Protecting Data At Rest
Valuable and sensitive Data At Rest (DAR) must be protected in case of an unauthorized access attempt or equipment loss. The cryptographic scheme comprised of encryption, critical security parameter generation and management algorithms and are the most commonly used vehicles to achieve that goal.
For Top Secret data, NSA Type 1 certified system is required in the US. It is fully controlled by the Government including generation and management of critical security parameters such as cryptographic key and is not publicly known and is subject to ITAR limitations.
There is an attempt to facilitate the use of Commercial Off The Shelf (COTS) solution to lower the cost and shorten the deployment schedule for classified DAR through the use of Commercial Solutions for Classified (CSfC) system. This method uses a layered approach that must be properly configured using layer-specific Capability Packages (CP), validated with an NSA/NIAP Common Criteria (CC) certificate. For example, relevant to storage devices DAR protection existing implementations would use two layers of encryption: one as software layer (the data is already encrypted during the transit to the storage device) and then the data is encrypted for the second time using hardware encryption built into the end storage device such as SSD.
It should be noted that the Common Criteria DOES NOT certify the cryptographic module itself. It ensures that the interfaces and other critical security parameters where the module was integrated into the COTS product, is implemented as stated by the vendor.
The cryptographic modules are validated and certified under Federal Information Processing Standard (FIPS) Publication 140-2 published by the National Institute of Standards and Technology (NIST).
The SSD is an end-point in data transfers and its architecture must ensure data at rest protection in case of an unauthorized access attempt or equipment loss. This is achieved through the use of encryption algorithms and various technologies that when combined transform an SSD into a Cryptographic Module.
The NIST and the Communications Security Establishment Canada (CSEC) collaborated on the development of the Cryptographic Module Validation Program (CMVP), which defines the requirements and validation of cryptographic modules to FIPS 140-2 specification. The validation of the Cryptographic Module under this program is rather costly and typically takes 1-2 years but once it is completed, this module can be accepted by various government agencies for the DAR protection of critical and sensitive information.
Such an already validated module, COTS product can also be used for the existing computer devices and/or data recorder upgrade to the FIPS 140-2 capabilities significantly lowering the development cost, facilitating the qualification and shortening schedule duration as described in “Upgrading Security of Data Recorder”
The NIST FIPS 140-2 standard defines a Cryptographic Module as the set of hardware, software, and/or firmware that implements security functions and is contained within a cryptographic module boundary. The cryptographic boundary is an explicitly defined contiguous perimeter that establishes the physical bounds of a cryptographic module. The security functions include key generation and cryptographic algorithms such as encryption, authentication and random number generation algorithms.
The encryption algorithm is a set of mathematical operations that combined with an encryption key converts data in plaintext form into data in a meaningless cybertext form.
The authentication algorithm verifies and validates the identity of a user or process attempting to access the cryptographic modules secured data.
The random number generation (RNG) algorithm(s) generates a sequence of pattern-less symbols where future sequences cannot be predicted based upon past sequences, and therefore, cannot be compromised. The entropy, or the measure of randomness is used to evaluate the strength of the RNG algorithm. The RNG has sufficient entropy for the encryption and authentication algorithms to ensure the overall security of the cryptographic module.
The cryptographic module security functions protect user data within the cryptographic boundaries. The security functions cover several areas that must be addressed during module design and implementation:
- Cryptographic Module Specification defining approved algorithms such as encryption/decryption, authentication, random number generation and approved modes of operations within the cryptographic boundaries
- Fully defined and characterized Ports and Interfaces to/from the module, divided into Data Input and Output, Control Input and Status Output.
- Defined role-based or identity-based operator services and authentications such as User Role and Crypto Officer Role.
- Defined and characterized module finite states and state transitions
- Physical Security that spans from tamper evidence to tamper detection and response.
- The operational environment of the module defining its hardware, firmware and software items.
- Cryptographic Key Management that includes the requirements for the end-to-end lifecycle of Critical Security Parameters such as the cryptographic key, its generation, establishment, storing and zeroization.
- EMI/EMC requirements
- Strict module configuration management
- Potential mitigations of Other Attacks
- And last but not least, power up Self-tests including cryptographic algorithm tests, software/firmware integrity tests, critical functions tests and conditional tests to ensure proper module operations.
To achieve a FIPS validation certificate, all these functional areas are thoroughly tested and validated by an accredited and independent lab.
The encryption/decryption algorithm is one of the cryptographic algorithms built into the cryptographic module (others include authentication and random number generation).
There are several encryption algorithms currently available with the Advanced Encryption Standard (AES) being the most popular and broadly used encryption standard today. It is specified by NIST document FIPS-197. Its strength is resilience to a data breach. When properly implemented it is used to protect classified data up to the top-secret level. The AES uses the Rijandael algorithm that divides the “plaintext” (data before encryption) into 128-bit Block Ciphers and with the use of cryptographic keys, processes the data into an unreadable form, or “cybertext”.
The cryptographic keys may have different lengths, depending on the implementation, of 128, 192, or 256-bits. These are referred to as “AES-128”, “AES-192”, or “AES-256”.
There are many different AES encryption schemes (modes) with the most popular being ECB, CBC, and XTS. These are referred to as “AES-256 ECB”, “AES-256 CBC”, “AES-256 XTS”.
From a security standpoint, the quality of various encryption schemes differs. The ECB mode, essentially the first generation of AES is not considered strong enough for today’s standards and must be used with great caution. It is vulnerable to various attacks as it preserves Block Cipher characteristics from before to after encryption.
Other encryption schemes attempt more or less successfully to correct this problem by adding an “initialization vector” to the equation. The initialization vector, if it is “random enough” and in addition to the Cryptographic Key, results in cybertext indistinguishable from truly random bits. This includes implementations such as CBC, CFB and OFB. However, these are known to have some security vulnerabilities.
The XTS is a relatively new mode defined in NIST DP 800-38E. It similarly uses an initialization vector concept but offers significant security improvements over the older encryption modes such as CBC. It is suitable for storage devices that like Block Cipher encryption methods also use a block structure for storing user data (such as SSD).
Encryption consists of several mathematical algorithms that with the addition of cryptographic key(s) convert user data “plain text” into an unreadable “ciphertext” and back.
The cryptographic key is an important factor determining the strength of the cryptographic system. Consider the encryption algorithm as a black box. The cryptographic key is then the only variable that is needed to encrypt and decrypt the data. If the cryptographic key is short and has a length of, say, 2-bits, there are only 2n=22=4 different key combinations and user data would not be protected even if the strongest algorithm was used. So what should a minimum key length be?
From the brute force attack perspective, the 128-bit long key provides an impassable barrier –no one has broken the key of such a length yet. However, most of the encryption algorithms today use a 256-bit cryptographic key. The table below puts into some perspective the probability of breaking a 128 or 256-bit cryptographic key.
|Winning the Lottery||1/13983816|
|Breaking 128-bit Key||1/340282366920938463463374607431768211456|
|Breaking 256-bit Key||1/115792089237316195423570985008687907853269984665640564039457584007913129639936|
In most of the modern cryptographic module implementations, the authentication credential is separate from the encryption key. The key is used by the encryption algorithm to encrypt and decrypt the data. The authentication credential is a password or PIN that provides the user or process access to the encryption algorithm, hence to the data stored in the cryptographic module.
The authentication is one of the critical functions defining the overall security of the cryptographic module. The strongest encryption algorithm will not prove its value if the authentication function has security weaknesses. FIPS 140-2 specifies a minimum length of the passwords and PINs to be used in the cryptographic module and special care is taken to protect critical security parameters related to the authentication function residing in the cryptographic module.
The authentication mechanism is enhanced by features such as Crypto and Fast Erase procedures that are triggered either by crypto-officer or automatically in case a of brute force attack. These procedures immediately disable access to the module, remove critical security parameters and in some cases purge the cybertext itself.
The cryptographic key generation relies on an output from the Random Number Generator (RNG) and has a direct relationship with the cryptographic module security strength. The RGB system should have access to the amount of entropy (or randomness) that would be sufficient to provide the required security strength that is specified in NIST SP 800-90A. The entropy tests consist of an important part of the cryptographic module validation and the RGB system must be approved.
Should the target application for the cryptographic module be a boot drive, the Pre-boot Authentication function proves to be useful. It allows for a secure process of passing authentication credentials before the operating system (OS) is loaded from the SSD.
Pre-boot authentication, when combined and secured with the Crypto-erase/Fast erase procedures provides secure and convenient management of the boot drive security.
Crypto Erase, Fst Erase and Purge functions strengthen the data security system of the Cryptographic Module.
These functions are typically used by Crypto Officer to declassify the module.
The Crypto Erase or other procedures are also protecting the module against the brute force. Typically the module triggers an emergency Crypto Erase if a number of unsuccessful logins exceed the predefined threshold.
The Crypto Erase consists of purging all critical security parameters and it takes milliseconds to complete. The FIPS validated encryption algorithm ensures that the probability to decrypt the data is zero (10-78 to be more exact).
The Fast Erase consists of erasing all the data from the entire SSD including all spare blocks. The process takes 3 to several seconds depending on the SSD capacity. Memkor’s Fast Erase is always preceded by the Crypto Erase.
The Purge algorithms are defined by various government agencies and consist of 1 to multiple Fast Erase and Overwrite cycles of the SSD capacity including the spare blocks. It may include verification as one of the steps of the procedure. It takes few to several minutes to complete depending on SSD capacity. Memkor’s Purge when triggered is always preceded first by Crypto-Erase and then by Fast Erase before the actual Purge steps commence.
- The interface does not matter from the FIPS perspective
o Stress PCIe is unique – most validated are SATA and SAS
- Appropriate management tools needed (ATA commands vs NVMe commands to manage Encryption but same security procedures
The following definitions are tailored for use in the FIPS140-2 standard:
Authentication code: a cryptographic checksum based on an Approved security function (also known as a Message Authentication Code).
Automated key transport: the transport of cryptographic keys, usually in encrypted form, using electronic means such as a computer network (e.g., key transport/agreement protocols).
Compromise: the unauthorized disclosure, modification, substitution, or use of sensitive data (including plaintext cryptographic keys and other CSPs).
Confidentiality: the property that sensitive information is not disclosed to unauthorized individuals, entities, or processes.
Control information: information that is entered into a cryptographic module for the purposes of directing the operation of the module.
Critical security parameter (CSP): security-related information (e.g., secret and private cryptographic keys, and authentication data such as passwords and PINs) whose disclosure or modification can compromise the security of a cryptographic module.
Cryptographic boundary: an explicitly defined contiguous perimeter that establishes the physical bounds of a cryptographic module and contains all the hardware, software, and/or firmware components of a cryptographic module.
Cryptographic key (key): a parameter used in conjunction with a cryptographic algorithm that determines: • the transformation of plaintext data into ciphertext data, • the transformation of ciphertext data into plaintext data, • a digital signature computed from data, • the verification of a digital signature computed from data, • an authentication code computed from data, or • an exchange agreement of a shared secret.
Cryptographic key component (key component): a parameter used in conjunction with other key components in an Approved security function to form a plaintext cryptographic key or perform a cryptographic function.
Cryptographic module: the set of hardware, software, and/or firmware that implements Approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.
Cryptographic module security policy: a precise specification of the security rules under which a cryptographic module will operate, including the rules derived from the requirements of this standard and additional rules imposed by the vendor. (See Appendix C.)
Crypto officer: an operator or process (subject), acting on behalf of the operator, performing cryptographic initialization or management functions.
Data path: the physical or logical route over which data passes; a physical data path may be shared by multiple logical data paths.
Differential power analysis (DPA): an analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm.
Digital signature: the result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication 2. data integrity, and 3. signer non-repudiation.
Electromagnetic compatibility (EMC): the ability of electronic devices to function satisfactorily in an electromagnetic environment without introducing intolerable electromagnetic disturbances to other devices in that environment.
Electromagnetic interference (EMI): electromagnetic emissions from a device, equipment, or system that interfere with the normal operation of another device, equipment, or system.
Electronic key entry: the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. (The operator of the key may have no knowledge of the value of the key being entered.)
Encrypted key: a cryptographic key that has been encrypted using an Approved security function with a key encrypting key, a PIN, or a password to disguise the value of the underlying plaintext key.
Environmental failure protection (EFP): the use of features to protect against a compromise of the security of a cryptographic module due to environmental conditions or fluctuations outside of the module's normal operating range.
Environmental failure testing (EFT): the use of testing to provide a reasonable assurance that the security of a cryptographic module will not be compromised by environmental conditions or fluctuations outside of the module's normal operating range.
Error detection code (EDC): a code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data.
Finite-state model: a mathematical model of a sequential machine that is comprised of a finite set of input events, a finite set of output events, a finite set of states, a function that maps states and input to output, a function that maps states and inputs to states (a state transition function), and a specification that describes the initial state.
Firmware: the programs and data components of a cryptographic module that are stored in hardware (e.g., ROM, PROM, EPROM, EEPROM or FLASH) within the cryptographic boundary and cannot be dynamically written or modified during execution.
Hardware: the physical equipment within the cryptographic boundary used to process programs and data.
Hash-based message authentication code (HMAC): a message authentication code that utilizes a keyed hash.
Initialization vector (IV): a vector used in defining the starting point of an encryption process within a cryptographic algorithm.
Input data: information that is entered into a cryptographic module for the purposes of transformation or computation using an Approved security function.
Integrity: the property that sensitive data has not been modified or deleted in an unauthorized and undetected manner.
Interface: a logical entry or exit point of a cryptographic module that provides access to the module for logical information flows representing physical signals.
Key encrypting key: a cryptographic key that is used for the encryption or decryption of other keys.
Key establishment: the process by which cryptographic keys are securely distributed among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key transport and/or key agreement protocols), or a combination of automated and manual methods (consists of key transport plus key agreement).
Key loader: a self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.
Key management: the activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and zeroization.
Key transport: secure transport of cryptographic keys from one cryptographic module to another module.
Manual key transport: a non-electronic means of transporting cryptographic keys.
Manual key entry: the entry of cryptographic keys into a cryptographic module, using devices such as a keyboard.
Microcode: the elementary processor instructions that correspond to an executable program instruction.
Operator: an individual accessing a cryptographic module or a process (subject) operating on behalf of the individual, regardless of the assumed role.
Output data: information that is produced from a cryptographic module.
Password: a string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
Personal identification number (PIN): an alphanumeric code or password used to authenticate an identity.
Physical protection: the safeguarding of a cryptographic module, cryptographic keys, or CSPs using physical means.
Plaintext key: an unencrypted cryptographic key.
Port: a physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire).
Private key: a cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public.
Protection Profile: an implementation-independent set of security requirements for a category of Targets of Evaluation (TOEs) that meet specific consumer needs.
Public key: a cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity and that may be made public. (Public keys are not considered CSPs.)
Public key certificate: a set of data that uniquely identifies an entity, contains the entity's public key, and is digitally signed by a trusted party, thereby binding the public key to the entity.
Public key (asymmetric) cryptographic algorithm: a cryptographic algorithm that uses two related keys, a public key and a private key. The two keys have the property that deriving the private key from the public key is computationally infeasible.
Random Number Generator: Random Number Generators (RNGs) used for cryptographic applications typically produce a sequence of zero and one bits that may be combined into sub-sequences or blocks of random numbers. There are two basic classes: deterministic and nondeterministic. A deterministic RNG consists of an algorithm that produces a sequence of bits from an initial value called a seed. A nondeterministic RNG produces output that is dependent on some unpredictable physical source that is outside human control.
Removable cover: a cover designed to permit physical access to the contents of a cryptographic module.
Secret key: a cryptographic key, used with a secret key cryptographic algorithm, that is uniquely associated with one or more entities and should not be made public.
Secret key (symmetric) cryptographic algorithm: a cryptographic algorithm that uses a single secret key for both encryption and decryption.
Security policy: see Cryptographic module security policy.
Seed key: a secret value used to initialize a cryptographic function or operation.
Simple power analysis (SPA): a direct (primarily visual) analysis of patterns of instruction execution (or execution of individual instructions), obtained through monitoring the variations in electrical power consumption of a cryptographic module, for the purpose of revealing the features and implementations of cryptographic algorithms and subsequently the values of cryptographic keys.
Software: the programs and data components within the cryptographic boundary, usually stored on erasable media (e.g., disk), that can be dynamically written and modified during execution.
Split knowledge: a process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, that can be subsequently inputted into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key.
Status information: information that is output from a cryptographic module for the purposes of indicating certain operational characteristics or states of the module.
System software: the special software within the cryptographic boundary (e.g., operating system, compilers or utility programs) designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system, and associated programs, and data.
Tamper detection: the automatic determination by a cryptographic module that an attempt has been made to compromise the physical security of the module.
Tamper evidence: the external indication that an attempt has been made to compromise the physical security of a cryptographic module. (The evidence of the tamper attempt should be observable by an operator subsequent to the attempt.)
Tamper response: the automatic action taken by a cryptographic module when a tamper detection has occurred (the minimum response action is the zeroization of plaintext keys and CSPs).
Target of Evaluation (TOE): an information technology product or system and associated administrator and user guidance documentation that is the subject of an evaluation.
TEMPEST: a name referring to the investigation, study, and control of unintentional compromising emanations from telecommunications and automated information systems equipment.
TOE Security Functions (TSF): used in the Common Criteria, a set of the TOE consisting of all hardware, software, and firmware that must be relied upon for the correct enforcement of the TOE Security Policy.
TOE Security Policy (TSP): used in the Common Criteria, a set of rules that regulate how assets are managed, protected and distributed within a Target of Evaluation.
Trusted path: a means by which an operator and a TOE Security Function can communicate with the necessary confidence to support the TOE Security Policy.
User: an individual or a process (subject) acting on behalf of the individual that accesses a cryptographic module in order to obtain cryptographic services.
Validation authorities: NIST and CSE.
Zeroization: a method of erasing electronically stored data, cryptographic keys, and CSPs by altering or deleting the contents of the data storage to prevent the recovery of the data.