Hitachi 7K200 Bulk Disk Encryption

[nurio]

I doubt that the BDE decryption / authentication can be bypassed easily by an ATA password removal tool (or even labs). By reading the different Hitachi’s BDE docs, I understand that these drives have a more sophisticated data protection mechanism then the “plain old” ATA password mechanism:

1. The new "Safeguarding Your Data with Hitachi Bulk Data" documentation explain that:

If a Hitachi drive with encryption is used, then simply erasing the password, thereby destroying the key that serves as the basis for the encryption can instantly render all the data on the disk unrecognizable.

see: http://www.hitachigst.com/tech/techlib. ... _paper.pdf
2. EDIT: Removed!

So my question is what does “wrapped” means:

FWIW:

The drives with bulk data encryption are always encrypted even when no ATA password has been set. The ATA password is the not the bulk data encryption key. When the "security set password" command is issued from the host the bulk encryption key is wrapped with the ATA password value. This process is reversed when the "security disable password" command is issued and the default value stored in the drive is used. Changing or removing the ATA password does not regenerate the bulk encryption key or otherwise render existing data unreadable.

When no password is enabled the data is still being encrypted and decrypted by the drive however there is no ATA security prevention in place.

When the user password is created access control is enabled on the drive. This means that the drive will not accept any commands from the host until the user or master password has been entered.

My guess is that when the ATA password is set, the encryption key is being encrypted using the ATA password? meaning that if you bypass the ATA password mechanism, the HD will not be able to access a valid key to decrypt the data?

[jketzetera]

2. By the “How to Guide: Bulk Data Encryption” doc, when in maximum security mode, the password can never be removed (disabling security)... unless using secure erase to remove the drive key, which will render the data on the hd useless.

Very interesting obsvervation. However, does this also mean that you cannot change password once that you have set the password?

Also, can the drive be used once again as an encrypted drive after a secure erase has removed the drive key i.e. can a new key be generated or is the hd useless as well after a secure erase.

[nurio]

Very interesting obsvervation. However, does this also mean that you cannot change password once that you have set the password?

Sorry, I just realized that my second statement was wrong, please disregard it, the high vs. max security setting refers to the way the HD handles the user and master passwords. In max security mode, the user password can change or remove the HD password, but the master password cannot bypass or change the user password to access the data. At this mode the master password can only perform a secure erase before redeploying the drive.

Also, can the drive be used once again as an encrypted drive after a secure erase has removed the drive key i.e. can a new key be generated or is the hd useless as well after a secure erase.

The enhanced erased will delete the previous key, but a new key can be generate if the drive is being used again, in other words the drive can be re-used as a secure drive, see "Safeguarding Your Data with Hitachi Bulk Data", second paragraph to the last:

If a Hitachi drive with encryption is used, then simply erasing the password, thereby destroying the key that serves as the basis for the encryption can instantly render all the data on the disk unrecognizable. If the hard drive is used again, then a new key is generated, and new data will be written over the old, unreadable data.

[rokahn]

I recently ordered a Lenovo x61s with 200GB 7200rpm bulk data encryption. However, when I inspected the HDD, the drive is labeled Hitachi 0A53580.

According to Hitachi BDE guide, only p/n 0A53070 has bulk data encryption. Does this drive have BDE? Is there any public documentation verifying this?

BDE Guide: http://www.hitachigst.com/tech/techlib. ... _final.pdf

[Crunch]

Hey all, I ordered the 200GB 7k2 drive with encryption, FRU #42T1463. Will this work in my T60p? I read in some thread that it wasn't compatible with the T60/p's???

Thanks...

[rokahn]

I got this back from Hitachi. Turns out there's no way to know a drive has BDE or not except by asking the manufacturer about the part number (there's not even a public list of OEM drives with BDE).

The drive you have in your Lenovo computer is a Bulk Data Encryption drive. The drives on the website are the distribution drive that anyone can purchase. Your drive is an OEM drive and those are different part numbers. Our OEM system builders always have different part numbers then our distribution drives. There isn’t a way for you to publicly tell if that drive is bulk data encryption unless you contact Lenovo and they tell you the part numbers they use for it. I included a link for all of our bulk data faqs if you would like to look at more information on them.

http://www.hitachigst.com/hdd/support/bulk_faqs.htm

Kyle B.
Hitachi Global Storage Technologies
US toll-free: 888.426.5214
Fax: 507.322.2419
support_usa@hitachigst.com
www.hitachigst.com

[EOMtp]

I recently ordered a Lenovo x61s with 200GB 7200rpm bulk data encryption. ... the drive is labeled Hitachi 0A53580.
... Does this drive have BDE?

Yes.

Is there any public documentation verifying this?

No.

According to Hitachi BDE guide, only p/n 0A53070 has bulk data encryption.

That guide does not include the part numbers for OEM drives which have BDE.

[jketzetera]

It is clear to me that Hitachi's BDE system is unclear .

I admit to only having the simplest understanding of cryptography. However, unless the user password is used to encrypt the encryption key in the Hitachi BDE drives, I find the Hitachi BDE drives very lacking from a security perspective.

To my knowledge, almost all software based disk encryption products (Pointsec, Drivecrypt, Truecrypt, Bestcrypt etc ....) work on the principle that a randomly generated encryption key is itself encrypted with the help of a user password. When the user wants to access his data, he supplies the user password which decrypts the encryption key, which in turn then correctly decrypts the encrypted data.

Therefore, if an attacker gains access to the encrypted drive he can only attempt brute force attacks unless he has some way of guessing or obtaining the user password.

If a Hitachi BDE drive does not use the user password to encrypt the encryption key then hacking the BDE drive no longer becomes a cryptographic problem but rather a hardware hacking problem. If the user password is not used to encrypt the encryption key then the BDE drive contains all information in itself needed to decrypt the encrypted data.

If the above is correct, then it is not a cryptograher that is needed to hack a Hitachi BDE drive but rather a hardware expert, who can dump and hack hard drive firmwares. This also means that the hacking problem is reduced from a cryptographic challenge that might take thousands of years to be brute forced, to an electronics challenge that surely is much simpler (consider the many ATA lock hacking services available where some cost less than USD 100).

So I guess an interesting question to ask Hitachi is whether the user password is used to encrypt the encryption key.

[jketzetera]

I received the following answer from Hitachi:

The user/master passwords are just part of BDE. The encryption key is not encrypted via the password. When you change the password, the encryption key will stay the same. The key can be changed only if the system supports Security Erase Unit. The drive would have to be completely erased and then a new encryption key would be generated. The only way to hack the data would be by using brute force.

To me the above indicates that the weakest link in the security of the Hitachi BDE drives lies not in the AES-128 cipher employed, but rather in the firmware/hardware implementation on how to handle correct/incorrect user/master passwords.

Again, this leads me to believe that hacking a Hitachi BDE drive is similar to hacking an ATA locked drive.


EDIT: Seagate seems to give a bit more information in regards to its FDE drives. The following info can be found in regards to their FDE drives:

DriveTrust™ security exploits drive’s closed
environment
• Transparent AES hardware-based encryption
• Pre-boot authentication required
• On-the-fly drive erasure
• Hashed passwords maintained on the drive
• Emergency password recovery file kept on a
separate device

[jketzetera]

I forgot to post the response I got from an actual Hitachi engineer. It would seem that the previous information which I received from Hitachi's marketing people was incorrect. The ATA-password is used to encrypt the encryption key, thus when powered off, the BDE hard drive itself does not contain all information to decrypt to encrypted data!

The BDE function is always enabled. The end-user cannot turn the BDE
function on or off. All user data is encrypted on the HDD's disks. The
HDD's read and write cache memory is also encrypted. However, data across
the host-to-HDD interface are not encrypted. All encryption/decryption
happens within the HDD.

The ATA password(s) is not the actual BDE key. This is because the
password value chosen by the user may not be cryptographically
appropriate, and also so the ATA password(s) can be changed without
rendering existing data unreadable.

The actual BDE key is regenerated only when an ATA Security Erase Unit
command (normal mode or enhanced mode) is sent to the HDD. The normal
mode command also includes a full overwrite of user data. The enhanced
mode command only regenerates the BDE key, skipping the overwrite in the
interest of time.

The ATA password(s) serves two functions. First, it is used with the
legacy ATA Security Feature Set just as in standard, non-BDE drives.
Second, it is used to protect the actual BDE. A random salt plus the ATA
password(s) are used to derive a separate key which is then used to
encrypt the actual BDE key. The actual BDE key is never stored in
nonvolatile memory in an unencrypted form. (The ATA passwords are never
stored in plaintext either, even on our non-BDE drives.)

[commander]

Has anybody benchmarked BDE drive? Is realy the same speed as non-BDE drive? There are a lot of 7k200 drives around, I think that it can be easily proven. Thanks