If you make the data inaccessible unless the correct key is provided, then why bother with encryption at all? It just protects the data in case someone removes the platters from the disk, which is a niche case. The ATA style SECURE LOCK password feature leaves the drive open after reset, but a more secure varient of that could be used (I think TCG is developing something along those lines).
I think it's important to be able to read the data off the drive without giving the drive the key. This allows for disk copies and image backups. If the drive is encrypted with a key from the payroll department, the IT department can perform a backup without having to know the payroll key. If concerned about security from the HBA to the drive, then some communications encryption scheme should be used (Jim Hughes always emphasizes the distinction between communications encryption and storage encryption). -- Rob Elliott, [EMAIL PROTECTED] Hewlett-Packard Industry Standard Server Storage Advanced Technology https://ecardfile.com/id/RobElliott > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of [EMAIL PROTECTED] > Sent: Wednesday, December 21, 2005 11:42 AM > To: SISWG > Subject: RE: wrong key behaviour > > >>how does the drive know if the key it is given is wrong? > There are other options, too. For example, a secure hash of the key > could be stored in the drive for each key scope (a contiguous LBA > range). Alternatively, a public key MAC. This later method has the > advantage that an attacker cannot replace it arbitrarily, even if he > rips up the drive. > > It is possible to store a disk key in the drive, which is > hard to hack. > It could be in some nonvolatile memory integrated with the crypto > engine. To get it, you have to get inside of a 65...130 nm integrated > circuit, use microelectrodes and try not to damage the circuit. A very > expensive and slow process, which uncovers some secrets for only one > drive. Nevertheless, storing all the keys on disk is not the best > solution. > > Laszlo > > > -------- Original Message -------- > > Subject: RE: wrong key behaviour > > From: "Colin Sinclair" <[EMAIL PROTECTED]> > > Date: Wed, December 21, 2005 12:04 pm > > To: "SISWG" <[EMAIL PROTECTED]> > > > > > the drive must not return any data if the wrong key is given. > > > > Not being funny, but how does the drive know if the key it > is given is wrong? Either > > > > (a) it keeps a copy of the key internally (easy to hack), or > > > > (b) it encrypts a special string and keeps that internally > (in flash or on media), or > > > > (c) it must add a crpytographically safe integrity field > computed over the plaintext on each sector > > to tell if it has been decrypted correctly. This is just > like adding authentication, and will add > > overhead. It's probably not possible to rely on CRC because > that isn't always there (vendor specific > > additional sector information). > > > > I presume the only sensible method is (b)? > > > > Colin. >
