Understanding the Value of Self-Encrypting Drives

By | Jul 11, 2022 | All, Security

How secure is data on a storage device? The surprising fact is that without drive-level access control and encryption, data on a hard disk drive (HDD) or solid-state drive (SSD) can be vulnerable to improper access or unauthorized modification or deletion. For example, if a malicious actor steals the drive, he or she can place it on another machine. The drive will respond to any properly formatted I/O command.

The problem is that a standard drive relies on the operating system (OS) login and file system permissions to control who can access the drive and what files they can access. By attacking a computer’s OS, a hacker may be able to extract the encryption keys and unlock software-based encryption to access data stored on the drive.



The TCG Opal self-encrypting drive (SED) mitigates this risk. First TCG provides for robust access control, such that access is locked even if the OS is hacked or the SSD is put in another PC. As an additional layer of protection, the user data on a TCG Opal SSD is encrypted using AES-256. This means that an attacker could not bypass the access control by de-soldering the NAND flash chips and trying to read them directly.

The TCG Opal SSD implements hardware-based security and is much harder to attack because it is self-contained. Unlike a PC that is connected to the internet and runs a browser and applications, the SSD is a closed environment. It only runs its own firmware. Also, a well-designed TCG Opal SSD always implements secure boot. This feature ensures that the ROM code verifies the firmware cryptographic signature before it runs.

For these reasons, TCG Opal SEDs offer a higher level of data protection than a standard drive. This article reviews how SEDs work, along with what comprises a good SED.


How SEDs work

Once unlocked by the user, an SED automatically encrypts and decrypts drive data without the need for user input or any software to handle disk encryption. With its onboard encryption, the drive encrypts its own data, independent of external factors.

The Opal encryption specifications from the Trusted Computing Group (TCG) form the most common framework for SEDs today. In terms of attack mitigation, the locked SED rejects I/O commands unless the user first supplies the correct password to unlock the SSD. Even if the attacker unsolders the NAND memory chips from the SSD’s board and puts them into a NAND chip reader, the attacker would have to crack military-grade encryption such as AES-256 or ECDSA-256 to read the data.



What makes for a good SED?

An effective SED is one that combines best practices for standards, design, configuration and usage. All of these factors have to align for the SED to accomplish its security mission. Regarding standards, cryptographic algorithms used by the drive must be compliant with National Institute of Standards and Technology (NIST) SP800-175B. This is the guideline for using cryptographic standards in federal government. It is used to protect sensitive information in transmission and in storage. Drives that comply with the Federal Information Processing Standards (FIPS) can be used in more demanding

scenarios. FIPS drives go through a deep validation process that requires a tight collaboration between the government, an accredited lab and the SSD manufacturer. Every aspect of the SSD design and manufacturing process are validated to ensure the product truly meets all the requirements for secure data management and encryption key handling.

Once a drive is certified, the manufacturer cannot modify the firmware or the hardware without going through another lengthy process. Phison takes security very seriously. All of its SSDs are based off the same security code and techniques, though only FIPS-validated products can be sold as FIPS-certified drives.

When it comes to features and design, an SED must be built for resilience. In addition, its firmware needs a strong cryptographic signature to prove it is valid and unmodified. Add to this a cryptographic quality random number generator that is compliant with NIST SP800-90, the NIST recommendation for random number generation using deterministic random bit generators—or another equivalent nation-specific standard. The SED must also run continuous health checks on the random number generator.

The SED has to be designed in such a way that all secrets on the drive are protected, even if an attacker can access the NAND chips directly. This means, for example, not storing a password file on the drive. Even hashing the password is not good enough. A GPU can execute millions of hashes per second and discover the password through brute force. A better approach is to use a key wrapping scheme such as those defined in NIST SP800-132, recommendation for password-based key derivation. These are far harder to break than simple hash comparisons.

Additional best practices and configuration recommendations include implementing robust key management and secure deleting. There must be no way to disable or bypass any security mechanism on an SED, even when the attacker has physical access to the drive. All encryption keys must be tightly bound to specific authorized users. All cryptographic algorithms must be tested automatically as part of the normal boot process using standard test vectors. The SSD controller must check this signature every time it boots, and before accepting a new firmware update.

All debug capabilities need to be locked down and protected by a handshaking mechanism based on a cryptographic signature, e.g., NIST SP800-56B, recommendation for pair-wise key establishment schemes using integer factorization cryptography or a similar nation-specific equivalent definition. When debug capabilities are successfully enabled, the SSD must zeroize all keys immediately before granting debug access. Dummy or non-enabled users cannot have a copy of the encryption keys.


Do SEDs help prevent ransomware?

One question that comes up frequently in the storage field is “Do SEDs help prevent ransomware?” They do if the partition is locked, but once the user logs in, the SSD has no way of knowing which IO is good or bad. To address ransomware, we need an SSD with an integrated AI to detect the odd pattern used by ransomware. Phison has such a product, but whether such a product is needed depends on your threat environment.



Phison’s offerings

Phison offers a wide range of SEDs that meet the TCG standards. It also has FIPS 140-3 Level 2 certified products along with AI-enabled solutions to protect against ransomware. They are the first and only SEDs with cybersecurity built into their firmware. The firmware integration places a drive’s defense mechanisms below the host’s software, OS and BIOS firmware. They are based on Cigent Secure SSD™ drives, which were originally developed for U.S. government and military use.



Standard drives are not secure enough in a world of advanced threats and physical theft of devices. SEDs offer a solution by automatically encrypting data on the drive without any need for software. They have encryption capabilities onboard. To work best, however, an SED should be designed to meet the criteria of NIST standards for encryption, random number generation and more. Configuration and usage practices also matter. The way an SED is used is as important as how it’s built when it comes to protecting the data it stores.


The Foundation that Accelerates Innovation™