In-Depth
A New Standard for Securing Optical Storage
How a new spec targets data protection on PCs, servers, mobile devices, and hard disk storage devices.
By Bill McFerrin
As any IT expert knows, plugging all the gaps where unauthorized personnel could access data is a difficult task. A recently released specification from the Trusted Computing Group (TCG) provides an important part of protecting data at rest. To complement its existing specifications targeting personal computers, servers, mobile phones, networks, and hard disc storage devices, the TCG recently released the TCG Storage Work Group Security Subsystem Class: Optical Version 1.0 specification to protect data stored on industry-standard optical discs.
In developing the specification, several use cases for protecting data were considered. The main issue became the compatibility with existing media, recorders, and players. Implementing the improved security required new optical disc drives with software defined by the specification. The standard optical disc format (such as CD-R/RW, DVD +/-R/RW, and Blu-ray R/RE) does not change until it is programmed by the secure drive and becomes a TCG-compliant disc. Data on the TCG disc is only accessible through an optical drive that meets the TCG specification and has appropriate access authorization as defined by IT administrators in an enterprise environment and users in a consumer environment.
Implementing Trusted Optical Storage
For improved security, the use cases considered by the Optical Storage Subgroup (OSS) include: the computing environment of personal and organizational desktop and portable computers, the ability of individual users to archive data, organizational data distribution, the distribution of information under access control (i.e., electronic health records), and a secure network endpoint used in disaster and emergency response situations. The OSS considered these threats to data security: lost or stolen discs, data breaches, eavesdropping, message replays, and intercepted messages.
Implemented as an application layer above the standard disc format, the specification called the Optical Storage Subsystem Class (OSSC) partitions the address space into three areas:
- Volume 0 provides predictable behavior when a TCG disc is inserted into a legacy drive
- Protected Storage Area provides TCG tables storage
- User Data Area provides encrypted user data storage
The Trusted Optical Disc provides access control for IT administrators in support of organizational security policies with strong, n-factor (n=1,....,255) authentication and full-disc encryption (FDE). FDE renders the data on lost or stolen disc useless without proper authentication. Although the specification is not intended to implement digital rights management (DRM), it can be used by content owners for this type of protection.
The specification allows multiple user records where each user is permitted to have a unique set of pass codes. A user’s pass code set derives a key that encrypts a common protected area key. This permits different users access to the TCG disc even though each user has an individualized set of pass codes.
TCG has worked closely with the Multimedia Command (MMC) working group in ANSI/INCITS T10 to ensure broad acceptance of the specification. The MMC working group is defining the updated Rev 6 and handling the details of the formats for each optical media type. This activity is expected to be completed in early 2009. All details will be accessible in publicly available documents. In addition, the ANSI documents will transition to ISO in the future. This close cooperation with other standards organizations involved in optical storage provides continuity to TCG’s efforts and easily implemented storage security.
How It Works
The complexity of authorized access to a TCG disc is scalable. It may be as simple as a single, user-provided pass code. However, a user may also have a dongle with an additional pass code and/or a network-attached pass code server. An organization with high security requirements can specify as many pass codes as it deems necessary. When a user is enrolled on the disc, the number of pass codes is specified in the user’s record, so organizational rules can dictate the level of security.
Software created to recognize a TCG disc will treat it differently than other non-secured discs. When the protected disc is installed, the operating system can create a pop-up that will ask for the user name and pass code. This software allows the drive to deal with the disc and comprises the unique elements of the security process. The disc is standard, but once encoded data is placed on it, the disc becomes a unique, secured disc. The primary purpose of the specification explains how the drive accomplishes this task. If an enterprise wants a higher level of security, more secure software can be written to specify the use of multiple passwords and their locations.
The Impact on Existing Media and Players
Any CD-R/RW, DVD +/-R/RW, or Blu-ray R/RE disc can be read or programmed by a TCG optical drive. Since existing players do not have the encryption capability or access authorization, a TCG disc will provide a message from its clear text storage area. The user is informed that his/her system does not have the capability to read the disc and therefore the information is secured. This avoids a corrupted disc message or indication that the format is not understood.
What to Expect
With the finalized specification available to the public in October 2008, the introduction of security-enabling software and drives that use this software can now begin. In the near term, there are a number of product introductions planned for 2009. Enterprise-level drives will be the first to provide the TCG disc capability.
Total storage cost is an obvious consideration for implementing secure optical storage. The OSSC overhead areas typically require less than one percent of the capacity of the physical volume. Although the added software and capability of the secure optical drive will obviously add some costs, the open specification should keep the price to users in a competitive range.
Enterprise applications will be able to take full advantage of the specification’s highest level of protection. This includes using the Trusted Platform Module (TPM), an integral part of all new enterprise-level computers produced today. TPMs represent the core of the trust for TCG specifications and are already implemented in over 70 million enterprise-level desktop and portable computers. As a result, the secure hardware that the TPM provides will simplify implementing the highest level of security for optical discs throughout the enterprise.
Bill McFerrin is a systems engineer of DPHI, Inc. He has worked in the consumer optical storage business for 20 years and has been active in the optical standards community for 15 years. He has been the chair and editor for the ANSI/INCITS T10 Multimedia Commands working group for nine years. He currently is leading the Trusted Computing Group’s Optical Subgroup and has been working on secure optical storage for DPHI for several years.