Enterprise Self-Encrypting Drives User Guide - Part 1 100515636, Rev.
© 2015, Seagate Technology LLC All rights reserved. Publication number: 100515636, Rev. B September 2015 Seagate, Seagate Technology and the Spiral logo are registered trademarks of Seagate Technology LLC in the United States and/or other countries. Seagate, and SeaTools are either trademarks or registered trademarks of Seagate Technology LLC or one of its affiliated companies in the United States and/or other countries.
Contents 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 The fundamentals of data encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1.1 Encryption basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1.
1.0 Introduction This user guide provides a comprehensive introduction to security and full disk encryption as it is implemented in Seagate SecureTM enterprise Self-Encrypting Drive (SED) models. SED models communicate with a host system using the standard protocol defined by the Trusted Computing Group (TCG), an organization sponsored and operated by companies in the computer, storage and digital communications industry. Most of the published material on this subject is in the form of standards.
1.1 The fundamentals of data encryption Before we get into the specifics of Self-Encrypting Drives (SEDs) we need to have a working understanding of the encryption process. What is it and how does it work? 1.1.1 Encryption basics Encryption is a process whereby a plain text or clear text message is disguised in such a way as to hide its meaning.
It isn’t rocket science to deduce that our decryption engine would need to perform a similar but opposite function (subtraction in this case) in order to reconstitute the original message: MSUSAAAB SQ – ENIGMAENIGM => HELLO WORLD Cipher text Decryption Key Message Any prying eyes that got access to our cipher text would not be able to deduce the original plain text message unless two things were known: 1. The secret key 2. How the encryption engine works—the algorithm used to compute the cipher text.
1.1.3 Block ciphers As mentioned in our discussion on AES, we encrypt the clear text message in blocks of 128 or 256 bits at a time. In other words, we are using a block cipher in our encryption engines. Figure 2 shows how a simple block cipher called Electronic Code Book (ECB) constructs the encrypted data. Each block of plain text (P) is encrypted with the key (E) and outputs cipher text (C) ready for storage.
Now that we know something about AES and CBC, there’s one more subject that we need to visit before we take a look at how the disk drive applies and manages encryption in data storage. That subject is hash functions. 1.2 Hash functions Hash functions take an arbitrarily long string of bytes and produce a fixed size result, sometimes called the digest or fingerprint. In Figure 4, we see a string of bytes m being input to a hash function which produces a fixed size hash output h(m). Figure 4.
1.3 Drive locking In the previous section we showed that all data from the host is encrypted prior to being recorded on the media with a write command, and decrypted to plain text before being returned to the host in a read operation. So where’s the security in that? Well the answer is that there is no security implicit in the encryption process when anyone can have access to the drive, or more specifically the data encryption key (DEK).
The principal reason for employing encryption with locking is to provide security for the data that is recorded on the disk surfaces. This is usually referred to as security of data at rest. Simply put, if the disk drive loses power, as would be the case if it were removed from its owner’s system, its recorded data will be locked against unauthorized access as soon as power is reapplied.
2.0 SED disk drive overview There is no hardware difference between a standard enterprise drive and an SED (apart from the label) however the SED does undergo a set of additional manufacturing procedures which configure the security features in the drive. This configuration involves the installation of security tables, defines a set of credentials (passwords), enables the encryption engine, and initializes the system band on the media. Figure 6.
The system band is shown in Figure 6 and comprises an area at the inner radius of the media which is used by the drive to store the information needed to manage its security. Also in Figure 6 we see that the SCSI (Small Computer Systems Interface) commands from the host controller can be divided into three main categories: a. Control commands. These cause the drive to perform particular functions (e.g. Drive Reset, Start Spindle), to query or change drive parameters (e.g.
Table 1: Data access command restrictions Command User Data Accessed? (Y/N) Drive is unlocked Drive is locked PRE-FETCH Y Executable Check condition READ BUFFER (Mode 1Ch)1 Y Executable Check condition READ BUFFER N Check condition Check condition READ LONG Y Check condition Check condition READ Y Executable Check condition REASSIGN BLOCKS Y Executable Check condition VERIFY (BYTCHK=1) Y Executable Check condition WRITE AND VERIFY Y Executable Check condition WRITE BUFF
2.2 Logical ports Some specialized functions within the drive have been assigned access via a logical (or virtual) port. These functions have no physical port on the drive that may be accessed through a connector. They provide access to maintenance or diagnostic resources within the drive and are not used during normal operation. These ports do not provide access to user data and may be locked or unlocked by the owner (the password holder) at any time.
2.5 PSID PSID is the Physical owner of the drive (Physical SID). This password is assigned by Seagate during the manufacturing process and is a password that cannot be changed by the host system. The PSID credential: a. Is printed in readable format on the base of the drive label as shown in Figure 8. b. May also be provided on the label in bar code form. Figure 8.
2.6 BandMaster This password is part of the Locking SP and controls access to the user data on the media. On a non-encrypting drive, the media contains one contiguous LBA space which starts at LBA 0 and ends at LBA max. On SEDs, the LBA space is divided into two or more data bands, each of which has its own password.
2.8 Taking ownership of an SED When the drive is shipped from the factory, all of the user configurable credentials are set to the value of MSID, and the dive is unlocked ready for installation in the new host system. The drive will perform as a standard non-encrypting drive at this time with unrestricted access1, so the first thing the new owner should do is to personalize the drive to preclude the possibility of malicious access and possible Denial of Service (DoS).
A similar process is used to change the credential values (passwords) for the Locking SP rather than the Admin SP, however a look at Figure 10 will show that there are some additional parameters that need attention with BandMasterX. The ReadLockEnabled and WriteLockEnabled parameters do not lock the data band in question, they merely enable the locking mechanism and allow the parameter LockOnReset to be effective.
3.0 Storing the passwords and encryption keys Since we encrypt the user data before storing it on the media, we obviously don’t want to drop the ball when it comes to storing the drive’s keys by committing them to storage in plain text format. So what do we do to protect the integrity of the owner’s passwords and the data encryption keys? Well, let’s find out by taking a close look at Figure 11. Figure 11. Password and encryption key storage 1.
There are two important points that should be emphasized from the foregoing discussion. The first is that the drive protects the integrity of the user’s passwords by storing only their hashed values. This is true for SID and EraseMaster as well as the set of BandMaster passwords. Since a hash is a one-way function, there is no way to recover the clear text password from the stored hash.
3.1 Changing a BandMasterX password. If the host suspects that a data band password may have been compromised, it can be changed at any time as shown in Figure 12. Figure 12. Changing the data band password The initial condition is that the host has already authenticated to BandMasterX using the current password value then: 1. The host sends the new value for BandMasterX (new password) to the drive 2. The drive hashes the new password 3. The drive stores the new password digest on the media 4.
4.0 User data bands Unlike a standard drive, the user data area can be divided into separate data bands, each with its own password (BandMasterX) and set of locking parameters. The number of data bands available is product dependent but is never less than two. When the drive leaves the factory all of its data bands are available but only band 0 is allocated. Band 0 is also known as the global band. The global band starts at LBA(0) and continues through LBA (max).
We do not have to (nor are we allowed to) manipulate the size of band 0. The drive will automatically give up storage space from band 0 to accommodate the new bands we allocate. If we wanted to de-allocate band 1, we would simply set its range to zero and the drive would return the space to the global band. Band 0 is the only band allowed to be discontinuous. In Figure 13 we see that band 0 occupies LBAs 0 - 15, 40 – 55, and 64 – 99.
4.1 Data band rules and guidelines • At the time of shipment from Seagate: 1. The global band (band 0) occupies all of the storage space on the media, LBA (0) through LBA (max). All other data bands have their range parameter set to zero. In other words, the bands exist but they are not allocated storage space 2. All data bands have their own credential identified as BandMasterX where X is the band number. All credentials are set to the value of MSID 3.
5.0 Firmware download A firmware download operation is not a normal occurrence in the lifecycle of a drive but is a useful way to update the drive code during the later stages of drive development when it is being integrated into new customer system designs. When the system hardware and the drive hardware come together for the first time, compatibility issues may come to light which are all but impossible to predict without an operational test.
6.0 AES encryption algorithm Figure 16 is a simplified pictorial representation of the AES128 algorithm. P0 through P15 represent a block of 16 bytes (128 bits) of clear text message being input to the hardware. Each message byte is XOR’d with the corresponding byte of the encryption key (K0 through K15) and the results are fed to substitution boxes (which are just look-up tables) where each 8-bit input maps to an 8-bit output.
7.0 Asymmetric keys and digital signatures We saw back in Section 1.2 how to create a digest by hashing the clear text message. If this digest is then appended to the message itself it can provide a convenient data integrity check after transmission. This process is reviewed in Figure 17. Figure 17.
Figure 18. Using the hash digest as the sender’s signature To ensure privacy, we can take this process one stage further as shown in Figure 19. In this case, Marge signs the message as before, but before transmitting it to Alan, she encrypts both the message and the appended signature with Alan’s public key. When Alan receives the transmission, the first thing he does is decrypt the package with his private key.
Index EraseMaster 13 erasure 15 A F Admin SP 8, 9, 12 Advanced Encryption Standard 5, 9 AES 5, 9 AES128 5 AES256 5 algorithm 5 authentication key 9 Authentication keys 12 authentication keys 13 fingerprint 7 firmware download port 13 format 9 B BandMaster 13, 15 Block Ciphers 6 C H hash 19 Hash functions 7 hashing algorithm 7 host controller 11 I INCITS Technical Committee 11 Initialization Vector 6 IV 6 CBC 6 Cipher Block Chaining 6, 9 cipher text 4, 8, 12 ciphers 6 clear text 8 command restricti
Read Buffer 12 Read Long 12 Read/Write Buffer 12 Read/Write commands 18 Read/Write Long 12 repurposed 9 S scrapped 9 SCSI commands 11 Secure Hash Algorithm 7 Secure ID 13 security block 11 Security commands 11 security of data at rest 9 security tables 10 SED 8 SEDs 4 Self-Encrypting Drive 8 Self-Encrypting Drives 4 SHA 7 SHA-1 9 SHA256 7, 9 SID 13 standards 3 symmetric encryption 4 symmetric key 4 system band 10 T T10 11 TCG protocol 3 Trusted Computing Group 3 U US government 5 W Write Buffer 12 Write
Seagate Technology LLC AMERICAS Seagate Technology LLC 10200 South De Anza Boulevard, Cupertino, California 95014, United States, 408-658-1000 ASIA/PACIFIC Seagate Singapore International Headquarters Pte. Ltd. 7000 Ang Mo Kio Avenue 5, Singapore 569877, 65-6485-3888 EUROPE, MIDDLE EAST AND AFRICA Seagate Technology SAS 16-18 rue du Dôme, 92100 Boulogne-Billancourt, France, 33 1-4186 10 00 Publication Number: 100515636, Rev.