got HW crypto? On the (in)security of a Self-Encrypting Drive series

Gunnar Alendal, Christian Kison, modg

Hardware Security Conference and Training, Hardwear.io 2015, The Hague, Netherlands, Oct 1-2, 2015


Abstract

Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread. Hardware implemented AES encryption provides fast and transparent encryption of all user data on the storage medium, at all times. In this paper we will look into some models in a self encrypting external hard drive series; the Western Digital My Passport series. We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials.

[pdf]

tags: hardware RNG, implementation / HW AES, secret-key cryptography, weak authentication attack, weak key generation attack