Self-encrypting drives (SEDs), such as Intel's SSD 320 and 520 series, are widely believed to be a fast and secure alternative to software-based solutions like TrueCrypt and BitLocker. We systematically evaluate the security of SEDs and compare it with common solutions based on software. We take the natural threat model of disk encryption as a basis, i.e., we focus on attacks in which an attacker has physical access to his target. We show that, depending on the specific hardware configuration of the system, (1) for most settings in which a known attack on software-based FDE exists, there exists a successful attack against SEDs. These scenarios include DMA-based attacks, cold boot attacks, and evil maid attacks. In this sense, hardware-based full disk encryption (FDE) is as insecure as software-based FDE. We also show that (2) there exists a new class of attacks that is specific to hardware-based FDE. Roughly speaking, the idea of these attacks is to move an SED from one machine to another without cutting power, i.e., by replugging the data cable only. Consequently, we call these attacks warm replug attacks. Overall, only a few SED-based systems withstood more attacks than equivalent software-based FDE systems. The majority of machines is equally vulnerable in both scenarios, and some machines are arguably more vulnerable when using SEDs.
Jan 15, 2013, 7:01:32 AM