Issue link: https://read.uberflip.com/i/1173416
w w w. m r c y. c o m WHITE PAPER When selecting a password, strength is an important consideration. It is also important to understand the strength of a password as compared to an equivalent encryption key. The table below provides this comparison. Password Length Password bit strength using all printable characters except the space. (6.555-bits entropy per symbol) Password bit strength with all possible 8-bit values. (8-bits entropy per symbol) 8 52 64 12 78 96 16 104 128 24 157 192 32 209 256 64 419 512 There is a subtlety of ATA password authentication for authorized data access that must be noted here. After a user enters the ATA password, the system's BIOS sends the ATA password to the drive for authentication. If the ATA password matches, data access is granted. However, this access does not mean that data will be automatically decrypted for the user. In order for the device to perform normal read (decryption) and write (encryption) operations, the encryption key, which is distinct from the ATA password, must also be present on the drive. Only after both the correct key and ATA password are provided to the device will the drive perform normal operations. Requiring both an encryption key and an ATA password reduces the probability that an adversary can access unauthorized data without these two pieces of information. What happens if an adversary uses a brute force approach in an attempt to identify the key and/or ATA password? A secure SSD, as defined by Mercury Systems, will be configured to limit the number of failed ATA password and key entry attempts. Upon reaching the designated limit, which could be as few as one attempt, drive sanitization will automatically proceed. The entire contents of the drive will be erased, and an overwriting procedure will commence to render the data forensically unrecoverable. ATA Password and Key Storage on the Device Manufacturers of most SSD devices rarely provide details of their encryption and key storage methodologies. The end user is left unware if ATA passwords and keys are stored in plain or cipher text. Readers are strongly cautioned against using any SSD device for a military application where ATA passwords or keys are stored on the device in plain text. Though exceptionally challenging to execute, it is theoretically possible for an adversary to disassemble a captured SSD device (with an ATA password or key stored as plain text) and complete a reverse- engineering process where the individual memory devices are probed to 4 reveal the appropriate values. It is important to note that Mercury SSD devices never store ATA passwords and or keys as plain text. Having established that ATA passwords and keys must not be stored on the device in plain text, we now consider the process that safely stores ATA passwords and keys on the device. An algorithm enabling this process is referred to as a cryptographic hash function. Hash algorithms, such as SHA-2, are integrated into a device's encryption engine; they permanently alter the original ATA password or key values before storage on the device. Hash functions are a one- way transformation of an ATA password or key that create a new, safe value that is distinct from the original value. Several attributes of a hash algorithm are noteworthy for this discussion: 1. The original ATA password or key cannot be determined from the hash. 2. A hash algorithm will always convert the same ATA password or key to the same unique hash, thereby enabling a comparison to be made to authenticate the correctness of an entered ATA password or key. In the event that an adversary captures an SSD where the ATA password and/or key is stored as a hash value, the adversary will disassemble the device and attempt to identify the memory devices where the values are stored. Assuming he/she is successful in this extraordinarily challenging endeavor, the adversary will have discovered the hash values only; the adversary has no way of transforming the hash values back to the original values to enable normal read and write operations. Other algorithms exist to convert an ATA password into a key that is used as a KEK. These algorithms condition an ATA password or apply a pseudorandom function. By repeating the process many times, a new 256-bit key is derived. The output, a KEK, is used to encrypt and decrypt the device's encryption key. Having reviewed the fundamental terms and concepts of encryption and key classifications, it is now appropriate to begin a detailed review of each key management mode available for consideration. Readers are cautioned that not all SSD manufacturers will support each key management mode. The key management modes defined in the balance of this white paper are supported by Mercury Systems' portfolio of secure, military-grade SSD devices. Encryption Key Modes While the complexity of implementation increases from one mode to the next in the following discussion, end user responsibility also increases. It is imperative to ensure that end users have the proper knowledge, training and infrastructure to successfully create, store, protect and distribute encryption keys and passwords. With these capabilities, the flexibility and security benefits of the more complex modes can be fully and safely realized.