data. Only the receiving (received/read data) device has access to the decryption key that enables data to be decrypted. As an example of use, consider a bank website and your application on your mobile phone. The phone uses the public key to encrypt transmitted data, and the bank uses the secret key to decrypt.

Encryption has long been used by militaries and governments to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems, both for data in transit and data stored (static). Encryption can be used to protect static data, such as information stored on Solid State Disk Drives. In recent years, there have been numerous reports of confidential data, such as customers’ personal records, being exposed through loss or theft of laptops or backup drives; encrypting data in static files helps protect them if physical security measures fail.

Encryption is also used to protect data in transit, for example data being transferred via the internet, local area networks, wide area networks etc.

Types of Encryption

There are numerous types of encryption schemes used in the industry. DES, 3DES, and AES are among the most popular. A few others are mentioned here.

 AES

The Advanced Encryption Standard, AES, is a symmetric encryption algorithm and one of the most secure. The United States Government uses it to protect classified information, and many software and hardware products use it as well. This method uses a block cipher, which encrypts data one fixed-size block at a time, unlike other types of encryption, such as stream ciphers, which encrypt data bit by bit.

AES is comprised of AES-128, AES-192 and AES-256. The key bit you choose encrypts and decrypts blocks in 128 bits, 192 bits and so on. There are different rounds for each bit key. A round is the process of turning plaintext into cipher text. For 128-bit, there are 10 rounds; 192-bit has 12 rounds; and 256-bit has 14 rounds.

Since AES is a symmetric key encryption, you must share the key with other individuals for them to access the encrypted data. Furthermore, if you don’t have a secure way to share that key and unauthorized individuals gain access to it, they can decrypt everything encrypted with that specific key.

3DES

Triple Data Encryption Standard, or 3DES, is a current standard, and it is a block cipher. It’s similar to the older method of encryption, Data Encryption Standard, which uses 56-bit keys. However, 3DES is a symmetric-key encryption that uses three individual 56-bit keys. It encrypts data three times, meaning your 56-bit key becomes a 168-bit key.

Unfortunately, since it encrypts data three times, this method is much slower than others. Also, because 3DES uses shorter block lengths, it is easier to decrypt and leak data. However, many financial institutions and businesses in numerous other industries use this encryption method to keep information secure. As more robust encryption methods emerge, this one is being slowly phased out.

Twofish

Twofish is a symmetric block cipher based on an earlier block cipher – Blowfish. Twofish has a block size of 128-bits to 256 bits, and it works well on smaller CPUs and hardware. Similar to AES, it implements rounds of encryption to turn plaintext into cipher text. However, the number of rounds doesn’t vary as with AES; no matter the key size, there are always 16 rounds.

In addition, this method provides plenty of flexibility. You can choose for the key setup to be slow but the encryption process to be quick or vice versa. Furthermore, this form of encryption is un-patented and license free, so you can use it without restrictions.

RSA

This asymmetric algorithm is named after Ron Rivest, Adi Shamir and Len Adelman. It uses public-key cryptography to share data over an insecure network. There are two keys: one public and one private. The public key is just as the name suggests: public. Anyone can access it. However, the private key must be confidential. When using RSA cryptography, you need both keys to encrypt and decrypt a message. You use one key to encrypt your data and the other to decrypt it.

According to Search Security, RSA is secure because it factors large integers that are the product of two large prime numbers. Additionally, the key size is large, which increases the security. Most RSA keys are 1024-bits and 2048-bits long. However, the longer key size does mean it’s slower than other encryption methods.

While there are many additional encryption methods available, knowing about and using the most secure ones ensures your confidential data stays secure and away from unwanted eyes.

 The NAND Flash SSD and Encryption

The nature of flash makes it more difficult to encrypt or erase data on SSDs than traditional hard drives. However, hardware-based disk encryption makes it easier than ever to encrypt and erase SSDs securely, and without any load on the Flash Controller.

Solid-state disks (SSDs) have changed the face of our electronic world, giving us faster, longer-lasting, reliable storage for our mobile devices, laptops, desktop computers, and even servers. But while solid-state storage has provided a number of huge benefits over its rotating magnetic predecessors, ensuring strong data security takes a bit more work.

Encrypting or destroying sensitive information on hard drives was straightforward–locate the data and overwrite the bits. But because of the wear-leveling algorithms integral to modern SSDs, data remnants are often spread through a drive, making it more difficult to securely destroy sensitive information without erasing the whole drive.

However, Industrial and some consumer SSDs now have Hardware-based disk encryption on board.

On these SSDs, data is always secured with Advanced Encryption Standard (AES) encryption. This happens transparently to the user, and unlike software-based disk encryption there’s no performance penalty when using encrypted SSDs. That’s because the encryption is handled by a dedicated crypto processor on the drive. The crypto processor is most times part of the ASIC making up the NAND FLASH controller. Direct Memory Access (DMA) is used to route incoming data to it, and then back to the FLASH. Very fast, very efficient.

Hardware-Based Whole Disk Encryption

Encrypted SSDs not only operate at full speed without impacting system performance, but offer a number of advantages over software-based disk encryption. Security-wise, just like any other disk-encryption solution, encrypted SSDs perform transparent, complete encryption of all data written to the NAND FLASH including hidden and temporary files that may store sensitive information. However, with cryptographic hardware and encryption the key is isolated from the host system, making the encryption process robust against attacks or viruses on the host system.

We see that data is encrypted into cypher text before written to the physical media, in the case of the SSD, NAND FLASH. So data read directly from the physical media is unintelligible unless decrypted with the key. However, anyone can still read the data from the host port, since it is decrypted by the drive controller after reading from the media and delivered to the host interface.  So the drive is only protected physically. What is needed are security measures such as drive authentication, which turns decryption on the entire drive access off until authentication is complete. Since the whole drive is normally encrypted and protected, the system cannot be booted until the drive is authenticated.

Authentication with encrypted SSDs happens pre-boot. All user space data, including the operating system, is completely inaccessible until the user is authenticated.

Sanitizing encrypted SSDs is fast and secure. On the other hand, sanitizing a conventional hard drive or SSD requires overwrite procedures that can take hours or days (and is impossible if the drive is malfunctioning), or physical destruction that could still leave data on the drive. On an encrypted SSD, though, it can take less than a second to change the encryption key (used to both encrypt and decrypt the data), rendering all data currently on the drive unreadable and for all intents and purposes, completely destroyed.

Unlike software-based encryption solutions, encrypted SSDs are OS-agnostic and can be used on Linux, Windows, OS-X or virtually any other operating system.

How Does Hardware-Based AES Disk Encryption Work?

Modern encrypted SSDs use a 128- or 256-bit AES algorithm along with two symmetric encryption keys. The first key is the Encryption Key, used to encrypt all data stored on the drive. Assuming the drive uses AES-256 bit encryption, this key is a 256-bit number generated randomly and stored in encrypted format on a hidden area of the drive. The Encryption Key never leaves the device and is known only by the drive itself. Not even the drive manufacturer knows the value of the Encryption Key. The SSDs drive controller performs hardware-based AES disk encryption, relieving the host of crypto processing duties.

The second key is the Authorization Key, which is set by the user and controls access to the drive. If the Authorization Key is not set, for instance when the drive is first used, the SSD will appear to behave just like a normal unencrypted SSD. In fact, the data is still being encrypted at this point, but without an Authorization Key, the drive is unlocked and automatically decrypting read requests with the Encryption Key. Like the Encryption Key, the Authorization Key is never stored in plaintext, but rather only in an encrypted state.

When the Authorization Key is set on an OPAL 2.0-compliant SSD, a number of things happen: the Media Encryption Key is encrypted by the Authorization Key, a cryptographic hash of the Authorization Key is stored on the drive, and the drive is set to be locked and prevented from being accessed the next time the machine is power cycled.

The next time the machine is booted up, the machine doesn’t see the normal master boot record (MBR). Instead, there’s just a small pre-boot image—the MBR shadow. This pre-boot area performs authentication and the user inputs his or her credentials, which are run through a Key Deriving Function to generate an Authorization Key. If the Authorization Key submitted by the user matches the one stored on the drive, the user is authenticated. The authenticated Authorization Key is then used to decrypt the Encryption Key and load it into the crypto-processing engine. At this point, the real MBR is also loaded so that the system can boot and operate normally.

Managing Encrypting SSDs

Depending on the specifications of the drive and host system, an encrypted SSD can be initialized, authenticated, and managed through either ATA security or TCG Opal 2.0 compatible software.

ATA security (ATA Secure Command Set)

If supported, the simplest way to use an encrypted SSD is through ATA security using system BIOS. This is suitable for embedded and industrial systems, or single-user computers, and is as easy as setting the ATA password. Setting the ATA password will set the Authentication Key and enable authentication on an encrypted SSD. The ATA interface can also be used to issue a cryptographic erase—this is when the Encryption Key is updated, rendering all data on the drive unreadable.

TCG OPAL 2.0 software

Though ATA security is free and simple to use, it doesn’t take full advantage of OPAL 2.0-compliant SSDs, isn’t available on every motherboard, and even when available, it’s difficult to be sure of how secure the authentication process is without access to the BIOS code.

For stronger authentication, increased peace of mind, and much better management capability, a wide range of certified third-party encryption software and utilities designed to manage OPAL 2.0 devices is available. A typical Opal drive layout include the MBR Shadow and multiple user ranges. (Courtesy of Trusted Computing Group)

OPAL 2.0, the latest version of the specification, accommodates block sizes appropriate for SSDs and LBA range alignment in order to minimize write amplification. Encrypted SSDs should be OPAL 2.0-compliant for optimal performance. They also need to be used with software that supports OPAL 2.0, since the specification is not backwards-compatible.

Besides setting the Authentication Key and allowing for cryptographic erases, OPAL drive management software allows for a 128-MB pre-boot environment to be loaded, providing sophisticated access control such as biometric, TPM, network, or even two-factor authentication.

Drives can be configured with multiple logic-block-address (LBA) ranges, each with its own access control each LBA has its own Authentication Key and Encryption Key, and users will only be able to see and access the range specified for them.

Using appropriate software, OPAL 2.0-compliant drives can be centrally managed over a network, with remote initialization, range management, and data sanitization. With centralized control, a remote OPAL 2.0 SSD can be deployed without any restriction on the host operating system.

Conclusion

Even with its limitations, which are inherent to both software- and hardware-based disk-encryption techniques, encrypted SSDs, along with security measures, provide a huge leap forward in data security by providing strong, easy-to-use, transparent encryption and secure disk access.

 

Contact