

Autothysis SSD drives impede unauthorised access - ddinh
http://securedrives.co.uk/index.php?route=product/category&path=73_75

======
AlyssaRowan
I have not (yet?) evaluated this device. I do however have a couple of initial
comments.

Only the (TI) security processor itself had a FIPS 140-2 Level 3 crypto
engine. However this device _as a whole_ has no certifications I am aware of,
FIPS, CESG or anywhere else (let's leave aside for a moment the flaws of the
certification processes). Given its claims, the threat model and what it tries
to do, that is actually surprising. It should be aiming for 140-2 Level 4,
with claims like that. There are not a lot of 140-2 Level 4 devices around at
all…

They say "flipped". _Do_ they mean "zeroized"?

There are a few pitfalls with disk encryption. They mention AES-256-CBC. That
is not a wide-block mode. So how are the IVs defined? Do they use an encrypted
salt-sector IV? A plain one? Is any diffuser used? Is there any integrity
protection?

I do not see that this provides a meaningful level of security which is even
comparable to, say, (the late) TrueCrypt.

~~~
jfindley
I'm far from being a hardware expert, but I thought it was curious that they
used CBC rather than something like XTS. Is there a reason that CBC is more
appropriate when used at the hardware (as opposed to filesystem) level, or is
this simply just a rather suspect choice?

~~~
AlyssaRowan
Probably it was already in the microcontroller they're using. XTS was only
FIPS-approved in 2010, iirc. Plenty of other things use CBC, and XTS also has
plenty of pitfalls for the unwary who think it works magic (particularly when
it comes to the adaptive ciphertext observation/modification class of attacks,
in the absence of integrity protection).

Speaking of magic, I've just realised one big potential problem that's been
bugging me about this, which finally leaped out at me.

Destruct is controlled via SMS? That is to say, unless they've been
_unbelievably_ careful about shielding and optoelectronic coupling (and from
the photos, they haven't) there's almost certainly a GSM transceiver, inside
the security boundary, near the data paths.

Oops.

Those familiar with EMSEC will know why this could present a Big Problem™. My
first port of call, attacking one of these, rather than stealing it, would
probably be to sit in the car park with a femtocell and a directional antenna,
and make sure the device gets _really loud_ GSM reception. And see what
crosstalk gets modulated back. :)

(If you don't think this is a realistic attack for you, why are you in the
market for Mission Impossible gadgets anyway? Use TrueCrypt or dm-crypt or
DiskCryptor or something. At least you can analyse how they work more easily.)

Similarly, if it's made by, or spiked by, a malicious actor, it's got scope to
go kleptographic on your ass and covertly transmit your data. Need to be
careful about that.

------
danbruc
1\. Use a GSM yammer to prevent self-destruction by SMS.

2\. Steal the laptop and get out of the range of the token quickly to prevent
self-destruction via the token. I could not find how drive and token
communicate but you can probably jam it, too, for example Bluetooth.

3\. Keep the battery charged to prevent self-destruction by low battery level
and set up a femto cell - without connection to the real GSM net, of course -
to prevent self-destruction by GSM starvation and SMS.

Now you should at least have all the time you need.

~~~
wjkm
They also sell devices called Data Security Protocol Switches (DSPS) which
completely prevent your method from working.

"A Signal Proximity (SP) option means that any registered AutothysisDSP
computer hard drive that leaves the vicinity of the DSPS signal will
automatically self-destruct. This protects against theft and someone walking
out the room with a computer. Likewise if a jamming of the DSPS signal is
tried in an attempt to thwart the security protocol the registered DSPS hard
drives will self-destroy."

~~~
riquito
Ok, now I wonder: couldn't you harass people using this technology by jamming
the DSPS signal until they give up on it and choose something else? I bet that
these hard drives are costly enough so that it becomes a problem fast.

~~~
desdiv
The people who use these devices fall under two broad categories: those who
operate within the law and those who operate outside of it. In the former
case, any jamming can be solved by a call to the FCC to the effect of:
"Someone has been operating a jammer near our office. We think it might be a
van parked nearby with the license plate 123456." In the latter case, any
jamming could mean that the authorities have caught on to them and that they
should start destroying all physical evidence. The drive would serve as a
canary, so to speak.

------
listic
Does this offer more security than hardware encryption e.g. in latest Intel
and Samsung drives? These drives can transparently encrypt all the content
with 256-bit AES; the password is ATA password.

They lost me at "Firstly the encryption key is flipped". What does this mean?

~~~
jwr
I always wonder why this kind of drive-internal encryption comes up in serious
discussions. To me it makes no sense whatsoever: I have no way of checking if
the drive actually encrypts the data, I don't know what happens to my
password, where is it stored, who else gets access to it (or my data), etc.

How can anyone consider this "transparent" encryption to be secure?

~~~
rdc12
And that is before you consider back doors and the like

------
Perseids
I can't really see the usage scenario. If you want to transmit data securely
between A and B, use public key cryptography and the internet [1]. If you want
to protect data at rest, use full disk encryption. If you want protect the
data on a running PC against theft, then you also have to consider all the
data in the RAM (caches etc.). And if you, somehow, can prevent the attackers
from getting that, then you can again use full disk encryption.

[1] If you are really paranoid and don't want to connect the devices to the
internet, or if you don't have an internet connection at the target location,
send a messenger with a random symmetric key first. If he/she arrives safely,
send the hard drive with full disc encryption using the symmetric key next.
Via any means. You can even FedEx it.

~~~
joshvm
Your Fedex scenario wouldn't work if both the disk or key were compromised
mid-transit. You might not know that someone sneaked a glance at the key or if
they managed to clone the drive, but if they're sniffing all your mail then
you've just given them the keys and the data.

~~~
Perseids
That's why I was writing about a "messenger" specifically. I was thinking
about someone you can trust, if need be, yourself. If this messenger assures
you the key wasn't spied upon, you can use the key. If you can't even get a
courier with a sealed envelope to the location, then you probably won't get
any encrypted or otherwise protected data in there, anyway.

This level of security is ridiculous for almost everyone, of course. But we
are talking about a self destructing SSD, which you want to send via courier
to initiate the destruct, as an alternative. So I think this is a fair
comparison.

------
comex
Of course, if the drive uses internal full disk encryption, all you have to do
to fully destroy the data (or at least make it inaccessible for a long, long
time) is get rid of 16 bytes of AES key. I doubt there is no way to securely
implement this without dramatic explosions...

------
click170
I've enjoyed the idea of self-destructing data for awhile now, but it always
leads to the possibility of DoS attacks against my own data.

This smartphone app and token, how do they communicate with the drive? Does it
use cryptographic signatures to make sure that it's actually my phone talking
to the device and not someone else, or just a passcode?

Does the drive send out an alert if it receives more than X SMS messages,
where X is configurable? What's to stop someone from sending random texts to
it until it self destructs? Simply the that they don't know the phone number?

How long does the battery last?

~~~
userbinator
_but it always leads to the possibility of DoS attacks against my own data._

It depends on the nature of the data you want to store: there is some data
which you would be _concerned_ with letting others get access to but whose
_existence_ is more important, and other data where you absolutely must not
let others get access to, even if it means that _no one_ (including you) can.
This drive is designed for the latter case.

------
dsl
Does anyone have any insights on how the actual physical destruction takes
place? I would assume it is a chemical triggered by a shorted fuse?

A quick glance at the laws in California make it a felony to simply have in
your possession "any sealed device containing dry ice or other chemically
reactive material that is assembled for the purpose of causing an explosion."
The definitions for other types of destructive devices are specific to scale,
but this part is not.

~~~
ridgeguy
Perhaps not an explosion within the meaning of applicable California statutes.

Looking at the pix that show chip fragmentation, I don't see evidence of
reactive chemistry. No melted edges, no deposition of combustion products, no
missing material that would suggest propulsive transport incident to a micro
explosion caused by detonation of a tiny blob of, for example, lead styphnate
or some other primer-like compound.

Exploding wires are an old technology, and don't involve "...chemically
reactive material...". Think old-fashioned fuses, but with faster dynamics.

Maybe they have an on-board supercap that they dump into a buried trace,
producing a brief high temperature copper plasma and a shock wave that breaks
the chip?

Interesting technology, would like to know how they do the physical
destruction.

~~~
AlyssaRowan
Very nearly. Overcurrent spike to Vcc. Simple and obvious. (How'd they get a
patent? GCHQ already certified drives that do this, from Stonewood? They use
the Eclypt 600 series for their own TOP SECRET data.)

------
iandanforth
I'd like to know if the self-destruct mechanism still functions at very low
temperatures. Given that one known attack on data in RAM is to flash freeze it
(Cold Boot Attack) it is natural to think about lowering the device
temperature to the point where chemical reactions wouldn't and mechanical
devices would jam.

~~~
AlyssaRowan
That probably won't work on its own, but as part of a nutritious breakfast...

First thing I'd try: LN₂ over the case entry sensors followed by that fun
expandy foam stuff.

It probably wouldn't work first time, but next try I'd know where to
short/aim. Or shortcut that with X/gamma so I have a drill point.

------
zurn
The obvious thing to get around the "fragmentation" would be to leave the chip
on the PCB and cut the traces. Then connect your own wires or an upside-down
socket from above. Anything I'm missing?

~~~
SomeCallMeTim
That it physically destroys the chips if you open the case? Or (optionally) if
you unplug the SATA cable?

------
api
Huge problem with these schemes:

If my data is valuable, I have two fears: (1) theft, (2) loss. If my drive is
built to self-destruct, it decreases fear #1 but increase fear #2. What do I
do then? Back up my data elsewhere? But that defeats the purpose of the high
security drive. Do I get more than one high security drive? That still puts a
lot of trust in the design -- if there were a systemic flaw that caused them
all to fail or self-destruct at once I'd be out my data.

~~~
joshvm
Presumably the use case would be you want to transfer secret information from
a secure location via an insecure channel to another secure location (e.g. in
a diplomatic bag perhaps?).

This is for people who care more about knowing that the data was transferred
securely than whether it goes through at all. There would likely be a master
(backed up) copy on an internal air-gapped machine.

~~~
vidarh
Or when data is temporarily removed / copied from the highest security
locations.

E.g. I was part of maintenance on a defence system once that in itself wasn't
very important, but it was kept in an air-gapped concrete bunker with a
faraday cage deep inside the office building. Offices outside were used for
top secret data during processing, but when people were done working on
something, storage would happen in the "bunker".

I'd imagine drives like these would be popular for the offices.

------
rasz_pl
Let me secure that drive for you by connecting my M2M module and having FULL
REMOTE ACCESS TO IT ......

------
Retr0spectrum
This is really cool. I wonder if you could make a simple DIY solution using
small amounts of explosive?

~~~
underwater
Might not be the best think to take with you when you board a plane.

~~~
jotm
Do they check the internals of a laptop's hard drive nowadays? :-)

~~~
andrewchambers
chemical scans probably will detect it.

~~~
mnw21cam
Chemical scans would probably be pretty hard-pressed to detect thermite, which
is after all just aluminium and iron oxide powder. Even the magnesium starter
is non-sniffable.

------
rdc12
Hmmmm, a security measure that can't be verified without breaking the device

------
ck2
So basically a solenoid held open by a battery?

