Mad Monkey Home TumblreMailTwitterRSS FeedGoogle+Mad Monkey Home
   
 
QUICK LINKS
 
HOME
 
TECH NEWS  -  SITE NEWS

MONKEY STORE

ALL SOFTWARE
GAMES  -  SCREENSAVERS

FONTS

SUPPORT PAGES
CONTACT US

DONATE
 
  Quick Links
TAG CLOUD

adding believe bernard bitlocker boost carlo crucial detailed drive encryption gastel known lengthy meijer microsoft national netherlands opens paper policy protected radboud recommended scrambling secure security showed state storage techniques transform university users windows workarounds

 
RECOMMENDED

Make Poverty History

 
Euro Downloads

 

Weak self-scrambling SSDs opens up Windows BitLocker

Weak self-scrambling SSDs opens up Windows BitLocker

Wed, 7 Nov 2018 07:00:00  
Crucial MX300 Adding software encryption recommended to boost BitLocker security.

Users whose believe the data on their drives are protected with Microsoft's Windows Bitlocker could be in for lengthy workarounds, after researchers showed that the default hardware-based encryption on solid state storage isn't secure.

Carlo Meijer and Bernard van Gastel of Radboud University, Netherlands, detailed in their paper [pdf] how techniques known to be used by the US National Security Agency (NSA) can get around encryption that looks strong and impenetrable on paper.

This is a problem for Bitlocker which defaults to hardware encryption on SSDs as per the Trusting Computing Group Opal Self Encrypting Drive (SED) specification.

Bitlocker can be coaxed into using software encryption with the Windows Group Policy tool, if users have admin rights on the computers in question.

However, on Bitlocked drives that are already using the default hardware encryption, changing Group Policy settings has no effect.

"Only an entirely new installation, including setting the Group Policy correctly and securely erasing the internal drive, enforces software encryption," the researchers noted.

As a workaround to boost Bitlocker security, the researchers suggested using an open source utility such as VeraCrypt along with the SSD hardware encryption.

Using different techniques such as Joint Test Action Group (JTAG) industry standard debugging ports, and modified firmware or password validation, the researchers found that they could bypass full disk encryption on the following solid-state drives:

  • Crucial MX100
  • Crucial MX200
  • Crucial MX300
  • Samsung 840 EVO
  • Samsung 850 EVO
  • Samsung T3
  • Samsung T5

Crucial and Samsung were given six months by the researchers to issue fixed firmware for the SSDs; while the former company updated all three models, Samsung only issued new firmware for the T3 and T5, and recommends software encryption for the 840 and 850 EVO drives.


With improved cryptographic hardware in modern processors the main reason for using only the built-in encryption feature in SSDs - improved performance - no longer applies, the researchers said.

Instead, they suggested a combination of the two for users to keep their data on SSDs secure.

"One should not rely solely on hardware encryption as offered by SSDs for confidentiality," they said.

"We recommend users that depend on hardware encryption implemented in SSDs to employ also a software full-disk encryption solution, preferably an open-source and audited one.

Got a news tip for our journalists? Share it with us anonymously here.

 

Source: itnews

   

COPYRIGHT MAD-MONKEY 2005 -