[Cryptography] trojans in the firmware

[Peter Gutmann]

Henry Baker <hbaker1 at pipeline.com> writes:

>BTW, what's the point of AES encryption on this pre-p0wned device?  More
>security theatre?

Almost.  Its sole use is for very fast "drive erasure", i.e. you change the
key and the data on it becomes inaccessible.  Have a look at this
presentation:

http://www.snia.org/sites/default/education/tutorials/2012/spring/security/MichaelWillett_Implementing%20Stored-Data_Encryption_2.pdf

which describes what Samsung (and others) are doing, in particular slide 18.
The decryption key (DEK) is stored in the drive, and is unlocked using a
password (and "authentication key", AK).  So to decrypt the drive you extract
the encrypted DEK, brute-force the password (AK), and you're in.

In any case though it doesn't protect against an attack that occurs when the
drive is mounted since it looks like an unencrypted drive at that point (and
presumably the AK is hardcoded into a startup script or something similar in
order to survive power outages, so you can grab that if you really need it).

It's actually hard to see what purpose this "encryption" is serving (the
vendors studiously avoid providing a threat model), it doesn't protect live
data, it barely protects data at rest (say if you decide to Fedex the contents
of your data centre across town), the only thing it really does is allow for
fast erasure of contents, and protect against casual snooping of the "buy a
batch of drives on ebay and see what's on them" kind.

So I guess if ebay is your threat, it's good enough.  OTOH a BIOS password set
for the drive will do the same thing.

As a more general response to "what's the point", regulatory compliance ("our
drives were encrypted so we don't have to disclose the 40M credit card breach
from last week"), buzzword-compliance, CYA, it's not a bad idea from a
marketing point of view.

Peter.