Industrial Flash Storage Encryption and Security Features
In many industrial flash storage applications, data security is a critical consideration. In industries such as healthcare, transportation, and automation, as well as governmental and military applications, sensitive data is stored, and if accessed by unintended parties, the security risks can be enormous.
Over time, developments have been made in technology that allows flash storage to provide reliable encryption and security.
Early HDD’s adopted a security command set allowing a drive to be “locked”, denying access to the data using standard ATA commands. This form of low-level security provided rudimentary protection for a drive, however, said drive could be disassembled and data recovered from the media directly, thus bypassing the software lock mechanism. This form of data recovery is not trivial, but also not outside the abilities of most data recovery firms.
These same techniques can be extended to an SSD, in that if the drive is locked, the FLASH chips can be removed, and the data read directly. This process is also non-trivial and further compounded by the fact that SSD firmware does not store data sequentially in FLASH chips as it is on an HDD, thus data would need to be reassembled. Again, not an impossible task depending on the determination of the group performing the recovery.
Drives have since adopted methods of encrypting the data directly on the drive which confounds the standard data recovery methods above. A data recovery service would, after recovering the raw data, be required to have the KEY to unencrypt the data.
Encryption in Place
Encrypting data directly on the drive aids in preventing physical data recovery, however, once a system is running and the drive is “open” the attached host would be free to read the entire drive, thus not preventing an insider attack and offload of the entire drive contents.
Encryption in Flight
To prevent an insider data breach of an open drive, an encryption in flight method is required. Software packages for many operating systems have been adopted that perform the data decryption on the fly, rather than allowing the drive to perform the function. The data is read and written to the drive as encrypted data, the drive is unaware that the data is encrypted or not encrypted.
The most common method of encrypting data directly on a drive is Advanced Encryption Standard 256 (AES-256), which is not considered a broken coding method like AES-128. Within the AES-256 standard there are several popular variations, each providing higher security, but with each increase there is a corresponding reduction in data performance to and from the drive.
Variations in order of complexity
- Electronic Code Book (ECB)
- The simplest of the encryption modes, named after conventional physical codebooks. The message is divided into blocks, and each block is encrypted separately.
- Cipher Block Chain (CBC)
- A more complex mode, where each block of plaintext is altered with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point.
- Xor–encrypt–xor based Tweaked-codebook mode with ciphertext Stealing (XTS)
- Another notch up in complexity, data is altered using similar techniques as CBC, however, it is not limited to fixed sized blocks
AES-256 is considered to be bidirectional, in that data can be decrypted once it has been encrypted. Methods like SHA-256 merely generate a HASH that is not reversible, it can only be verified.
In order decrypt data that was encrypted with AES-256, the decrypt hardware or software needs to be aware of the “KEY” value(s) with which the data was encrypted. Typically in XTS, 2 keys are employed, one is a 256-bit (32 bytes) key that performs the encryption, and one is a 128-bit (16 byte) “tweak” value, that begins the transformation of the first block. Subsequent blocks use a developed tweak from the previous data.
Not knowing either of these 2 sets of values is fatal to being able to decrypt the data.
These keys are known only to the drive.
Unlocking an Encrypted Drive to be Read
In order to command the drive to begin providing data that is decrypted, the host system is required to authenticate itself.
When a drive is used for the first time, fresh from the factory, it is in not “provisioned”, in that the data is encrypted on the drive but not “locked”. This allows the host to freely read and write the data on the drive in its encrypted/decrypted state.
The encryption keys are provisioned at the time of manufacture; however, the authentication keys are not. A host system would provide a set of authentication keys allowing that specific host to gain access to the encrypted data.
Once the Authentication keys are provisioned, data reads are either prevented or the data remains encrypted, while writes are always prevented.
These authentication keys are symmetrical, in that both the host and the drive are configured to have these keys. These key(s) are typically 256-bits in length.
In order to “unlock” the drive, a handshake method needs to be adopted to verify that both the host system and the drive have the same keys. ATA drives often adopt the OPAL2.0 style of key management
Non-ATA drives, such as a USB stick, or an SD card, or even ATA drives in an embedded application, can adopt a proprietary method of authentication. Such as a Challenge Handshake Authentication Protocol (CHAP). A CHAP protocol would be such that a host requesting access to the drive would request a “challenge”. This challenge would be a small fixed size block of data. This data would be encrypted with the known authentication key(s) and returned to the drive. The drive then decrypts the returned data and compares to the original data. If they match, then it is verified the keys are symmetric and the drive is unlocked.
A common extension to a CHAP protocol would be utilizing an incrementing Initialization Vector, which would further tweak the encryption/decryption of the challenge data.
It is important that the symmetric Authorization keys are protected and not transmitted to the drive “in the open” due to the ability to monitor the interface bus and capture the keys. This is not a trivial operation, but not outside the abilities of determined data miners.
Determining the right security solution for a given application can be a complex challenge, involving multiple hardware suppliers and key software components. Let Delkin help you identify and implement the solution that will keep your data or your customers’ data secure.
ORDER DELKIN INDUSTRIAL FLASH STORAGE TODAY through our distribution partner Newark.