Hardware-based Full Disk Encryption (In)Security

Authors: Tilo Müller, Tobias Latzo, and Felix C. Freiling

Abstract:Self-encrypting drives (SEDs), such as Intel’s SSD 320 and 520 series, are widely believed to be a fast and secure alternative to software-based solutions like TrueCrypt and BitLocker. We systematically evaluate the security of SEDs and compare it with common solutions based on software. We take the natural threat model of disk encryption as a basis, i.e., we focus on attacks in which an attacker has physical access to his target. We show that, depending on the specific hardware configuration of the system, (1) for most settings in which a known attack on software-based FDE exists, there exists a successful attack against SEDs. These scenarios include DMA-based attacks, cold boot attacks, and evil maid attacks. In this sense, hardware-based full disk encryption (FDE) is as insecure as software-based FDE. We also show that (2) there exists a new class of attacks that is specific to hardware-based FDE. Roughly speaking, the idea of these attacks is to move an SED from one machine to another without cutting power, i.e., by replugging the data cable only. Consequently, we call these attacks hot plug attacks. Overall, only a few SED-based systems withstood more attacks than equivalent software-based FDE systems. The majority of machines is equally vulnerable in both scenarios, and some machines are arguably more vulnerable when using SEDs.

Full Paper: Self-Encrypting Disks pose Self-Decrypting Risks

Video (German 29c3 Talk): (Un)Sicherheit Hardware-basierter Festplattenverschlüsselung

More Videos: HotPlug.Desktop.mp4, HotPlug.Laptop.mp4, EvilMaid.mp4