Enova hardware encryption: false sense of security

2006.03.29
Risk: Medium
Local: Yes
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 4.9/10
Impact Subscore: 6.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: None
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Enova hardware encryption: False sense of security Classification: =============== Level: Informational ID: HEXVIEW*2006*03*28*1 URL: http://www.hexview.com/docs/20060328-1.txt Overview: ========= Enova Technology is a manufacturer of the X-Wall ASIC that provides transparent IDE/ATA hard disk encryption (http://www.enovatech.net). Enova offers a variety of chips with levels of encryption strength ranging from DES-40 to 3DES-192. AES encryption is also mentioned on the website but we were unable to find any details on it in X-Wall datasheets. A critical design flaw makes possible to duplicate hardware tokens and/or capture the encryption key. Although this advisory is rated informational, the issue might be of critical severity for those relying on Enova-based devices to protect sensitive information. Affected products: ================== All hardware hard disc encryption solutions based on Enova X-Wall ASICs are affected. Those include devices manufactured by: CRU-DataPort dLock Corp Mapower Electronics Co. SSI Computer Corp. Storcase Technology Jstac Corporation PC Winner International CipherShield Macpower Peripherals (ThumbMax) RocStor NetStor Technology Onnto Corp. Quick-Serv Computer Co. Deltron Technology Jetway Information Co. St. John Technology Co. Asustek Computer Inc. Abit Computer Corp. Mitac Technology The complete list of manufacturers and their products is available at: http://www.enovatech.net/products/manufacturers.htm Cause and Effect: ================= Enova X-Wall crypto engine does not protect the confidentiality of the encryption key. The X-Wall ASIC reads the key from a serial eeprom using Microwire protocol. The key is stored in eeprom IN CLEAR TEXT. Depending on a device the eeprom can be located on a hardware token (so-called "Secure Key"), or emulated by additional authentication layers (biometric, 2-factor, etc.) Essentially, the manufacturer decided to go with a simpler design instead of implementing a method to securely input the key to the device (Diffie-Hellman key exchange, for example). The "Secure Key" hardware token is a Microchip 93C46 eeprom mounted on the IEEE 1394 connector. It can be read and duplicated using any suitable serial programmer. No matter how many authentication layers are implemented for a device, it is trivial to capture the key directly from the microwire bus bypassing other authentication methods. More design flaws: ================== The "Secure Key" token uses IEEE 1394 (firewire) connector which might cause hardware damage when plugged in to the firewire port. While token's body employs additional metal pin to prevent accidental insertion into most firewire ports, the pin is useless with many firewire extension cables. Security Risks Summary: ======================= 1. Hardware token can duplicated in seconds. 2. Encryption key can be sniffed off the wire. 3. Additional layers of protection (2-factor, smart cards, biometrics) are in most cases useless. The key is still delivered to the ASIC in the clear. 4. Inability to change the key in many products. Mitigation factors: =================== 1. Physical access to the device or hardware token is required to perform the attack. 2. Some manufacturers derive encryption key from smartcard and biometric technologies. In this case the only way to get the key is to sniff it off the wire. Tamper-resistant and tamper-evident enclosures can make it difficult (but not impossible) to tap into the microwire bus. Vendor Status: ============== Due to the nature of the problem (there is no possibility to correct the issue) HexView decided that it is unnecessary to notify the vendor. About HexView: ============== HexView contributes to online security-related lists for over a decade. The scope of our expertise spreads over Windows, Linux, Sun, MacOS platforms, network applications, and embedded devices. We also offer a variety of consulting services. For more information visit http://www.hexview.com Our website also features security news, papers, recent exploits, and discussion forums. Distribution: ============= This document may be freely distributed through any channels as long as the contents are kept unmodified. Commercial use of the information in the document is not allowed without written permission from HexView signed by our pgp key. Please direct all questions to vtalk (at) hexview (dot) com [email concealed] Feedback and comments: ====================== Feedback and questions about this disclosure are welcome at vtalk (at) hexview (dot) com [email concealed] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEKidKDPV1+KQrDqQRApqjAJ9Qil+hrq+28N0/1SfpxmURBOxlKACgiIzo Usty1Mr1TA7xE2wOzmz6tr0= =xpOw -----END PGP SIGNATURE-----

References:

http://www.securityfocus.com/archive/1/archive/1/429253/100/0/threaded
http://www.hexview.com/docs/20060328-1.txt
http://xforce.iss.net/xforce/xfdb/25527
http://www.enovatech.net/products/reference/secureusb_pro.htm


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top