Are hard drive manufacturers making a meal of securing data?

“Hospital lost patient data” (…unencrypted), “ministry of defense laptop stolen” (…unencrypted), “hard disk with confidential defense information on Ebay” (…unencrypted), reports like these have haunted us for the last couple of years with an ever increasing frequency and publicity.

Mobile data processing has become commonplace whereas adequate protection of the respective data hasn’t yet.

You may not realise it, but it doesn’t really require rocket science to protect these data appropriately. Full Disk Encryption (FDE), for instance, guarantees that any data on a PC’s hard disk is encrypted, without the user having to care about which files need to be protected and which not.

With TrueCrypt, the open source community provides a free product targeted for private use, and with SafeGuard Device Encryption, Sophos offers a software solution for the corporate market, addressing the additional needs of business users, such as central management and password recovery in case of a forgotten password.

Some time ago, hard disk vendors stepped into the market with self-encrypting hard disks to fill the same gap.

These drives offer encryption performed in the hard disks themselves rather than in some software layer above. And indeed, the advantages of such a hardware-based solution are compelling: Encryption right at the source of data, no performance penalty, data encryption independent of the operating system on top, and no sensitive keys exposed in RAM, just to name a few.

Back in 2007, Seagate pioneered this technology with its Momentus drive series, and Hitachi followed soon. All their solutions, however, were proprietary, and required remarkable efforts in software development when it came to a powerful management on top of the very data encryption, as required by enterprise users.

Eventually, Seagate and the like recognized this deficit, and teamed up with the Trusted Computing Group (TCG) to develop a vendor-independent standard for self-encrypting hard disks. In January 2009, they finalized the Opal standard and announced it to the public.

Hard disk on a plate

But where do we stand today, nine months after release of the specification?

Actually, Opal-compliant hard disks are still few and far between. Fujitsu seems to be able to sell a few models, and also Hitachi.

With Seagate, however, you don’t really know. Initially one of the driving forces behind Opal, they seem to have abandoned the standard again, and pursue another proprietary approach, as currently shipped with Dell noteboks. Toshiba announces its Opal hard disks to be available in the 1st quarter of 2010.

Apparently, also the notebook vendors are quite reluctant in adopting Opal hard disks, as the integration requires some adaptations in their BIOS. I haven’t been able to find any vendor that aggressively promotes notebooks with Opal-compliant hard disks.

The picture becomes even more embarrassing once we try to figure out what crypto is actually used behind Opal. The specification mandates AES with 128 or 256 bit keys, both of which are a safe choice.

However, it does not mandate which operation mode to use for AES. Current software FDE solutions all use Cipher Block Chaining (CBC) or even more advanced modes (such as XTS). Most Opal vendors, though, do not state which operation mode they use for AES.

Digging a little deeper I was able to reveal why: Several Opal vendors submitted their hard disks to the American NIST institute for FIPS 197 certification of the AES algorithm. The respective evaluation reports reveal that partly the Electronic Code Book (ECB) operation mode is still used (e.g. with Hitachi disks).

In this mode, identical clear text blocks encrypt to identical cipher text blocks, which opens up the disk to known-plaintext attacks. This mode is considered insufficient for Full Disk Encryption, therefore no vendor of software-based FDE dares to offer it.

It simply looks like an existing batch of ECB crypto chips needs to be silently rolled out to oblivious customers before the vendors will eventually come up with adequately secure cryptography.

Sad enough, 10 months after the publication of the Opal specification many hard disk vendors are not yet able to deliver secure products, if any products at all. This is astonishing, as all big players have been working out this standard for several years, and should have been able to develop and ship their products a short time after.

Yet, the technology itself is very promising, and will – once implemented properly – give the market for FDE solutions an exciting push to higher performance.

I’m still looking forward to seeing the big vendors market their Opal disks with flashy ads and adequate cryptography rather than snake oil technology. Maybe in another year things will be clearer.

Sophos is definitely eager to embrace this standard, once matured, with top-notch management and recovery tools for the corporate user.

* Image source: Limaoscarjuliet’s Flickr photostream (Creative Commons)