Data recovery from hard disks with FDE (Full Disk Encryption)/BDE (Bulk Data Encryption) technology can be a hot potato! Among them, Hitachi 7220 series hard disks, which were launched recently in Sep. 2007 and available in China at the end of 2008, adopted FDE encryption technology. SalvationDATA announced HD Doctor for Hitachi Edition 3.30 to support Hitachi 7220 series. This is really good news!
The following information is more about FDE/BDE technologies.
1. Traditional HDD encryption technology
We traditionally adopt the following methods to fulfill the data protecting task: BIOS startup password, hard disk ATA password, third party software encryption and hardware encryption card.
The main board integrated the function to set the startup password in the BIOS. With the startup password protection enabled, users are required to input the password on computer startup, so the data gets certain protection. However, anyone can easily access the data on the hard disk by connecting it to another PC.
Hard disk which follows ATA Standard has ATA password function integrated, which includes two different types of passwords, SID and UID. Both of the passwords and the password strategies (Advanced and Superior) can be set in the BIOS. If the password strategy set to be advanced, both the SID and UID can be used to access the hard disk; however, if the password strategy set to be superior, only the UID can be used to access the hard disk, while the SID can just be used to reset the password (the password resetting operation will erase all data on the protected hard disk). The 7220 hard disk we mentioned above got the ATA password (UID) decrypted.
The software encryption is realized by third party software which follows certain cryptographic algorithm to implement the encryption/decryption function. Any file, directory or all data on the HDD (including the operating system, software based FDE encryption) can be encrypted. Such software includes TruCrypt, PGP, FreeOTFE, Bit Locker, DriveCrypt, 7-Zip and BitLocker built in Windows Vista. However, the secret key is stored on the hard disk, and the hacker may still break through. Meanwhile, software encryption occupies CPU resource, which will definitely slow down the system performance.
Hardware encryption can be implemented by adopting encryption card and USB encryption disk. This solution includes an encryption card which connects the HDD to the PCI slot of the motherboard and if the user needs to access the hard disk, an USB key should be inserted in the port which exactly connects to the encryption card; without the USB key, the whole system will be locked. This encryption method relies on the encryption card and USB key, so if any one of them gets damaged, even the manufacturer can do nothing to access the hard drive.
2. Hardware-Based FDE Encryption Technology
This technology adopts a special chip embedded in the hard drive for data encryption/decryption, where the secret key is stored. When original data is written to the hard disk by operating system, the encryption chip will encrypt the data first and then write Ciphertext data to the hard disk; when the operating system reads data from the hard drive, the chip will decrypt the Ciphertext first and output the original data.
All data shall be transformed into binary code in order to store on hard disk. For example, when we need to input the Arabic number “6” to hard disk, at the very beginning the computer will transform “6” into binary code which should be “110”, and then ECC check will be added, finally “110+ECC” will be written to the HDD. This process is the traditional data recording process.
Then how FDE hard disk works? We still use the example above: to write the Arabic number “6” to the hard disk, first, the encryption/decryption chip will encrypt the number “6” according to the algorithm built in (to simplify the analysis, suppose the encryption algorithm is F(x)=Key×Data, and the key is “8”; so the encrypted data becomes “48”, and the data finally stored is binary code “1001000+ECC”. When it was read, the binary code will be transformed into 48, and then, by adopting the decryption algorithm F(x)=Key×Data, we get the original data by using F(x)/Key= 48/8=“6”.
From the above process, the secret key plays crucial role among all. As to FDE hard drives, there are two kinds of passwords used to manage the secret key: SID and UID. The SID is used to create the secret key and gain access to the user data (once set, any change prohibited; the reason gives out below); while UID can be used to initialize the secret key only.
If the user needs to change the SID, just send an “erase FDE password” command; under this circumstance, the secret key will be reset to KEY 0; and when the user resets the SID password, the key will be set to be a random one. The encryption/decryption chip controls the secret key, which is not stored on the HDD, so it is safe from being cracked. The HDD encryption algorithm will be changed after the changing of the SID, and all the data stored on the HDD before the change will not be recognized any more since the secret key has been changed. For instance, when the secret key changed from 8 to 12, and the final data we get according to the algorithm will be 48÷12=4, which has nothing to do with the original data we input.
What needs you to put special attention to is that, the FDE password can be changed (I mean SID), but all data on hard disk will not be recognized any more after that. So there are two usages of changing the SID: one is encryption initialization towards a new hard disk; the other is erasing all data on hard disk in a very fast way which can be adopted in few certain circumstances.
Comparing to the traditional hard disk, FDE hard drives have an obvious advantage in information security, while the speed of data transmission is as fast as the traditional one, that’s because the process speed of the encryption /decryption chip is the same as the transmission speed of hard disk. The only shortcoming of FDE hard disk is the higher cost (encryption /decryption chip integrated). At present, the FDE hard disk manufacturers include Seagate (Momentous 5400 FDE.2 serious), Hitachi (7K200 and 5K500 B. serious), etc. In a short term respect, the FDE hard disk will not be widely spread due to the high cost, but it is a tendency to choose it in the long run.
Data recovery salon is dedicated in sharing the most useful data recovery information with our users and only if you are good at data recovery or related knowledge, please kindly drop us an email and we will publish your article here. We need to make data recovery Salon to be the most professional and free data recovery E-book online.