Q&A: Encrypting Flash and Solid State Memory Devices
How self-encryption works to secure data on flash and SSD drives.
Interest and adoption of flash and solid state devices has been rising, but increasingly IT must focus on protecting data wherever it resides. One technique is to use self-encryption technology. To learn the basics of self-encrypting drives and the standards set forth by the Trusted Computing Group, we turned to Dr. Marco Sanvido and Dr. Yuval Cassuto, research staff members at Hitachi GST, and Cyril Guyot, a senior security engineer at Hitachi GST.
Enterprise Strategies: Self-encrypting hard-disk drives are increasingly adopted in the marketplace. When will similar encryption capability be available in flash and solid state devices?
Sanvido, Cassuto, and Guyot: Multiple flash and SSD vendors already provide self-encrypting flash and SSD products, but most of these solutions are proprietary and require specialized software to manage the security of the device. Now that the Trusted Computing Group (TCG) Storage Work Group Core Architecture Specification has been published and multiple software vendors are supporting it in their products, the number of flash and SSD products implementing the TCG specification is expected to increase, and the proprietary solutions will likely only be used for niche markets. We know of at least one vendor that is shipping SSDs based on the TCG specifications.
Let’s start with the basics of self-encrypting drives. What is different in these drives and how do they work?
Self-encrypting drives encrypt every single sector on-the-fly and store the encrypted sector on the storage media. The key used to encrypt/decrypt is a secret known only by the drive and is securely stored inside the drive. The key is made accessible to the drive only after successful authentication; without the key the data is protected on the media (confidentiality).
The advantages are manifold: in case of loss or theft, the data is protected and by simply changing the key you can effectively, securely erase the whole drive, all without any performance loss. The TCG Core Architecture specifies the authentication protocols as well as the communication protocol used to manage the existing security features of the self-encrypting drive. It is a building block extensible to future security features.
What about interoperability? What are the Trusted Computing Group standards for these drives?
Before the TCG standard, many storage companies implemented proprietary solutions that were not interoperable. The need for interoperability is what brought multiple storage manufacturers to work towards, and cooperate on, the standardization of the TCG Core Architecture.
Now that many drive makers are producing drives based on these specifications, what about other kinds of storage devices? Are the Trusted Computing Group standards also applicable to them?
The TCG Core Architecture is written to be transport, protocol, and storage-media agnostic. Consequently the TCG specification is applicable to any storage device. Unfortunately, each transport protocol has idiosyncrasies that require some specification (e.g., error reporting). Currently the TCG SWG released this specification (TCG SWG SIIS Specification) only for the ATA and the SCSI protocols.
From a security standpoint, are flash and solid-state drives fundamentally different than traditional hard-disk drive storage?
Fundamentally they are the same. They store sectors that need to be made accessible to the authorized user (authentication) and protected from the unauthenticated user (confidentiality). Although reading the HDD media is a difficult and costly (but not impossible) task, the nature of flash media makes it much easier for an attacker to read/access the data stored on the flash device.
Consequently, security and confidentiality are even more important for such devices. Additionally, the Flash Translation Layer (FTL) implemented in most solid-state drives, may introduce unique security considerations, since different versions of the same sector may be present on the media at the same time (some encryption modes assume this will not happen for guaranteed security).
What special measures have IT professionals taken to secure data on flash and SSD drives? Have these measures been effective?
Before TCG there was no other security standard for storage devices, and therefore IT professionals used different and incompatible solutions. Most often IT professionals used software-based full-disk encryption to ensure confidentially. Such solutions have been effective, although not easy to deploy and manage. In general, host-based solutions have inherent disadvantages compared to self-encrypting drives, such as their effect on CPU utilization and their vulnerability to key-hijack attacks.
What best practices should IT follow to protect data?
The availability on the market of a standard solution will simplify the IT professional's job. He or she will be able to choose from multiple vendors’ compatible storage products and independently choose the best security software capable of managing all the compatible devices. We recommend hardware-based encryption for more secure data protection.
For SSDs, are changes to the specifications necessary, and if so, when can we expect final specifications from TCG?
No changes are necessary for SSD products. Some SSD manufacturers already announced SSD products supporting the TCG SWG standard.
A big concern about self-encrypting drives is key management -- what happens when users forget passwords and become locked out of their systems? How is that being addressed in the industry?
The software managing the TCG drive is responsible for the password management aspects of the self-encrypting drive. In fact, many of the security software applications do, indeed, provide password-recovery schemes in the eventuality of the user forgetting his/her password. A number of vendors are providing applications that typically are provided with the system that has the self-encrypting drive.
How do self-encrypting drives address data center and enterprise PC security?
For the data center, fast and secure erasure is the main market driver. The TCG specifications satisfy this requirement by defining a simple authenticated method to erase encryption keys. For enterprise PC security, remote management of the security feature is very important and the TCG specifications have been designed with this in mind. Indeed, remote management is typically an attribute of pre-boot management software, and the TCG specifications provide a secure storage area in which to install such software.
How are the Trusted Computing Group specifications evolving?
The TCG SWG is continuously improving the current specifications to address the evolving needs of the security markets. The TCG SWG Core Architecture Specification, the backbone of the TCG storage specification documents, has been endowed with functionality to extend security features far beyond the current market’s demand. Sample future features include secure messaging over the Internet and dynamic issuance of security features.
Dr. Marco Sanvido is a research staff member at Hitachi GST. You can reach him at Marco.Sanvido@hitachigst.com. Dr. Yuval Cassuto is a research staff member at Hitachi GST. You can reach him at Yuval.Cassuto@hitachigst.com.
Cyril Guyot is a senior security engineer at Hitachi GST. You can reach him at Cyril.Guyot@hitachigst.com.