Bypassing Self-Encrypting Drives (SED) in Enterprise Environments

Presented at Black Hat Europe 2015, Unknown date/time (Unknown duration)

For years, Full-Disk Encryption (FDE) solutions have been advertised as the "silver bullet" solution to protect against the unauthorized disclosure of sensitive data at rest. Hardware-based FDE, known as Self-Encrypting Drives (SED), have reportedly zero overhead and enhanced security in contrast to software encryption alternatives and have already been adopted by organizations across the world. Unknowingly, organizations using SED have been sitting on a critical exposure to their data that they thought was encrypted. This session will explore SED solutions, a newly discovered vulnerability that allows you to circumvent their protection mechanisms and how organizations can protect themselves against this new threat.

Presenters:

• Kevvie Fowler - KPMG LLP
  Kevvie Fowler is a Partner in KPMG Canada's Advisory Services Practice. He is a security expert and cyber forensics leader who assists clients in protecting critical assets and proactively preparing for and responding to cyber intrusion. Kevvie is a pioneer in the field of database forensics, is author of "Data Breach Investigations and Response" and "SQL Server Forensic Analysis" and is co-author of five security and forensics books. He is a frequent presenter at conferences and his research has been incorporated into formal course curriculum within academic and commercial institutions including ISC2 and the University of Abertay Dundee. Kevvie is an advisor/instructor who has trained leading organizations on incident response and forensics including the US Secret Service and the Royal Canadian Mounted Police. He is also a resource to the media and has been interviewed by media outlets including BNN, Information Security, SC and CIO magazine.
• Daniel Boteanu - KPMG LLP
  Daniel Boteanu, MEng, MSc, works in KPMG Canada's Forensic Technology Group where he performs breach and fraud investigations. Daniel has more than 10 years of research, investigation, and penetration testing experience. His research has identified several previously unknown vulnerabilities within widely deployed telecommunications equipment and security access cards.

Links:

• https://www.blackhat.com/eu-15/briefings.html#bypassing-self-encrypting-drives-sed-in-enterprise-environments
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2015/Videos/Bypassing Self-Encrypting Drives (SED) in Enterprise Environments.mp4
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2015/Videos/Bypassing Self-Encrypting Drives (SED) in Enterprise Environments.srt (subtitles)
• https://www.youtube.com/watch?v=beMtNM7nwfQ
• https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments.pdf
• https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf