Paper 2015/1002

got HW crypto? On the (in)security of a Self-Encrypting Drive series

Gunnar Alendal, Christian Kison, and modg

Abstract

Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread. Hardware implemented AES encryption provides fast and transparent encryption of all user data on the storage medium, at all times. In this paper we will look into some models in a self encrypting external hard drive series; the Western Digital My Passport series. We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials.

Note: Presentation slides: http://hardwear.io/wp-content/uploads/2015/10/got-HW-crypto-slides_hardwear_gunnar-christian.pdf

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
HW AESsecret-key cryptographyweak key generation attackweak authentication attackhardware RNG
Contact author(s)
alendal @ nym hush com
History
2015-10-15: received
Short URL
https://ia.cr/2015/1002
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1002,
      author = {Gunnar Alendal and Christian Kison and modg},
      title = {got HW crypto? On the (in)security of a Self-Encrypting Drive series},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1002},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/1002}},
      url = {https://eprint.iacr.org/2015/1002}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.