ABSTRACT Data protection is the process of safeguarding sensible information. Ensuring security becomes particularly relevant when data are used to manage operation of safety-critical systems. This is the case of MBDA, an European group with business focused on designing and producing missile systems to meet the needs of armed forces. In general, there are several technologies that allows to cover many aspects of data security: disk encryption protects them from theft, backup protects them from loss, secure erasure protects them from unwanted recovery. This thesis work is aimed to design and implement a system which allows to prevent unauthorized access to sensible data physically stored in one or more hard disks that could be lost or stolen. This problem cannot be solved with a standard disk encryption scheme that by default requires to pass an authentication phase by manually inserting a password. This is because those disks will be installed in a platform in which there is not the possibility to insert input. The proposed solution addresses this problem by designing and developing a remote data protection mechanism based on a different authentication process: at power on the disk sends to a remote server information about the hardware configuration in which it is installed. The server uses such information to check if that disk is working in the expected environment and based on that it sends back a response which allows or denies the decryption of its content. This means that if the disk is stolen and installed in a different platform, data inside it cannot be decrypted. In order to make this architecture secure, there are several challenges to be faced: encrypt the communication between client and server to avoid eavesdropping, authenticate the server to avoid identity spoofing, encrypt the list of allowed hardware configurations to avoid unauthorized access or modification, protect certificates and keys to prevent them being used by unauthorized entities.

1. Candidate
Davide Piccardi
Thesis Advisor
Prof. Roberto Baldoni Dr. Leonardo Aniello, Ph.D
Ing. Antonio Ascrizzi, Ph.D
Co-Advisors
Design and implementation of a
solution for remote data protection
in safety-critical systems

2. Design and implementation of a solution for
remote data protection in safety-critical
systems
2
MBDA
MBDA Rome
Internship
Software Engineering Technology
Cybersecurity project
16/01/2018
MBDA Worldwide
European integrated defense company
Prestigious shareholders
Systems for armed forces

3. Design and implementation of a solution for
remote data protection in safety-critical
systems
3
Context: Safety-critical systems
16/01/2018
Systems whose failure or malfunction leads to unacceptable consequences
• death or injury to people
• loss or damage to equipment or property
• environmental harm
Traditional areas
• medical care
• commercial aircraft
• nuclear power
• weapons

4. Design and implementation of a solution for
remote data protection in safety-critical
systems
4
Problem: Data security
16/01/2018
Data are stored on devices
vulnerable to loss or theft
Data are needed by safety-
critical systems to operate
Data Security:
Confidentiality
DISK
ENCRYPTION
Authentication by
user
Authentication with
password

5. Design and implementation of a solution for
remote data protection in safety-critical
systems
5
Problem: Data security in safety-critical systems
16/01/2018
Vulnerability
checking
Design and
implementation
of a solution
NO STANDARD
DISK ENCRYPTION
No input devices

6. Design and implementation of a solution for
remote data protection in safety-critical
systems
Data confidentiality: Standard disk encryption
Full Disk Encryption (FDE)
• software based
• all data are encrypted
• encryption transparent
• one password at power on
Self-Encrypting drive (SED)
• hardware based FDE
• performance
• easy management
• pre-boot authentication
• Opal SSC [1] [2]
[1] Cox, J. Advances in storage security standards. Tech. rep., Intel Corporation (2015).
[2] TCG and NVM, E. Trusted computing group and nvm express joint white paper:
Tcg storage, opal, and nvme. Tech. rep., Trusted Computing Group and NVM Express (2015).

7. Design and implementation of a solution for
remote data protection in safety-critical
systems
7
Proposed solution: Design overview
16/01/2018
[3] Dta sedutil self encrypting drive software (2017). Available from:
https: //github.com/Drive-Trust-Alliance/sedutil/.
[3]

8. Design and implementation of a solution for
remote data protection in safety-critical
systems
8
Remote data protection: Design overview
16/01/2018

9. Design and implementation of a solution for
remote data protection in safety-critical
systems
9
Remote data protection: Implementation overview
16/01/2018
Operational workflow
Client
• management software
• sedutil
• footprint
• TLS client
Server
• authentication manager
• from scratch
• trusted platform module
• encrypted whitelist
• TLS server

10. Design and implementation of a solution for
remote data protection in safety-critical
systems
10
Remote data protection: Vulnerability assessment
16/01/2018
HOT PLUG FORCED RESTART KEY CAPTURE
Opal Vulnerable Vulnerable Vulnerable
Sedutil Ok Ok Vulnerable
Solution Ok Ok Ok
Attacks
• attacker has physical
access
• vulnerabilities derive from
Opal design limitations
System Power states
On(S0), Sleep(S3), Hibernate(S4), Off(S5)
Drive states

11. Design and implementation of a solution for
remote data protection in safety-critical
systems
11
Conclusions and future works
16/01/2018
• Background on data
security
FDE, SED, Opal
SED, TPM
• Solution for data security
in safety-critical systems
Requirements
Design
Implementation
Evaluation
Vulnerabilities
• Data security
Sedutil
• File and network security
OpenSSL
• Hardware security
TPM
• Advanced development
Buildroot and
Docker
• Programming
C, C++, scripting
• Testing
platforms
• Deployment
initial configuration
• Compatibility
devices
• Integration
hardware security

12. Design and implementation of a solution for
remote data protection in safety-critical
systems
1216/01/2018