You left your laptop in a taxi or it was confiscated at a customs checkpoint. How do you ensure your personal or corporate data is safe? There are a number of best practices to follow.

SSD Best Practices

Step 1: Shut down your device in public spaces when you are not using it. Resume time is longer, but hibernate and standby technologies keep your security protections in a partially unlocked state. That’s how most of the big “device unlock” stories we read in the news were enabled. This comes down to how the OS deals with storage. Given that the unlock process only takes a few milliseconds, there is no reason to keep this security hole open.

Step 2: Use a high-quality self-encrypting drive (SED) that enables an access control API such as TCG Opal or ATA Security. While there have been cases of bad implementations or poor deployments (i.e., default passwords) compromising SEDs, for the most part, bugs get fixed and organizations learn best practices. If the OS vendor issued monthly bug fixes and still suffered from security breaches, why, then, would we write off the SED?

Security is fundamentally about defense-in-depth. Think about a multi-layered wall. If one layer of the wall is breached, the next layer is there to keep the attacker away from your data. Though it may seem silly, it is actually a good idea to enable an account password on your OS, use the OS data encryption and enable SSD data encryption. Instead of seeing this as wearing three sweaters in the winter, think of it more as an outer layer to block wind, a middle layer to preserve warmth and an inner layer to wick away moisture. Each layer provides a different capability, which makes the system more robust.

Fundamentally, security is about strength through design, not though obfuscation. What this means is that a design should be strong in the full light of day. Attackers are very smart, and they will figure out how to overcome obfuscation.  

An SED vendor should publish information that clearly defines the security architecture, along with a guide on how to properly configure the SED. If you’re in a rush, or feel overwhelmed by all the information, here is a quick cheat sheet:

FIPS 140-2 Level 2 Certified SSD

Everyone has a different perspective on whether to trust the government, but the Federal Information Processing Standards 140-2 program exists to qualify devices for use in federal programs that require security. This is the standard the U.S. government uses to make sure other organizations can’t access their secrets.  In this case, they have a vested interest in making sure it is robust.

A FIPS-certified SSD has undergone a rigorous review by accredited labs and other security professionals to ensure the drive is fully compliant. It’s an expensive and lengthy process that allows industry experts to fully understand all the subtle details of the security design and ensure it is up to par. Saying you have a security design is one thing; proving it through a FIPS certification is another.

A FIPS-certified SSD is layered over an access control protocol, such as TCG Opal or ATA Security. Once you have a FIPS SSD, you need a software tool to configure the SSD and an OS or BIOS that can prompt you for a password and send the commands to unlock the drive.

If you’re looking for more detailed information, you’ve come to the right place. The bullets listed below represent key technology pillars that go into making a robust SED that provides strong resistance to a determined attacker. Every security system can be defeated given enough time and money, but the objective of a strong security system is to make it so difficult that the attacker gives up. For example, trying to break cryptography by guessing the password requires more compute power and more electrical output than the entire planet can currently generate. We consider that a good starting point for security. Other techniques are possible that reduce the attack surface, which is why we layer many different elements into the final solution.

Following NIST Security Guidelines

The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce. They provide well-thought-out and thoroughly vetted guidelines on a broad range of topics, including cybersecurity.

Among other topics, NIST provides guidelines on random number generators (SP800-90), encryption algorithms (SP800-131A), deriving keys from passwords (SP800-132), protecting (or wrapping) secrets (SP800-38F). There are other ways to implement these functions, but the NIST guidelines have the benefit of massive international peer reviews.

Secure Boot

The SSD ROM is Read Only Memory, by definition. That means it cannot be changed once the chip leaves the silicon foundry.  The ROM should only boot from software that has a valid RSA or Elliptical Curve digital signature (ie: RSADSA or ECCDSA).

Root of Trust

The SSD vendor should clearly state how they protect the private keys used in their RSADSA or ECCDSA secure boot flow. Industry best practices recommend the use of a FIPS 140-2 Level 3 certified key manager, which is often called a hardware security module (HSM).

Random Number Generator

Data on the SSD is encrypted on-the-fly as you save files. The SSD may use AES-256 encryption, but that encryption is only as good as the random number generator (RNG) used to generate the key. The hardware design should be based on NIST SP800-90 guidelines and pass the compliance suite. It’s even better if the RNG has been certified through FIPS 140-2.

Good Key Management Practices

Keys that are stored on the non-volatile media, like the magnetic disk of an HDD or the NAND flash of an SSD, must also be protected. Industry best practice is to ensure the key is always tightly bound to the user password. Now, let’s be frank; humans pick terrible passwords, so to ensure the key is properly protected (wrapped) by the full strength of AES-256, we use a key derivation algorithm like BPKDF2, which is covered in SP800-132.

Support Cryptographic Erase

Data that is encrypted on the drive can be instantly cryptographically erased, or crypto erased, by simply deleting the decryption key. TCG only defines the mechanism, but solutions exist to automatically trigger a crypto erase if the user fails to enter the correct password three times. The data still technically exists, but the amount of effort required to guess that key exceeds the gross world product (or, the GDP of earth) by several orders of magnitude. This will change when quantum cryptography becomes readily available, but we’re still a few years away from that. Security experts are already in the process of devising new encryption methods to protect against this future threat. For now, the general guideline for key length is as follows: AES (256b), SHA (256b), RSA (4096b), Elliptical Curve (256b).

Protecting personal and corporate data is something everyone should take seriously. Using multiple layers in your defensive strategy is also a good idea. This can include passwords, virus scanning, firewalls, OS encryption and SSD encryption. There is always a possibility that passwords can be guessed or stolen, or that a bug is exploited, but having multiple levels of redundancy ensures your information is harder to access than the next victim’s. In the end, the ideal scenario is that the attacker gives up and you limit your loss to the cost of replacing the hardware.