The Trusted Computing Group has announced a draft specification aimed at helping avoid unauthorised access to sensitive data on hard drives, flash drives, tape cartridges and optical disks. These devices won't release data unless the access request is validated by their own on-drive security function.
David Hill, a principal in the Mesabi Group, said: "The public media blares the loss of confidential information on large numbers of individuals on what seems a daily basis, and that is only the tip of the data breach iceberg for not having trusted storage. Trusted storage will soon be seen as a necessity —not just a nice to have — by all organisations."
The Trusted Computing Group (TCG) is a not-for-profit industry-standards organisation with the aim of enhancing the security of computers operating in disparate platforms. Its draft, developed by more than 60 of the TCG's 2175 member companies, specifies an architecture which defines how accessing devices could interact with storage devices to prevent unwanted access.
Storage devices would interact with a trusted element in host systems, generally a Trusted Platform Module (TPM), which is embedded into most enterprise PCs. The trust and security functions from the specification could be implemented by a combination of firmware and hardware on the storage device. Platform-based applications can then utilise these functions through a trusted command interface negotiated with the SCSI and ATA standards committees.
Thus a server or PC application could issue access requests to a disk drive and provide a key, random number or hash value. The drive hardware and/or firmware checks that this is valid and then supplies the data, decrypting it if necessary. Future versions of the SATA, SCSI and SAS storage interfaces would be extended to support the commands and parameters needed for such access validity checking.
Mark Re, Seagate Research SVP, said: "Putting trust and security functions directly in the storage device is a novel idea, but that is where the sensitive data resides. Implementing open, standards-based security solutions for storage devices will help ensure that system interoperability and manageability are greatly improved, from the individual laptop to the corporate data center.” Seagate already has an encrypting drive.
Marcia Bencala, Hitachi GST's marketing and strategy VP, said: "Hitachi's Travelstar mobile hard drives support bulk data encryption today and we intend to incorporate the final Trusted Storage Specification as a vital part of our future-generation products."
The TCG has caused a Key Management Services subgroup to be formed to provide a method to manage cryptographic keys. More information on this can be found here.
Final TCG specifications will be published soon but companies could go ahead and implement based on the draft spec.