Protecting the IoT with self-encrypting storage, part 1
July 21, 2016
Problems associated with the loss of data, data breaches, brand damage/impact, and compliance issues are well known to desktop and portable computer u...
Problems associated with the loss of data, data breaches, brand damage/impact, and compliance issues are well known to desktop and portable computer users. To avoid the unauthorized access of the data on these types of products, the Trusted Computing Group developed a specification for self-encrypting drives (SEDs). With all hard drive and solid-state drive manufacturers offering SEDs on each of their products, SEDs are well accepted in high-end computing/enterprise applications, always deployed in data center storage applications, and are available for laptops and other consumer and mobile products.
Embedded products and Internet of Things (IoT) applications require self-encrypting storage (SES). This storage may be in flash memory, so the new terminology of SES is used. As in enterprise and mobile computers, SES provides protection when the owner loses physical control of the device.
Intellectual property (IP) can be stolen if the data in an embedded product is readily accessible by the next person to possess the product. Possession can be through legal or illegal means. A few examples demonstrate the problems that can occur.
Automatic teller machines (ATMs) and kiosks that handle money are common targets of criminals. Reports of trucks being crashed into the window of a convenience store to physically remove an ATM are well known. What is not as well known is that, in addition to the monetary contents, the thieves disperse or sell the data (or the drive with the data) for even further criminal activity.
A totaled car auctioned off by the insurance company could put the owner’s and other users’ of the entertainment/navigation/monitoring system’s data at risk. With the expanding IoT, many consumer products, including cars, will have contacts and other personal information that could easily involve credit cards for paying for automated services. Fortunately, crypto erase (the ability to delete and replace the on-board encryption key) is now a Federal and international standard on automobiles, so when a vehicle is sold or disposed of, all the user/personal data can easily be erased without impacting the system data.
Another example occurred recently to one of the authors, who purchased an open box Bluetooth player that had been sold to and then returned by a previous customer. With the returned product, the initial owner left private data in the product’s embedded memory. An application such as Netflix could easily be accessed, since the old data was not encrypted and not automatically isolated or erased before being resold to the next owner. An unscrupulous buyer could continue to use the identity of the previous owner to avoid additional payments until the first owner changed the password on the Netflix account.
Further, the previous owner’s personal information may be readily available as well – that is, unless the product has SES. This player required rather extensive effort to reset the stored information. This should be a simple matter. Since all embedded systems with any degree of sophistication/intelligence have some amount of memory, this type of incident will occur far more frequently with the IoT.
One might ask, “Does encryption really work to protect stored data?” No matter what side of the recent controversy between Apple and the FBI you support, the fact that a highly capable U.S. organization could not access the data on a suspected terrorist’s phone demonstrates the challenge that encrypted data poses to even the most sophisticated organizations. Today, all smartphones have this SES capability.
The basics of SES protection
One of the fundamental aspects of self-encrypting storage is that it specifically applies to data at rest. Protecting transmission of data involves other security technologies, including authentication/authorization and other standards. The second important aspect is that the drive with stored data is protected even when it is physically in the possession of others. Without the authentication key, the data cannot be accessed.
While SES is enabled when it leaves the manufacturer, actively managing encryption is left to the user and additional software is involved in this aspect. Managing encryption is one of the key things that must be considered for expanding the use of encryption into embedded products.