Government should lead transition to self-encrypting drives

I've recently written about a new standard published by the Trusted Computing Group (TCG) for self-encrypting drives. With this standard, Fujitsu, Hitachi, Seagate, Toshiba, and Western Digital are shipping or will soon ship self-encrypting hard drives for laptop computers. This in turn should prompt a transition, where users will opt for systems with self-encrypting drives rather than install encryption software utilities.

To me, this conversion is inevitable since hardware-based cryptographic processing tends to lead to superior security and performance while eliminating the muss and fuss around software procurement, installation, and maintenance.

Given these benefits, I believe that the U.S. federal government should make self-encrypting drives a new standard for all federal system purchases. This would not only enhance the security of private data on federal systems but also help jump-start this tech industry transition. This is a perfect opportunity for the federal government to take the lead because:

1. Demand for encryption remains high. In 2006, the Office of Management and Budget instructed civilian agencies to put a plan together for laptop security within 45 days. Subsequent to this plan, agencies were supposed to encrypt all laptops. According to several estimates, somewhere between 50 percent and 60 percent of these laptops remain unprotected. If all new systems contain self-encrypting drives, federal agencies can focus their attention on a stop-gap plan for aging systems in the field.

2. The federal government has programs and people in place. The Department of Defense and General Services Administration have already established a "Data at rest Tiger Team" to address this problem in the defense community. It is safe to assume that this team knows what's out there, which systems are still vulnerable, and which ones are up for replacement. Adding systems with self-encrypting drives could provide this team with a new tool to accelerate this effort.

3. Self-encrypting drives could help secure the new Federal Desktop Core Configuration (FDCC). To improve security, federal officials are in the process of defining a set of FDCC guidelines for laptops and desktops. With self-encrypting drives, these systems will be secure upon delivery.

4. The Defense Department is slim on procurement people. Just last week, a team of experts told a Senate committee that the Defense Department is constrained by a lack of procurement people. OK, so here's a thought. Wouldn't it be more efficient to purchase systems with self-encrypting drives once rather than purchase systems and then purchase software? Oh, and self-encrypting drives would also eliminate the systems integration burden as well.

I could go on and on, but I think I've made my point. The federal government could improve security, lead the industry, and lower costs by embracing self-encrypting drives for all new systems. This should be plenty of motivation for federal agencies such as the General Services Administration, the Department of Defense, and others in the Beltway to get busy.

[fazalmajid]

As always, the devil is in the details, specifically how the encryption keys will be managed. Switching the entire government's IT systems to these drives is a non-trivial undertaking.

[gsekse]

OOHH, and conveniently, I'm sure the government will insist that the drive encryption have backdoor or be hackable in some other fashion? Not to sound paranoid, but I don't like the idea of hardwired encryption in a world where the durability of a set encryption type is measured in months instead of years these days. Now if I can update the firmware now and then, well then maybe. As long as I have some ability to control the level of encryption, I would have some faith in it.

[lallen1]

One of the major benefits of self encrypting drives is that the encryption keys are generated in the hardware of the drive controller, they never leave the drive and are not accessible so not only are the keys much more secure than any software based encryption, there is no need to do any encryption key management since the key that encrypts the data is always held with the data which was encrypted. In addition, self encrypting drives operate at the full media speed of the drive, so there is no performance penalty for encryption. The Trusted Computing Group storage specifications are open and public for all to examine. (www.trustedcomputinggroup.org) There are no back doors.

[Remo_Williams]

Except when the encryption gets broken, or is flawed, or is otherwise compromised... then every single drive needs to be replaced, not just a piece of software doing the job.

TrueCrypt and its kin are a better answer to this problem.

-R

[kkohnen]

If the hardware encryption does get broken, then software encryption (e. g., TrueCrypt) can be put on top of the (ostensibly broken) hardware encryption. It's not an either / or solution - you can have both forms of encryption if you're that concerned.

Bonus: If someone DOES hack your system, they'll only find that there's another encryption system that they have to deal with.

[Hunnter2k3]

Couldn't agree more.

Just get them all to use Truecrypt.
It is decently fast, decently secure, free and easily updatable.

I'd trust hardware encryption as much as i trust someone i don't know. (never)

[dethknite]

This article is completely biased and to me screams of ease of use/universal standard. How would this be more secure. It has been proven time and time again that anytime you make something universal, it becomes more inept to fail. Software encryption is by far more superior, especially open source projects such as TrueCrypt. A great example of universal standardization is Bitlocker encryption by microsoft. What about Adobe's Adept encryption for pdfs etc. They were all hacked. Same with MPAA having issues with CSS and BlueRay protection schemes. Hardware protection can be beat simply by reversing the hardware (XBox 360). If you truly value your data and want true protection, you either create your own encryption algorithm (unpublished), use open source and powerful methods, or use a combination of both.

[popsnie]

Not that it SHOULD matter, but how many American companies produce self-encrypting drives in the US? Wouldn't this pose a problem with back-doors?

[JGTIS]

Dear Jon:

I certainly agree with you that these are the best solution, however, getting self encrypting drives pre-installed in a PC does not remove the need for software licenses and products to manage them nor, as one of your readers says removes the need for key management. That is still there and more critical than ever that it be done properly lest it become the weak link in the chain.

Software is required to not only manage the keys to "UNLOCK" the drive, but as importantly for an enterprise to provide help desk and emergency capabilities that are absolutely essential for any other than individual users, for which, I do agree Truecrypt should be just fine.

Which leads us to the ideal solution which is one that supports both self encrypting drives as well as legacy drives in a totally transparent manner, thus companies can purchase what is best for them and not worry about any differences which. Opal spec or not, variations will always exist as the various vendors fight for turf in this very important battle.

JG Truth In Security

[Solaris_User]

How about we have government bureaucrats retain less information that needs to be secured, therefore improving personal privacy and security.

Just an idea..

[TSander]

How long until Steven Sprague comments on this story?

[ccwsoftware]

I don't see how encrypting the content of a drive does anything to stop leakage of sensitive or critical data. The data must be decrypted for use by applications and, more importantly, for transport. And, there's the rub -- transport. This does NOTHING to prevent leakage by transport, it only prevents theft of the data from a stolen chunk of hardware. I see this as being deceptive. "We use self-encrypting hardware, our stuff is safe." Bull. That's a false sense of security. The largest threat is now, and shall remain, leakage of the data from the secure environment. Transport.

[JGTIS]

ccwsoftware-FDE only provides security for Data At Rest (DAR), it is not intended to provide transport (DIT) or in use (DIU) security, for that you need additional products for those specific risks. The objective is to render stolen laptops unuseable is stolen, which is what it does quite well, some a bit better than others.

JG Truth In Security

[morty_a]

Self-encryption is great. But it still needs to be managed. And nothing is a panacea. Some issues:

* how do you enforce password complexity standards? Most encryption schemes ultimately come down to a password. If that password isn't secure, the entire encryption scheme isn't really helping.

* What happens if the user forgets their password, or dies? How can the agency regain access to the hardware and data? Is there a way for the agency to escrow access? [Note: this is not like a back door, because the agency owns the device.]

* If the disk has a partial failure (i.e. bad sectors), does this impact the ability of tools to recover that data?

* servers need to be able to boot unattended. Encryption requires something to be done during boot. How do servers work?

[JGTIS]

Morty_a:

Talking only from an Enterprise point of view here are the answers to each of your very good points:

Enforcing pw complexity is accomplished by/via Active Directory, so whatever a company chooses will be enforced when working with the SED. Of course, if you company does not do a good job they, you will have a very weak link in your security chain.

Most enterprise solutions provide a number methods to recover/unlock an encrypted drive if a user forgets his/her pw, including Help Desks, Administrative overrrides and the archival of emergency recovery information to name a few.

Any failure of the disks behaves not differently than on an unencrypted drive. If a sector goes bad the sector cannot be read and that does not affect the rest of the sectors. This is because each sector is encrypted individually and independently from any other sector

Servers are an entirely different issue but there is an OPAL spec coming out for that as well. Remember that FDE was primarily designed for laptops.

JG Truth In Security

[morty_a]

@JGTIS:

I am well aware that there are answers to many of these points in our existing software-only "data at rest" encryption regime. However, actually implementing these "answers" requires additional software and integration work. The article glosses over this with statements such as "If all new systems contain self-encrypting drives, federal agencies can focus their attention on a stop-gap plan for aging systems in the field." Another statement in this article was "Oh, and self-encrypting drives would also eliminate the systems integration burden as well." The article seems to think that self-encryption drives are a panacea that will instantly solve this problem for new systems. The reality is very different -- federal agencies still need to deal with issues such as enforcing password policies for the drives (remember that they are self-encrypting, so the decryption needs to happen before they boot), escrowing keys, providing a password recovery capability, etc.

Self-encrypting drives are great, but they are not a magic wand that will solve this problem instantaneously.

[JGTIS]

morty_a:

I couldn't agree with you more.
An SED is technically a Self-Encrypting drive, but as you clearly mention, it like a PC must be managed as simply encrypting everything is not a solution in itself.
IMHO, all new systems should be ordered with SEDs and each enterprise or government entity should select appropriate SED management software just like they selection OS's today.

Thank you for a good discussion.

JG Truth In Security