Enhancing Data Understanding
Rocco Gagliardi
For business users, securing data isn’t really an option – it’s mandatory. That’s never truer than for portable devices that must be encrypted to comply with the company policy or other regulations . For USB Keys, I found the Carbide USB Stick, but for external HD I was still searching an affordable solution. In this test, we evaluated the Startech encrypted external Hard Drive enclosure.
Basically, the enclosure turns a generic 2.5” SATA HD or SSD into secured AES encrypted external storage with password entry, no software is needed on the OS side, the devices is connected via standard USB3 interface. The construction quality of the enclosure is pretty good, despite the plastic used for the case and the keys. The interface is very simple, with just five LEDs indicating the status of the devices.
The unit is USB 3.0 compatible, using a Fujitsu MB86C311 USB 3.0-SATA chipset, and although this should allow USB-attached SCSI protocol (UASP) for decent throughput, it is already limited by the old SATA R.2 standard. Therefore the rate is limited to 3Gbps (SATA2). We tested the device using a standard disk test suite, with and without encryption using different file sizes. The following chart depicts the results:
The transfer rate is pretty decent and the encryption does not impact the performance.
The enclosure is built around the Fujitsu MB86C311, an evolution of the MB86C30A. The MB86C30A contains an embedded AES engine that supports two operation modes: Cipher Block Chaining (CBC), a mode for encrypting block data; and XTS, the XEX encryption mode with tweak and ciphertext stealing.
The encryption engine makes it possible to store encrypted data on HDDs, thus protecting confidential information from threats when portable devices are lost or stolen – a well-publicised problem in recent years – or to prevent data leaks when storage devices are disposed of. Also, compared to software encryption, this hardware encryption does not burden the CPU of the host PC and provides better protection of user’s data.
The encryption key is chip specific, so it is burned into the chip itself and protected by the code. This makes it relatively hard to find out, but not impossible.
Entropy measure of the decrypted block:
=========================================================================== root@ent:~/test# ent dec_block.001 Entropy = 0.180781 bits per byte.Optimum compression would reduce the size of this 100000000 byte file by 97 percent.
Chi square distribution for 100000000 samples is 24920010681.90, and randomly would exceed this value 0.01 percent of the times.
Arithmetic mean value of data bytes is 1.4229 (127.5 = random). Monte Carlo value for Pi is 3.990601360 (error 27.02 percent). Serial correlation coefficient is 0.735227 (totally uncorrelated = 0.0). =========================================================================== root@ent:~/test# ent-b dec_block.001 Entropy = 0.050111 bits per bit.
Optimum compression would reduce the size of this 800000000 bit file by 94 percent.
Chi square distribution for 800000000 samples is 782110492.86, and randomly would exceed this value 0.01 percent of the times.
Arithmetic mean value of data bits is 0.0056 (0.5 = random). Monte Carlo value for Pi is 3.990601360 (error 27.02 percent). Serial correlation coefficient is 0.493992 (totally uncorrelated = 0.0). ===========================================================================
Entropy measure of the encrypted block:
=========================================================================== root@ent:~/test# ent enc_block.001 Entropy = 7.988049 bits per byte.Optimum compression would reduce the size of this 100000000 byte file by 0 percent.
Chi square distribution for 100000000 samples is 2803150.58, and randomly would exceed this value 0.01 percent of the times.
Arithmetic mean value of data bytes is 126.1542 (127.5 = random). Monte Carlo value for Pi is 3.150669486 (error 0.29 percent). Serial correlation coefficient is 0.030260 (totally uncorrelated = 0.0). =========================================================================== root@ent:~/test# ent-b enc_block.001 Entropy = 0.999920 bits per bit.
Optimum compression would reduce the size of this 800000000 bit file by 0 percent.
Chi square distribution for 800000000 samples is 88356.65, and randomly would exceed this value 0.01 percent of the times.
Arithmetic mean value of data bits is 0.4947 (0.5 = random). Monte Carlo value for Pi is 3.150669486 (error 0.29 percent). Serial correlation coefficient is 0.010411 (totally uncorrelated = 0.0). ===========================================================================
In graphical representation:
Since the encryption key is in the chip, it is pretty clear that it can be read and then used to decode the data. But reading such data from a chip isn’t simple.
The first target of an attacker is the keyboard: the user is not forced to use a minimal code length, can just use 0
and it works; but normally a security trained user would type in something more complex like a birthday. Please, spend eight minutes watching this Numberphile video.
With this type of enclosure (there is another with a capacitive keyboard) the attacker can try to find out which numbers were used for the code, looking at the wear and tear of the substrate of the keys. The countermeasure is trivial: all code uses a permutation of all the number 0-9.
As an additional keyboard attack method, with a little engineering, and interest in the data, an attacker can put a small film of sensors between the plastic key and the button on the board and store the key sequence. It would be hard to discover and relatively easy to implement: it just took one minute to physically disassemble the enclosure and there is enough space to store the hardware required including a small CR2032. The countermeasure is also trivial: if you are a company, seal the enclosure and hope that the user constantly checks the seal.
If the attacker has both the knowledge and the tools, he can start to attack the AES key stored in the chip itself. Please refer to Fault attacks on secure chips: from glitch to flash for a good overview.
Chip related attack categories can be briefly summarised as:
Pro: cheap, easy to use, encrypts well, does not impact the computer CPU, and can be used with each Device/OS combination that supports USB HDs.
Contra: not certified, neither FIPS nor other. Relatively easy to attack. If device is lost, data access is no longer possible.
The Startech Enclosure is very cheap, provides a good encryption (in quality and performance) and can be used as first line of defense for reserved data, so just if you do not want to leave the data unencrypted.
We are going to monitor the digital underground for you!
Rocco Gagliardi
Rocco Gagliardi
Rocco Gagliardi
Rocco Gagliardi
Our experts will get in contact with you!