Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

Meijer, Carlo; Gastel, Bernard van

doi:10.1109/sp.2019.00088

Cited by 25 publications

(16 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Another natural follow-on would be an investigation of modified firmware. This could include manufacturer provided firmware versions that have been altered using the findings of [4] or malware versions found in the ''wild. ''…”

Section: Discussionmentioning

confidence: 99%

“…Representative of the former, Bogaard and Bruijn demonstrated the feasibility of inserting a functioning backdoor into open-source SSD firmware [11] but recognized that this would be significantly more difficult on proprietary firmware where access was restricted by the manufacturer. This latter challenge has recently been overcome by Meijer and Gastel who demonstrated the ability to compromise proprietary, closed-source firmware on both Crucial and Samsung SSDs using techniques that included physical access and code injection [4]. In other related work, the firmware of SSDs has also been modified to detect and recover from ransomware attacks [12].…”

Section: Related Workmentioning

confidence: 99%

“…In 2013, KingFast inadvertently shipped a counterfeit SSD with fake NAND memory to a reviewer [3]. More recently in 2019, researchers found flaws in Crucial and Samsung SSDs that allow the encryption to be bypassed [4] and Intel was forced to release a patch to correct a privilege escalation vulnerability in some of its enterprise SSDs [5].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Classifying Proprietary Firmware on a Solid State Drive Using Idle State Current Draw Measurements

et al. 2020

View full text Add to dashboard Cite

Solid state drives (SSDs) are coming under increased scrutiny as their popularity continues to grow. SSDs differ from their hard disk drive predecessors because they include an onboard layer of firmware to perform required maintenance tasks related to data location mapping, write performance, and drive lifetime management. This firmware layer is transparent to the user and can be difficult to characterize despite its clear potential to impact drive behavior. Flaws and vulnerabilities in this firmware layer have become increasingly common. In this work, we propose and analyze a technique to classify different versions of proprietary firmware on an SSD through the use of current draw measurements. We demonstrate that major groupings of firmware can be classified using current draw measurements not only from explicitly active drive states such as read and write but also from the low power idle state. We achieve pairwise classifications rates near 100% between firmware examples in these different major groupings. Coupling these results with firmware release information, we are able to infer major updates in the firmware timeline for the SSD we examined. We also develop an anomaly detector and achieve detection rates of 100% for samples that reside outside of the reference grouping.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Classifying Proprietary Firmware on a Solid State Drive Using Idle State Current Draw Measurements

et al. 2020

View full text Add to dashboard Cite

show abstract

“…We assume all hardware (e.g., the CPU/chipset and the storage device), microcode/firmware and other architecture-shipped modules (e.g., TXT's SINIT, see Section II) are properly implemented by the manufactures, and the user is motivated to choose a system with no known flaws. An example of such a flaw is a series of recently identified implementation bugs [43] in SED firmware implementations that highly affect data secrecy (refer to Section VI for details). 6) Attacks requiring physical access are excluded (e.g., no evil-maid attacks).…”

Section: )mentioning

confidence: 99%

TEE-aided Write Protection Against Privileged Data Tampering

Zhao

Mannan²

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Unauthorized data alteration has been a longstanding threat since the emergence of malware. System and application software can be reinstalled and hardware can be replaced, but user data is priceless in many cases. Especially in recent years, ransomware has become high-impact due to its direct monetization model. State-of-the-art defenses are mostly based on known signature or behavior analysis, and more importantly, require an uncompromised OS kernel. However, malware with the highest software privileges has shown its obvious existence.We propose to move from current detection/recovery based mechanisms to data loss prevention, where the focus is on armoring data instead of counteracting malware. Our solution, Inuksuk, relies on today's Trusted Execution Environments (TEEs), as available both on the CPU and storage device, to achieve programmable write protection. We back up a copy of user-selected files as write-protected at all times, and subsequent updates are written as new versions securely through TEE. We implement Inuksuk on Windows 7 and 10, and Linux (Ubuntu); our core design is OS and application agnostic, and incurs no run-time performance penalty for applications. File transfer disruption can be eliminated or alleviated through access modes and customizable update policies (e.g., interval, granularity). For Inuksuk's adoptability in modern OSes, we have also ported Flicker (EuroSys 2008), a defacto standard tool for in-OS privileged TEE management, to the latest 64-bit Windows.

show abstract

“…Furthermore, in 2019, researchers Meijer and van Gastel [15] analysed hardware full-disk encryption of several solidstate drives (SSDs) produced by three manufacturers between 2014 and 2018 using internal SATA and NVMe interfaces or external USB interface. e analysis was done by RE (reverse engineering) the firmware of those devices.…”

Section: Introductionmentioning

confidence: 99%

Evaluating Encryption Algorithms for Sensitive Data Using Different Storage Devices

Sarrafpour

Alkorbi

Jamil

et al. 2020

Scientific Programming

View full text Add to dashboard Cite

Sensitive data need to be protected from being stolen and read by unauthorized persons regardless of whether the data are stored in hard drives, flash memory, laptops, desktops, and other storage devices. In an enterprise environment where sensitive data is stored on storage devices, such as financial or military data, encryption is used in the storage device to ensure data confidentiality. Nowadays, the SSD-based NAND storage devices are favored over HDD and SSHD to store data because they offer increased performance and reduced access latency to the client. In this paper, the performance of different symmetric encryption algorithms is evaluated on HDD, SSHD, and SSD-based NAND MLC flash memory using two different storage encryption software. Based on the experiments we carried out, Advanced Encryption Standard (AES) algorithm on HDD outperforms Serpent and Twofish algorithms in terms of random read speed and write speed (both sequentially and randomly), whereas Twofish algorithm is slightly faster than AES in sequential reading on SSHD and SSD-based NAND MLC flash memory. By conducting full range of evaluative tests across HDD, SSHD, and SSD, our experimental results can give better idea for the storage consumers to determine which kind of storage device and encryption algorithm is suitable for their purposes. This will give them an opportunity to continuously achieve the best performance of the storage device and secure their sensitive data.

show abstract

Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

Cited by 25 publications

References 5 publications

Classifying Proprietary Firmware on a Solid State Drive Using Idle State Current Draw Measurements

Classifying Proprietary Firmware on a Solid State Drive Using Idle State Current Draw Measurements

TEE-aided Write Protection Against Privileged Data Tampering

Evaluating Encryption Algorithms for Sensitive Data Using Different Storage Devices

Contact Info

Product

Resources

About