For business users, securing data isn’t really an option – it’s mandatory. That’s never truer than for portable devices that must be encrypted to comply with the company policy or other regulations . For USB Keys, I found the Carbide USB Stick, but for external HD I was still searching an affordable solution. In this test, we evaluated the Startech encrypted external Hard Drive enclosure.

Features

Basically, the enclosure turns a generic 2.5” SATA HD or SSD into secured AES encrypted external storage with password entry, no software is needed on the OS side, the devices is connected via standard USB3 interface. The construction quality of the enclosure is pretty good, despite the plastic used for the case and the keys. The interface is very simple, with just five LEDs indicating the status of the devices.

Performance

The unit is USB 3.0 compatible, using a Fujitsu MB86C311 USB 3.0-SATA chipset, and although this should allow USB-attached SCSI protocol (UASP) for decent throughput, it is already limited by the old SATA R.2 standard. Therefore the rate is limited to 3Gbps (SATA2). We tested the device using a standard disk test suite, with and without encryption using different file sizes. The following chart depicts the results:

The transfer rate is pretty decent and the encryption does not impact the performance.

Security

The enclosure is built around the Fujitsu MB86C311, an evolution of the MB86C30A. The MB86C30A contains an embedded AES engine that supports two operation modes: Cipher Block Chaining (CBC), a mode for encrypting block data; and XTS, the XEX encryption mode with tweak and ciphertext stealing.

The encryption engine makes it possible to store encrypted data on HDDs, thus protecting confidential information from threats when portable devices are lost or stolen – a well-publicised problem in recent years – or to prevent data leaks when storage devices are disposed of. Also, compared to software encryption, this hardware encryption does not burden the CPU of the host PC and provides better protection of user’s data.

Encryption Hardware

• Algorithm: AES
• Mode: CBC/XTS
• Block length: 128 -bit
• Key length: 128 -bit/256 -bit (CBC mode)
• 128 -bit + 128 -bit/256 -bit + 256 -bit (XTS mode)

• Throughput: 200 Mbytes/sec (CBC mode, 128 -bit)
• 150 Mbytes/sec (CBC mode, 256 -bit)
• 300 Mbytes/sec (XTS mode, 128 -bit+128 -bit)
• 270 Mbytes/sec (XTS mode, 256 -bit+256 -bit)

The encryption key is chip specific, so it is burned into the chip itself and protected by the code. This makes it relatively hard to find out, but not impossible.

Encryption quality

Entropy measure of the decrypted block:

===========================================================================
root@ent:~/test# ent dec_block.001
Entropy = 0.180781 bits per byte.
Optimum compression would reduce the size
of this 100000000 byte file by 97 percent.
Chi square distribution for 100000000 samples is 24920010681.90, and randomly
would exceed this value 0.01 percent of the times.
Arithmetic mean value of data bytes is 1.4229 (127.5 = random).
Monte Carlo value for Pi is 3.990601360 (error 27.02 percent).
Serial correlation coefficient is 0.735227 (totally uncorrelated = 0.0).
===========================================================================
root@ent:~/test# ent-b dec_block.001
Entropy = 0.050111 bits per bit.
Optimum compression would reduce the size
of this 800000000 bit file by 94 percent.
Chi square distribution for 800000000 samples is 782110492.86, and randomly
would exceed this value 0.01 percent of the times.
Arithmetic mean value of data bits is 0.0056 (0.5 = random).
Monte Carlo value for Pi is 3.990601360 (error 27.02 percent).
Serial correlation coefficient is 0.493992 (totally uncorrelated = 0.0).
===========================================================================

Entropy measure of the encrypted block:

===========================================================================
root@ent:~/test# ent enc_block.001
Entropy = 7.988049 bits per byte.
Optimum compression would reduce the size
of this 100000000 byte file by 0 percent.
Chi square distribution for 100000000 samples is 2803150.58, and randomly
would exceed this value 0.01 percent of the times.
Arithmetic mean value of data bytes is 126.1542 (127.5 = random).
Monte Carlo value for Pi is 3.150669486 (error 0.29 percent).
Serial correlation coefficient is 0.030260 (totally uncorrelated = 0.0).
===========================================================================
root@ent:~/test# ent-b enc_block.001
Entropy = 0.999920 bits per bit.
Optimum compression would reduce the size
of this 800000000 bit file by 0 percent.
Chi square distribution for 800000000 samples is 88356.65, and randomly
would exceed this value 0.01 percent of the times.
Arithmetic mean value of data bits is 0.4947 (0.5 = random).
Monte Carlo value for Pi is 3.150669486 (error 0.29 percent).
Serial correlation coefficient is 0.010411 (totally uncorrelated = 0.0).
===========================================================================

In graphical representation:

Attacks

Since the encryption key is in the chip, it is pretty clear that it can be read and then used to decode the data. But reading such data from a chip isn’t simple.

The first target of an attacker is the keyboard: the user is not forced to use a minimal code length, can just use 0 and it works; but normally a security trained user would type in something more complex like a birthday. Please, spend eight minutes watching this Numberphile video.

With this type of enclosure (there is another with a capacitive keyboard) the attacker can try to find out which numbers were used for the code, looking at the wear and tear of the substrate of the keys. The countermeasure is trivial: all code uses a permutation of all the number 0-9.

As an additional keyboard attack method, with a little engineering, and interest in the data, an attacker can put a small film of sensors between the plastic key and the button on the board and store the key sequence. It would be hard to discover and relatively easy to implement: it just took one minute to physically disassemble the enclosure and there is enough space to store the hardware required including a small CR2032. The countermeasure is also trivial: if you are a company, seal the enclosure and hope that the user constantly checks the seal.

If the attacker has both the knowledge and the tools, he can start to attack the AES key stored in the chip itself. Please refer to Fault attacks on secure chips: from glitch to flash for a good overview.

Chip related attack categories can be briefly summarised as:

• Side-channel attacks: techniques that allow the attacker to monitor the analog characteristics of power supply and interface connections and any electromagnetic radiation
• Software attacks: use the normal communication interface and exploit security vulnerabilities found in the protocols, cryptographic algorithms, or their implementation
• Fault generation: use abnormal environmental conditions to generate malfunctions in the system that provide additional access
• Microprobing: can be used to access the chip surface directly, so we can observe, manipulate, and interfere with the device
• Reverse engineering: used to understand the inner structure of the device and learn or emulate its functionality; requires the use of the same technology available to semiconductor manufacturers and gives similar capabilities to the attacker

Attack Method Summary

• Non-invasive attacks (low-cost)
  • observe or manipulate the device without physically tampering with it
  • require only moderately sophisticated equipment and knowledge to implement
• Invasive attacks (expensive)
  • almost unlimited capabilities to extract information from chips and understand their functionality
  • normally require expensive equipment, knowledgeable attackers and time
• Semi-invasive attacks (affordable)
  • semiconductor chip is depackaged but the internal structure of it remains intact
  • fill the gap between non-invasive and invasive types, being both inexpensive and easily repeatable

Timeframe Summary

• Initial evaluation time for all attacks from 1 week – 1 month
• Invasive attacks (microprobing)
  • 1 day with FIB and probing station
• Semi-invasive attacks (side-channel and fault attacks)
  • 1 week/1 hour with optical emission analysis
  • 1 hour with optical fault injection attack
• Non-invasive attacks (side-channel attacks)
  • 1 day with low-cost DPA setup: resistor in VCC core supply line, oscilloscope with active probe and PC with MatLab software
  • 1 hour/10 minutes with commercial DPA tools
  • 1 second with QVL-E board using special SCA sensor from QVL
  • 0.01 second with QVL/Espial tester using breakthrough approach to power analysis technique from QVL

Summary

Pro: cheap, easy to use, encrypts well, does not impact the computer CPU, and can be used with each Device/OS combination that supports USB HDs.

Contra: not certified, neither FIPS nor other. Relatively easy to attack. If device is lost, data access is no longer possible.

The Startech Enclosure is very cheap, provides a good encryption (in quality and performance) and can be used as first line of defense for reserved data, so just if you do not want to leave the data unencrypted.

About the Author

Rocco Gagliardi has been working in IT since the 1980s and specialized in IT security in the 1990s. His main focus lies in security frameworks, network routing, firewalling and log management.

Links

• http://www.cl.cam.ac.uk/~sps32
• http://www.scip.ch/en/?labs.20131114
• http://www.startech.com/HDD/Enclosures/Encrypted-External-Hard-Drive-Enclosure-Portable-SATA-HDD~S2510BU3PWPS