Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Leonid Baryudin Principal Firmware Architect, Sandforce Dmitry Obukhov Director, SSD Firmware Development Western Digital
07/27/2011
Agenda
Introduction Security Sensors Security Sensors and Data Bands Locking
Tampering Attempt Unsecure Orientation Outside Secure Area Motion Detection
Security Sensors and Data Hijacking Security Sensors as Part of Bigger Security System
2
Introduction
In contemporary Storage Security protocols like TCG (Enterprise and Opal) user of a drive must know Credentials (username and password normally) to gain access to certain data. Some Credentials (perhaps of higher Admin level) are also needed to change Credential themselves including modifying default (known to everybody) Manufacturing Credentials the procedure sometimes called Taking Ownership of the Drive as from this moment only those knowing new Credentials can access Drives data.
3
Introduction (cont.)
This method is reasonably secure but being essentially SW oriented has the following vulnerabilities:
After data band is unlocked it normally stays this way for quite a long time (authentication procedure is rather time consuming and cannot be done too often). During this time intruder can connect to the drive and get access to its data. If intruder happens to know credentials (which is especially easy for freshly manufactured drive which has only default ones), she can do what she wants with drive data even remotely (using malicious software).
4
Security Sensors
The solution is to equip drives with embedded Security Sensors which will be able to monitor certain Security Conditions (examples are on the following slides) thus providing drive with additional (to Credentials) information controlling access to drives data. If drives conditions reported by some of Security Sensors deemed to be unsecure, certain data bands may not be allowed to be unlocked even if Credentials are correct.
5
Tampering Attempt
A Drive can have a physical signal (GPIO, I2C, etc.) connected to a sensor of any type which indicates that an attempt to tamper with Drives contents may be in progress. Couple examples:
Drive could be placed into a secure enclosure, generating a tampering signal each time the secure enclosure is opened - perhaps by somebody trying to connect his laptop in an attempt to impersonate valid host and get access to the drive in an unlocked state. It can be any sort of remote sensor in the building which provides tampering attempt signal if any sort of secure perimeter has been penetrated (doors opened, alarms tripped, etc).
8
Unsecure Orientation
Data band(s) can be prevented from being unlocked if the drive is in some sort of unnatural position (tilted beyond a certain angle for example) or already unlocked band(s) can be locked if drives position becomes such. Simple accelerometer sensor can detect this. Actual value of unsecure orientation (tilt) angle depends on type of installation what is deemed to be unsecure for a drive installed in the big RAID rack can be perfectly OK for laptop.
9
Motion Detection
Drive is being moved (motion detection sensor is needed) perhaps it is being stolen in an alreadyunlocked state, affected data bands must be locked. Depending on drive usage this condition can vary. Drives installed in server racks must not be moved at all while those in laptops should only lock data bands if dropped on the ground meaning acceleration and/or speed are rather high (precise definitions are beyond the scope of this presentation).
11
12
14
Thank You!
20