Cryptology ePrint Archive: Report 2015/1002

got HW crypto? On the (in)security of a Self-Encrypting Drive series

Gunnar Alendal and Christian Kison and modg

Abstract: Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread. Hardware implemented AES encryption provides fast and transparent encryption of all user data on the storage medium, at all times. In this paper we will look into some models in a self encrypting external hard drive series; the Western Digital My Passport series. We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials.

Category / Keywords: implementation / HW AES, secret-key cryptography, weak key generation attack, weak authentication attack, hardware RNG

Date: received 15 Oct 2015

Contact author: alendal at nym hush com

Available format(s): PDF | BibTeX Citation

Note: Presentation slides: http://hardwear.io/wp-content/uploads/2015/10/got-HW-crypto-slides_hardwear_gunnar-christian.pdf

Version: 20151015:201703 (All versions of this report)

Short URL: ia.cr/2015/1002

Discussion forum: Show discussion | Start new discussion