Cryptography has enjoyed tremendous success in securing electronic data communications. Recently, cryptography has been used to secure stored data as well. For example, secure hard drives, referred to as “self-encrypting drives,” are now commercially available. Such drives include a cryptographic module to encrypt data using a cryptographic key before it is stored on the drive, and to decrypt the data using the key on retrieval. If a computer or drive is stolen, the thief cannot access the data stored on the drive without the cryptographic key.
However, current self-encrypting drives have several flaws that compromise their security. For example, the cryptographic key, which is stored in the drive, can be obtained by a skilled hacker, allowing the hacker to access the data on the drive. As another example, a hacker can cause the drive to download and execute malware, which can provide access to the stored data.