<div dir="ltr"><div class="gmail_extra"><span style="font-family:arial,sans-serif;font-size:13px">Hi Perry,</span><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">
Sorry for the very slow reply; I was away on vacation.</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div class="gmail_extra" style="font-family:arial,sans-serif;font-size:13px"><div class="gmail_quote">
<div class="im">On Fri, Jun 20, 2014 at 9:04 AM, Perry E. Metzger <span dir="ltr"><<a href="mailto:perry@piermont.com" target="_blank">perry@piermont.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
On Thu, 19 Jun 2014 23:37:04 -0400 Darren Lasko <<a href="mailto:dlasko@ieee.org" target="_blank">dlasko@ieee.org</a>><br>wrote:<br><div>> On Thu, Jun 19, 2014 at 5:06 PM, Perry E. Metzger<br>> <<a href="mailto:perry@piermont.com" target="_blank">perry@piermont.com</a>> wrote:<br>
><br>> > It is different in a vital respect -- in the software<br>> > implementation, you can more or less check that everything is<br>> > working as expected, and you don't have to trust that the drive<br>
> > isn't sabotaging you. That's quite different -- vitally so, I<br>> > think.<br></div>[...]<br><div>> However, to your point that "in the software implementation, you<br>> can more or less check that everything is working as expected,"<br>
> this only holds true if it's open-source (and as we have found<br>> recently, this is still no guarantee against nasty security<br>> "flaws"), or if you're willing to reverse-engineer a closed-source<br>
> product (which you could also do with a hardware-based product,<br>> though likely at a greater expense).<br><br></div>No. You are missing a very vital point.<br><br></blockquote><div><br></div></div><div>I really don't think I missed your point. I even acknowledged that point in my previous post. My counter-point is merely that the actual media encryption part, while vitally important, is only a small part of the overall FDE solution. The other parts of the solution are equally important, much harder to get right, and not readily verifiable in *either* a hardware solution or a closed-source software solution. I would argue that if you don't trust hard drives with built-in encryption, then you also shouldn't trust closed-source software drive encryption products (and maybe you don't).</div>
<div><br></div><div>In fact, even the actual media encryption part is probably much harder to verify in a closed-source software implementation than you might be thinking...</div><div class="im"><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
If the sectors on the drive are encrypted with some particular<br>algorithm using some particular key, I can check, in a software only<br>solution, that the sectors are indeed encrypted in that key using<br>that algorithm.</blockquote>
<div><br></div></div><div>Getting "that key" out of a closed-source software FDE product will require reverse-engineering the product or employing something like the techniques used in the Princeton "cold boot attack". And once you have the key, you also need to know the encryption algorithm and cipher mode being used (which is usually specified in the product documentation) *plus* the product's algorithm for generating IVs/tweaks for the cipher mode (probably only discoverable by reverse-engineering, since I've never seen a closed-source implementation give this level of detail in its documentation). This is why I said in my previous post, "you can take a look at the ciphertext and verify that you see random-looking bits, and maybe verify through experimentation that it's not using a poor choice of cipher mode like ECB." Anything more than that will require you to dive deep into the inner workings of the product.</div>
<div><br></div><div>[...]</div><div class="im"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">It is actually much worse than that since the hardware implementation<br>
could be doing things like stashing keys in hidden sectors, but one<br>need not go so far as to worry about that because even the most basic<br>audit is impossible.<br><div><br></div></blockquote><div><br></div></div><div>
Software-only products are capable of implementing equivalent levels of malfeasance, for example by obfuscating the plaintext media encryption key and stashing it in the area of the drive they reserve for their pre-boot code and metadata. They could even encrypt the media key using a public key to which the developers (or their "partners") hold the private key.</div>
<div class="im"><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><br>> While it's true that even with a closed-source product you can take<br>
> a look at the ciphertext and verify that you see random-looking<br>> bits,<br><br></div>No, if they say "this is using AES-256 GCM" I can do more than that.<br><br></blockquote><div><br></div></div><div>
Again, not without the key.</div><div class="im"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
If your closed source vendor is not telling you what algorithm and<br>mode they are using, they are of course also doing something<br>unacceptable and should be excluded from your purchases. It is<br>acceptable (though not even remotely optimal) if the encryption<br>
implementation is closed source, but it is utterly unacceptable if<br>its method of operation is not fully disclosed.<br><div><br></div></blockquote><div><br></div></div><div><div>Your original comment was about "checking/verifying", not "disclosure". If you look at the datasheets for self-encrypting drives from just about any respectable manufacturer, they disclose the encryption algorithm/mode:</div>
<div><a href="http://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/ssd-pro-1500-series-sata-specification.pdf" target="_blank">http://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/ssd-pro-1500-series-sata-specification.pdf</a> (XTS-AES-256, FIPS 197 certified)</div>
<div><a href="http://www.micron.com/-/media/documents/products/data%20sheet/ssd/m550_2_5_ssd.pdf" target="_blank">http://www.micron.com/-/media/documents/products/data%20sheet/ssd/m550_2_5_ssd.pdf</a> (AES-256 CBC)</div>
<div>
Seagate has FIPS 140-2 certification on various models, so even more information can be gleaned from their public security policies (e.g. <a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2119.pdf" target="_blank">http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2119.pdf</a>) and CAVP certifications (e.g. AES cert #1974 for XTS, CBC, and EBC)</div>
<div><br></div></div><div>Just to reiterate, checking that the actual media encryption is implemented correctly in a closed-source software product is not a straightforward task (even though you can easily "see" the ciphertext). We haven't even discussed how you would verify the other (and trickier, IMO) bits of the product, such as entropy source & RNG for generating media keys, how passwords are "strengthened", how the media key(s) are cryptographically protected with the "strengthened" authentication credentials, how the "key blobs" are sanitized from the drive (especially on flash-based storage devices), etc.</div>
<div><br></div><div>I think it's fair to say that hardware-based FDE solutions aren't any more "untrustworthy" than their closed-source software counterparts, and I think one could even argue that open-sourced isn't a silver bullet (<a href="http://underhanded.xcott.com/" target="_blank">http://underhanded.xcott.com/</a>). Even in software implementations, there are a variety of components that are just as difficult to verify everything is working as expected; and as such a high level of faith is required that the software isn't sabotaging you.<br>
</div><div><br></div><div>Regards,</div><div>Darren</div><div><br></div></div></div></div></div>