TCG addresses storage security

By Dr. Michael Willett

—The increased growth of various storage media has occurred at a time when increased security is required for data. In some respects, the growth has caused new data security problems. With the ongoing shift away from tape-based backup toward disk-based backup/recovery, as well as the increased use of portable drives, the risk of lost or stolen data increases. Not only is data in multiple locations—including portable devices—but more people potentially have access to it.

Certain organizations have more serious data security problems than others. For example, in healthcare, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes protection requirements for storage devices. Any activity that results in a data breach must be reported to the affected parties. Despite the considerable expense involved with a breach, the 19th Annual Healthcare Information and Management Systems Society (HIMSS) Leadership Survey reported nearly one-fourth of healthcare IT professionals admitted their organization suffered a security breach last year. Respondents indicated that identity management and security technologies were two of the top three technologies they planned to implement for the first time in the next two years.

Healthcare is only one of the high-risk industries where government regulations impact storage security and growth. Driven by e-discovery, regulatory compliance, and overall storage optimization needs, the archiving market grew 18.6% year-over-year, according to market research firm IDC. Year-over-year growth of data protection and recovery alone was 11.5% (see IDC's Worldwide Quarterly Storage Software Tracker).

Instead of relying solely on firewalls, user access controls, and audit logs on computers and servers for data protection, encrypting data on the storage device itself provides much stronger protection, including external hard drives. Even if they are lost or stolen, drives with encrypted data are not classified as a security breach, since the data is inaccessible to unauthorized users.

As various storage transitions occur and the need for improved security is recognized, a coalition of vendors has developed open standards that make a higher level of data security a reality.

Embedded security
Active in improving security in computers for several years, the Trusted Computing Group (TCG) standards development effort extends to wireless, networking and storage products (see Figure 1, above). Supported by approximately 140 hardware, component, software, service, computing, networking, and mobile phone companies, TCG develops open industry standards that enable vendors to deliver products and services with a higher level of security to users. A hardware component called a Trusted Platform Module (TPM) provides the foundation for security in computer platforms.

Typically, a microcontroller that securely stores passwords, digital keys and certificates to provide unique identification, the TPM can be a stand-alone integrated circuit (IC) or an embedded portion of another IC, such as an Ethernet controller. Using standard software interfaces, the TPM works with other security methodologies to provide privacy protection and interoperability across multiple platforms.

Based on the efforts of TCG's Storage Work Group (SWG), the trust model has been extended to enable trusted storage in hard disk drives. At power up, a trusted drive starts in a locked condition. To unlock the drive, when the pre-boot authentication screen appears, the user simply selects their User ID and then enters their Password, similar to normal software-only protection schemes.

However, the trusted drive confirms the right to access the drive's content and unlocks it. Since this is hardware- rather than software-based access, the usual software shortcomings, including attacks and spyware, are avoided. Additionally, the trusted drive can implement Full Disk Encryption (FDE) directly in the drive electronics for protection against loss or theft, as well as for re-purposing or end-of-life. Deleting the cryptographic key under administrative access control will render the encrypted data unreadable. If the host computer contains a TPM, then that TPM can be used to provide additional support (e.g., local archiving of sensitive credentials) to the trusted drive.

Published in June 2007, the SWG Trusted Storage Specification (Overview and Core Architecture Specification, Version 1.0, Revision 0.9 (TCG Storage Architecture Core Specification) takes into account existing communication standards for storage devices, specifically the SCSI (ANSI/INCITS T10) and ATA (ANSI/INCITS T13) command sets. In the TCG storage architecture, approved SCSI and ATA trust commands support trusted messaging from host applications to the storage device. As a result, "payload" commands from the Trusted Storage Specification work with the existing Trusted Send/In and Trusted Receive/Out "container" commands. For end users, this provides a new level of trust that can be easily implemented by application developers.

TCG storage specs
The initial TCG storage specification addresses a broad range of storage security requirements in storage devices such as hard drives, optical, tape, and flash devices. By targeting a number of use cases, the specification's developers provide security improvements for several storage applications.

Perhaps the most straightforward case is the trusted attachment of storage devices to a host computer. Other use cases address policy-driven, secure control over features of storage devices such as storage locations and encryption. The final area involves secure, session-oriented messaging to storage devices.

Some of the developed use cases are system related and not obvious to the end user. In contrast, encryption and drive locking specifically impact the end user. With this capability, storage systems that can easily, inadvertently, or eventually be separated from a secure host can have stand-alone protection. The Trusted Storage Specification takes advantage of existing in-storage computing capability for cryptographic services in storage systems. For example, TCG's SWG recommends AES/128 for symmetric encryption, SHA-1 and SHA-256 for hashing, and RSA and Elliptic for public key ciphers, among others.

With security services available from the storage device, computer applications that need higher level data security, such as medical documentation, can use the storage system to provide these capabilities beyond simple data warehousing. To fulfill this role, protecting the keys to the encrypted data in storage systems from disclosure, modification, or loss is an essential element of establishing and maintaining trust in the storage system.

Chartered to develop methods to manage cryptographic keys for storage devices, the Key Management Services Subgroup (KMSS) investigated the full life-cycle management of keys. The efforts of this subgroup have resulted in a detailed application note.

Based on the specific methods proposed in the Key Management Services application note, Encrypting Drives in an Array Controller, developers have the tools for managing the basic locking, encryption, and key management of one or more hard drives in a uniform manner. When the tools are implemented, users will be able to perform several new high-security activities, including secure communication between the storage devices and host systems. Perhaps one of the more straightforward applications of keys is when a drive uses an access or authentication key, essentially for any access, read, write or configuration. Figure 2, below, shows the process.

Other drive-based security made possible by the first application note includes authentication between the storage device and the host system. With the new hard drive storage security service, the drive can authenticate the host's right to access critical data, and the host can authenticate the drive as a proper repository for data. In addition, the specification provides the means for discovery of the storage device's capabilities. Developed to allow users to comply with existing data security regulations, the specification has the flexibility to meet future state and federal legislation as well.

Extending storage security
With reduced complexity compared to existing storage security solutions and a minimal impact on system performance, the initial TCG storage solution promises cost-effective implementation in data storage devices from hard drives, optical disks and tape to flash devices and solid state drives. The follow-on activity of the Key Management Services Subgroup has provided specific application details for developers. To take its effort specifically into optical disk storage, the Storage Work Group established the Optical Security Subsystem Class (OSSC).

The Trusted Optical Disc standard in development will allow users to encrypt data on standard optical discs. In addition, the standard provides access control to support organizational security policies with n-factor authentication and Full Disc Encryption (FDE) using Advanced Encryption Standard (AES) data encryption.

The TCG protection occurs in an application layer above standard optical disc formats. By defining three address-space partitions, both normal (non-secure) and protected (secure) discs can be handled. The Common Volume provides "predictable behavior" when a TCG disc is inserted into a legacy drive. In the secure partition space, TCG tables are stored in the Protected Storage Area and encrypted user data is written to the User Data Area. When implemented, the OSSC approach will provide users a means to meet government secure data requirements, including the presidential mandate for government agencies and NSA guidelines.

With the security mechanism embedded in the drives, security becomes a storage function and is easier to manage at the application developer and user levels.

Industry standards to enable storage device security are allowing for faster product development and help ensure that products from different vendors are compatible in the enterprise environment. With hardware-based encryption proven to be more secure, IT users and vendors can look forward to additional products and developments to enable this security.

Dr. Michael Willett is the co-chair of the Trusted Computing Group's Storage Working Group, and a senior director at Seagate Research.

This article was originally published on April 23, 2008