Hard Disk Encryption Tool: Startech Enclosure

Hard Disk Encryption Tool

Startech Enclosure

Rocco Gagliardi
by Rocco Gagliardi
time to read: 11 minutes

For business users, securing data isn’t really an option – it’s mandatory. That’s never truer than for portable devices that must be encrypted to comply with the company policy or other regulations . For USB Keys, I found the Carbide USB Stick, but for external HD I was still searching an affordable solution. In this test, we evaluated the Startech encrypted external Hard Drive enclosure.

Features

Basically, the enclosure turns a generic 2.5” SATA HD or SSD into secured AES encrypted external storage with password entry, no software is needed on the OS side, the devices is connected via standard USB3 interface. The construction quality of the enclosure is pretty good, despite the plastic used for the case and the keys. The interface is very simple, with just five LEDs indicating the status of the devices.

Views of the Startech Encrypted External Hard Drive Enclosure - click to enlarge

Performance

The unit is USB 3.0 compatible, using a Fujitsu MB86C311 USB 3.0-SATA chipset, and although this should allow USB-attached SCSI protocol (UASP) for decent throughput, it is already limited by the old SATA R.2 standard. Therefore the rate is limited to 3Gbps (SATA2). We tested the device using a standard disk test suite, with and without encryption using different file sizes. The following chart depicts the results:

Data Transfer Rates - encrypted vs. unencrypted by block size - click to enlarge

The transfer rate is pretty decent and the encryption does not impact the performance.

Security

The enclosure is built around the Fujitsu MB86C311, an evolution of the MB86C30A. The MB86C30A contains an embedded AES engine that supports two operation modes: Cipher Block Chaining (CBC), a mode for encrypting block data; and XTS, the XEX encryption mode with tweak and ciphertext stealing.

The encryption engine makes it possible to store encrypted data on HDDs, thus protecting confidential information from threats when portable devices are lost or stolen – a well-publicised problem in recent years – or to prevent data leaks when storage devices are disposed of. Also, compared to software encryption, this hardware encryption does not burden the CPU of the host PC and provides better protection of user’s data.

Encryption Hardware

The encryption key is chip specific, so it is burned into the chip itself and protected by the code. This makes it relatively hard to find out, but not impossible.

MC86C311B Blocks - click to enlarge

Encryption quality

Entropy measure of the decrypted block:

===========================================================================
root@ent:~/test# ent dec_block.001
Entropy = 0.180781 bits per byte.

Optimum compression would reduce the size of this 100000000 byte file by 97 percent.

Chi square distribution for 100000000 samples is 24920010681.90, and randomly would exceed this value 0.01 percent of the times.

Arithmetic mean value of data bytes is 1.4229 (127.5 = random). Monte Carlo value for Pi is 3.990601360 (error 27.02 percent). Serial correlation coefficient is 0.735227 (totally uncorrelated = 0.0). =========================================================================== root@ent:~/test# ent-b dec_block.001 Entropy = 0.050111 bits per bit.

Optimum compression would reduce the size of this 800000000 bit file by 94 percent.

Chi square distribution for 800000000 samples is 782110492.86, and randomly would exceed this value 0.01 percent of the times.

Arithmetic mean value of data bits is 0.0056 (0.5 = random). Monte Carlo value for Pi is 3.990601360 (error 27.02 percent). Serial correlation coefficient is 0.493992 (totally uncorrelated = 0.0). ===========================================================================

Entropy measure of the encrypted block:

===========================================================================
root@ent:~/test# ent enc_block.001
Entropy = 7.988049 bits per byte.

Optimum compression would reduce the size of this 100000000 byte file by 0 percent.

Chi square distribution for 100000000 samples is 2803150.58, and randomly would exceed this value 0.01 percent of the times.

Arithmetic mean value of data bytes is 126.1542 (127.5 = random). Monte Carlo value for Pi is 3.150669486 (error 0.29 percent). Serial correlation coefficient is 0.030260 (totally uncorrelated = 0.0). =========================================================================== root@ent:~/test# ent-b enc_block.001 Entropy = 0.999920 bits per bit.

Optimum compression would reduce the size of this 800000000 bit file by 0 percent.

Chi square distribution for 800000000 samples is 88356.65, and randomly would exceed this value 0.01 percent of the times.

Arithmetic mean value of data bits is 0.4947 (0.5 = random). Monte Carlo value for Pi is 3.150669486 (error 0.29 percent). Serial correlation coefficient is 0.010411 (totally uncorrelated = 0.0). ===========================================================================

In graphical representation:

Encrypted and Decrypted Blocks - Click to Enlarge

Attacks

Since the encryption key is in the chip, it is pretty clear that it can be read and then used to decode the data. But reading such data from a chip isn’t simple.

The first target of an attacker is the keyboard: the user is not forced to use a minimal code length, can just use 0 and it works; but normally a security trained user would type in something more complex like a birthday. Please, spend eight minutes watching this Numberphile video.

With this type of enclosure (there is another with a capacitive keyboard) the attacker can try to find out which numbers were used for the code, looking at the wear and tear of the substrate of the keys. The countermeasure is trivial: all code uses a permutation of all the number 0-9.

As an additional keyboard attack method, with a little engineering, and interest in the data, an attacker can put a small film of sensors between the plastic key and the button on the board and store the key sequence. It would be hard to discover and relatively easy to implement: it just took one minute to physically disassemble the enclosure and there is enough space to store the hardware required including a small CR2032. The countermeasure is also trivial: if you are a company, seal the enclosure and hope that the user constantly checks the seal.

If the attacker has both the knowledge and the tools, he can start to attack the AES key stored in the chip itself. Please refer to Fault attacks on secure chips: from glitch to flash for a good overview.

Chip related attack categories can be briefly summarised as:

Attack Method Summary

Timeframe Summary

Summary

Pro: cheap, easy to use, encrypts well, does not impact the computer CPU, and can be used with each Device/OS combination that supports USB HDs.

Contra: not certified, neither FIPS nor other. Relatively easy to attack. If device is lost, data access is no longer possible.

The Startech Enclosure is very cheap, provides a good encryption (in quality and performance) and can be used as first line of defense for reserved data, so just if you do not want to leave the data unencrypted.

About the Author

Rocco Gagliardi

Rocco Gagliardi has been working in IT since the 1980s and specialized in IT security in the 1990s. His main focus lies in network routing, firewalling and log management.

Links

You need support in such a project?

Our experts will get in contact with you!

×
Office 365 Teams Security

Office 365 Teams Security

Rocco Gagliardi

Phishing Protection

Phishing Protection

Rocco Gagliardi

Logging

Logging

Rocco Gagliardi

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here