S 4.435 Self-encrypting hard disks

Initiation responsibility: IT Security Officer

Implementation responsibility: Administrator

To prevent unauthorised persons accessing confidential data on hard disks, these should be encrypted completely whenever possible (see also S 4.433 Use of data medium encryption). For encryption, there are hard- and software-based procedures available. In this safeguard, the hardware-based encryption in the form of self-encrypting hard disks ( also referred to as "Self-Encrypting Device", SED) is discussed. For encryption, SEDs access a special hardware crypto-controller and are thus very performant. The encryption solutions used only provide for the use by a single user; multi-user solutions are not provided for in general.

When using a self-encrypting hard disk, the IT system can no longer be suspended in the memory under certain circumstances, as all data is encrypted when switching off the hard disk and a key stored in the RAM would constitute a security risk. This aspect must be taken into account before using self-encrypting hard disks.

Self-encrypting hard disks should not be combined with a TPM module, since it is generally not possible for such a combination to decrypt the hard disk in another IT system using a master key. If the IT system is damaged in such a case, the data on the hard disk can no longer be encrypted, since the hard disk is tightly interwoven to the IT system because of the TPM module.

For self-encrypting hard disks, AES with key lengths of 128 to 256 bits is used in general. The key used to encrypt the information is referred to as the "Data Encryption Key" (DEK). The DEK is located in the crypto-controller which is equipped with special protection against manipulation. It is generated on the basis of random hardware events. This DEK is encrypted using an "Authentication Key" (AK). Typically, the AK is generated by the user choosing a password. For several self-encrypting hard disks, the AK can also be stored on a token, for example a chip card or a USB stick, and additionally encrypted by means of a password. This is made possible by the implementation of a two-factor authentication.

In addition to the DEK and AK, there is generally also a master key which allows decryption of the data even if the password or the token is lost. Such a key must be generated during the installation and stored securely in case the password or the token is lost. It must be specified what organisational steps must be taken if a user forgets the password for a self-encrypting hard disk. In this case, the password must be reset using the master key and the user must set a new password.

After the successful authentication of the user, the DEK is decrypted. Using the DEK, all data on the hard disk is decrypted and encrypted without the user noticing anything during operation. If the computer is shut down or if the drive integration of the SED is disconnected, all data is encrypted using the DEK and the DEK is encrypted using the AK.

In general, the key length used for the encryption procedure used by the hard disk should be sufficiently long. More detailed information on appropriate key lengths of cryptographic procedures can be found in S 2.164 Selection of a suitable cryptographic procedure.

Before purchasing self-encrypting hard disks, it should be checked whether the hard disks are compatible with the other hardware of the IT system. Furthermore, it should be checked if the read and write rate of the selected hard disk is appropriate. Moreover, it should be checked whether additional general requirements must be met when using SEDs in the IT system. For example, only very few models of self-encrypting hard disks can be integrated into an existing "Single-Sign-On" architecture. In addition, it should be checked whether and how IT systems with normal hard disks can be migrated to self-encrypting hard disks (e.g. using a supplied program or by means of a new installation).

The self-encrypting hard disk should be installed in the organisation by trained administrators. For this purpose, they must first create a new DEK and assign a password as well as generate a master key that must be stored securely (see S 6.56 Data backup when using cryptographic procedures and S 2.22 Escrow of passwords). The user of the client must first change the DEK start password into a secure password (see S 2.11 Provisions governing the use of passwords).

If a self-encrypting hard disk is repaired or if they are to be sold or disposed of, it must be ensured that it is not possible to access any information worthy of protection. For this purpose, the DEK should be regenerated prior to repair, sale or disposal or an "ATA Secure Erase" deletion command should be executed.

Review questions:

© Federal Office for Information Security. All rights reserved.