SED/FIPS Drives - Hardware Encryption (PART 2)

Overview

A couple of weeks ago, FUTURA Cyber published an article (Part 1 of this series) which introduced some details about Self Encrypting Drives and the FIPS 140-2 variants (SEDs) along with information about our solution for managing those devices. In this article the goal is to extend your knowledge about SEDs regarding in-depth capabilities provided by the TCG OPAL 2.0+ specification. Experience has shown that most people are unfamiliar with TCG OPAL 2.0+ technical capabilities of SEDs so our goal is to help expand your specific technical knowledge in this area. This information is critical to understanding the landscape in terms of data at rest (DAR) protection capabilities available for modern storage media.

As you may recall, SEDs have a built-in cryptographic processor which ensures that data written to and read from a SED is stored encrypted and retrieved unencrypted. But encryption alone doesn't protect a SED, to fully protect the information on a SED recall that a 32-byte PIN/password must be added to the device in order to lock that device so DAR can't be read unless the device is first unlocked.   This is part of the solution that FUTURA Cyber provides with its Crypto Management Platform (FC-CMP). But rather than manually creating PINS or passwords, our software uses an automated Key Management Server (KMS) to generate and issue AES 256 keys and then uses those key’s random 32-byte values as the SED PINs/passwords.

TCG OPAL 2.0+ Specification

There is much more to the architecture of TCG OPAL 2.0+ specification and it is worth identifying some of the key features of this technology standard. The TCG OPAL 2.0+ specification is a set of security capabilities which define how to provide encryption for storage media such as spinning hard disk drives (HDD), solid state drives (SSD), and other storage media such as NVMe SSD devices. 

The standard defines not only the specification for the cryptographic processor and encryption to be used on the device but also how the media is to be physically divided, what security authorities will be used on the device to control the process and what control interfaces are available to control the various administrative systems, locking capabilities and data management mechanisms. 

Encryption

TCG OPAL 2.0+ devices are encrypted using an onboard cryptographic processor. When the SED is factory configured the onboard cryptographic processor creates a Data Encryption Key (DEK) for that device. The default password on the device which is applied automatically (i.e. it doesn’t have to be entered) is called the Manufacturers Secure ID (MSID). The MSID, or default password, is used to encrypt the DEK and the DEK is used to encrypt and decrypt information being saved or retrieved from the SED storage device.  

The MSID or any PIN/password set on a SED is used to encrypt the DEK and is referred to as the Key Encryption Key (KEK).  Think of the KEK as an encryption key for the encryption key used to encrypt/decrypt data on the SED storage device.

There are TCG OPAL 2.0+ commands that are issued to the drive not only to set the PIN/password but also to reset the device to its factory state and recreate the DEK.  When FC-CMP updates a drives PIN/Password it replaces the default MSID with an AES 256 unique key. This causes the KEK to be updated in a fashion that is non-destructive to the data on the storage device. 

The TCG OPAL 2.0+ specification provides commands to revert a storage devices’ PIN/password setting to the default MSID for the device.  Of course, you must know or have at hand the existing PIN/password (i.e. the KEK) in order to change to a new PIN/password or revert to the MSID. Should the KEK be destroyed, this effectively locks the device forever requiring a factory reset which destroys all the data on the device because the DEK is no longer accessible to decrypt that information.

NOTE: Secure erase is accomplished on a SED by destroying the KEK and forcing a new DEK to be created.

Physical Secure ID

On the front of each SED storage device (or printed somewhere on the device or its accompanying information) is a 32-byte alpha-numeric code called a Physical Secure ID (PSID). This value can be used to revert the SED storage device to its manufacturer factory state. It is essential that before a drive becomes managed as a SED device, the PSID is used to reset it to factory default settings. You should also record the PSID in a safe fashion. Reverting the device via the PSID is an essential first step in most SED TCG OPAL command sequences. FC-CMP can be used to record PSID information for each drive to be configured by the software in our encrypted internal database.

Banding

TCG OPAL 2.0+ devices can be subdivided into different sub-ranges for more granular control of the storage medium. The concept is like partitioning as it is a way to break up larger storage devices into smaller parts; however, it is NOT partitioning which is typically an operating system level function, rather bands function to physically allocate space on the device prior to installation of any operating system or control software. On a SED storage device with bands, partitions would be placed inside of a band as required by the administrator. 

The figure below shows an HDD with 5 bands. SEDs always use Band 0 which references the entire drive. The drive is then further broken down into Bands 1, 2, 3, 4 and so on as defined by the manufacturer of the SED storage device. These typically follow sequentially on the device based on storage block address – this is different for different types of media such as SDD or HDD devices.

Depending how the storage device manufacturer has implemented the standard, some TCG OPAL and Enterprise 2.0+ drives can have between 8 and 18 storage bands. Check with your SED manufacturer documentation to ensure your understanding of the capabilities of your specific SED storage device.

The nice thing about SED Bands is that each band can have its own 32-byte PIN/password further adding to the security of the storage device. The PIN/passwords for each band can also be configured using AES 256 keys as the source of the 32-byte PIN/password value. In fact, FC-CMP is designed to help create bands and apply PIN/passwords to each band using the KMIP Key Management Server.

A completely hypothetical example use case might be helpful to understand drive bands so consider a situation where a portable SED device (perhaps with a USB interface) needs to be securely shared with 5 different people. Each person has his/her own data and the others must not see that information. To do this, the admin account would create 5 bands (beyond band 0) and provide each band with its own key and band master authority. Each user would be given access only to the band containing their data. The other users would not see anything but their own data. In practice, when a user plugged in the device to his/her workstation they would be asked for the password to access his/her own band and could therefore only see his/her own data. 

Authorities

Each SED storage device has several authorities on the device that are used for authentication to the drive for a particular purpose. Think of these as authentication accounts for a specific task for example the Admin Authority provides the credentials to setup the SED storage device, create the bands and manage the overall device. Band Master 0 provides credentials to manage the bands. Band Master 1 provides the credentials to manage Band 1, Band Master 2 provides the credentials to manage Band 2 and so on. There is also an Erase Master authority which controls the ability to erase the entire drive. Each Band Master controls the ability to erase a specific band providing fine granularity and control on a band-by-band basis. 

Transport Layer Security with Pre-Shared Key

Transport Layer Security with Pre-Shared Key (TLS-PSK) support is built into SED TCG OPAL 2.0+ devices to ensure that administrative data transmitted to and from a SED storage device across the computer motherboard’s peripheral component interconnect (PCI) bus from memory to the device is encrypted in motion. This protects various authorities and PIN/password information so that it cannot be obtained through some sort of on-machine side-channel attack.  TLS-PSK doesn’t not affect or protect any normal read/write commands or data. That information still goes over the internal computer wires as clear text unless other means are used to protect it.

Conclusion and Next Steps

You are now familiar with some of the details about TCG OPAL 2.0+ SED storage devices. We discussed concepts such as the DEK, KEK, MSID and PSID. Furthermore, we introduced SED bands, Authorities and TLS capabilities. Understanding how these items work and interact is critical for successful employment of SEDs within an enterprise storage environment. The next article in this series will review the FIPS 140-2 version of SED storage devices, what FIPS 140-2 means exactly with regard to SED storage devices (and in general), what it means to be FIPS compliant and why SEDs and FIPS variants are actually different from each other.