Encryption Keys: The Cliffs Notes Version, Part 2
February 15, 2019
In my first post of this series, I explained terms relating to encryption keys and the standards that exist governing encryption key algorithms. Now I will spend some time on ATA passwords and how they correlate to encryption keys.
Clarifying the Functions of an Encryption Key and ATA Password
The role of an encryption key is commonly confused with the role of an ATA password. The only purpose of an encryption key is to convert data to cipher text so it is illegible to anyone accessing the data without proper authorization and to then decrypt data back to plain text.
The purpose of an ATA password is two-fold:
- Authenticate that the user is authorized to access the data
- Re-create the KEK required to decrypt the encrypted permanent key
Encryption keys using AES-256 bit encryption are 256 characters in length. While the length of the ATA password varies based on the BIOS programming, it is typically 32 characters. For higher levels of security, some SSD devices, such as Mercury’s ASURRE-Stor and TRRUST-Stor secure SSD devices, accept ATA passwords of up to 64 characters.
When selecting a password, strength is an important consideration. It is also important to understand the strength of a password as compared to an equivalent encryption key. The table below provides this comparison.
|Password Length||Password bit strength using all printable characters except the space. (6.555-bits entropy per symbol)||Password bit strength with all possible 8-bit values. (8-bits entropy per symbol)|
After a user enters the ATA password, the system’s BIOS sends the ATA password to the drive for authentication. If the ATA password matches, data access is granted. However, this access does not mean that data will be automatically decrypted for the user. In order for the device to perform normal read (decryption) and write (encryption) operations, the encryption key, which is distinct from the ATA password, must also be present on the drive.
Only after both the correct key and ATA password are provided to the device will the drive perform normal operations. Requiring both an encryption key and an ATA password reduces the probability that an adversary can access unauthorized data without these two pieces of information.
What happens if an adversary uses a brute force approach in an attempt to identify the key and/or ATA password? A secure SSD, as defined by Mercury Systems, will be configured to limit the number of failed ATA passwords and key entry attempts. Upon reaching the designated limit, which could be as few as one attempt, drive sanitization will automatically proceed. The entire contents of the drive will be erased, and an overwriting procedure will commence to render the data forensically unrecoverable.
ATA Password and Key Storage on the Device
Manufacturers of most SSD devices rarely provide details of their encryption and key storage methodologies. The end user is left unaware if ATA passwords and keys are stored in plain or cipher text. An SSD device that stores ATA passwords or keys in plain text should never be used for a military application. It is theoretically possible, though extremely difficult, for an adversary to disassemble a captured SSD device (with an ATA password or key stored as plain text) and complete a reverse-engineering process where the individual memory devices are probed to reveal the appropriate values. Mercury SSD devices never store ATA passwords or keys as plain text.
So how do you safely store ATA passwords and keys on a device? A cryptographic hash algorithm. Hash algorithms, such as SHA-2, are integrated into a device’s encryption engine. These algorithms permanently alter the original ATA password or key values before they're stored on the device. Hash functions are a one-way transformation of an ATA password or key that create a new, safe value that is distinct from the original value. Several attributes of a hash algorithm are noteworthy:
- The original ATA password or key cannot be determined from the hash.
- A hash algorithm will always convert the same ATA password or key to the same unique hash, thereby enabling a comparison to be made to authenticate the correctness of an entered ATA password or key.
In the event that an adversary captures an SSD where the ATA password and/or key is stored as a hashed value, the adversary will disassemble the device and attempt to identify the memory devices where the values are stored. Assuming he/she is successful in this extraordinarily challenging endeavor, the adversary will have discovered the hash values only; the adversary has no way of transforming the hash values back to the original values to enable normal read and write operations.
Other algorithms exist to convert an ATA password into a key that is used as a KEK. These algorithms condition an ATA password or apply a pseudorandom function. By repeating the process many times, a new 256-bit key is derived. The output, a KEK, is used to encrypt and decrypt the device’s encryption key.
In my next two posts, I will review details of each key management mode supported by Mercury secure SSDs with an easy-to-use chart to determine which mode will be best for your application. To learn more on this topic, you can download the full white paper, "Unlocking the True Value of Encryption and Key Management Modes for Military Data Storage Applications" or contact us at firstname.lastname@example.org.