Storage Security Part VI: Locking Down the Disk
One company offers a way to secure data when different classes of data have different security requirements.
In the last installment of this series on storage security, we looked at on-disk encryption enhancements coming from Seagate on their laptop drives. We suggested that the technology might find its way into less mobile disk arrays in the near future and invited feedback on this point—and on Seagate’s DriveTrust technology in general.
One response came from Tom Treadway, CTO and distinguished engineer at Adaptec, who reported on the technique used by Seagate with its DriveTrust-enabled Momentus drives.
He reports, "To perform true ‘full disk’ encryption with software, the boot loader on disk has to be replaced with an encryption-aware loader that can decrypt the original boot sectors, etc., until the runtime encryption software is loaded. This boot loader can also prompt for a password. Seagate does it this way with their Momentus drives."
Treadway notes that this approach would be considered "too unwieldy" to be done on array controllers as it is done on single-disk systems such as laptop or PC controllers. Instead, he says, "We would do the key management using controller firmware—bridging the gap between the motherboard Trusted Platform Module (TPM) and the drives hidden behind the logical array."
Trusted Platform Module is both the name of a published specification (detailing a microcontroller that can store secured information) and the general moniker applied to implementations of that specification, often called "TPM chip" or "TPM Security Device" (Dell), which is the product of the Trusted Computing Group. The TPM offers facilities for secure generation of cryptographic keys, the ability to limit the use of keys (to either signing/verification or encryption/decryption), as well as a hardware random number generator.
The TPM also includes capabilities such as remote attestation, binding, and sealed storage. "Remote attestation" creates a non-forgeable summary of the hardware, boot, and host O/S configuration of a computer, allowing a third party to verify that the software has not been changed. "Sealing" encrypts data in such a way that it may be decrypted only in the exact same state (that is, it may be decrypted only on the computer where it was encrypted and running the same software). "Binding" encrypts data using the TPM's "endorsement" key (a unique RSA key put in the chip during its production) or another "trusted" key.
A TPM is a unique device identifier that can be used to authenticate a hardware device. In other words, it could enable a scheme of secure access in which a server seeking access to an array could be authenticated via its unique TPM, verifying that it is the expected system.
Treadway wrote that it is possible for an encrypted array solution to be built today using motherboards equipped with TPM chips. One benefit, touted by manufacturers of TPM-equipped boards, is that the technology provides an additional safeguard against attacks on systems that use stolen passwords. The downside, according to detractors, is that the technology could be used to enforce digital rights management—preventing the sharing of copyrighted music, software, or video files. This would, arguably, be less important in a corporate setting than in a private one. (For the record, TPM chips have been appearing in a greater number of PC and portable computer motherboards, rather than on server-class computers—suggesting their appeal to DRM advocates.)
More Engineering Needed?
All of this indicates that encrypting data on disk arrays might require considerably more engineering than has been suggested in discussions of Seagate’s innovative DriveTrust technology. At least one vendor, San Jose, CA-based SPYRUS, Inc., posits that on-drive encryption via special disk hardware might not be needed at all—even to secure laptops.
SPYRUS (no, the name is not derived from Spys-R-Us, but from Secure Papyrus) was recently praised for becoming "the premier data at rest encryption solution under the Department of Defense (DOD) Data at Rest (DAR) Program." According to the company, the award includes multiple software and hardware product configurations leveraging the company’s flagship Talisman/DS Data Security Suite to protect sensitive data residing on computers, mobile computing devices, and removable storage media.
"What sets Talisman/DS apart from other products is its combination of high-strength hardware file encryption and efficient software-based disk encryption products to provide a scalable, multi-layered "Defense-in-Depth" solution," company spokespersons say. Talisman/DS provides a variety of combinations of software- and hardware-based encryption/decryption methods that support the entire set of high-strength Suite B cryptographic algorithms, including the default settings of AES-256, SHA-384 and ECC P-384, as well as all of the legacy algorithms (RSA, triple-DES, and SHA-1).
Specific Talisman/DS Data Security Suite product packages include partner WinMagic’s SecureDoc Software: a full disk encryption software that automatically protects every sector on the disk, including temporary files, free space, and swap files.
If more security is required, the WinMagic encryption keys can themselves be encrypted using the SPYRUS Rosetta USB Executive Suite. This is essentially a USB token, called the Rosetta USB token, that stores the SecureDoc AES 256-bit disk encryption key, wrapping the software key in another, equally strong, ECC P-384 key, the equivalent of an RSA-7680 key.
Robert R. Jueneman, chief scientist at SPYRUS, considers key wrapping to be much more secure than competing products that use weaker key encryption methods or fail to encrypt disk encryption keys at all.
He notes that although SecureDoc can use several authentication schemes, the most secure approach uses two-factor authentication "with a very high-strength elliptic curve cryptography (ECC) P-384 public key to encrypt the AES-256 key used for the disk encryption." This "wrapped key," Jueneman says, can be stored on the disk or stored on the token, "but in either case, it can only be decrypted by using the ECC private key on the token."
How is the data on the disk accessed? Jueneman explains: "In order to log on to the token to decrypt the wrapped key, the user must enter the PIN correctly, and if the PIN is entered incorrectly 10 times in a row, the token becomes blocked. Assuming the PIN is at least 6 digits long, this means there is one chance in 100,000 that the PIN could be guessed."
He goes on to say that unlike common USB memories, and even some that claim to do encryption, the keys in the Rosetta are contained within a security processor that is extremely resistant to attack, "including such exotic approaches as ion beams, electron microscopes, etc." He reports that multiple national laboratories have evaluated the security of this chip and concluded that a successful attack would be exceedingly difficult.
"Now compare that approach with the conventional password-based encryption approach," Jueneman challenges, "using PKCS#5 or some variant. What those approaches do is perform a series of encryption and hashing operations to conceal the wrapped key, and they deliberately increase the number of rounds to make the operation take as long as possible."
Legitimate users don’t want to wait too long, he acknowledges, setting the acceptable access delay to decrypt encrypted data at "one or two seconds."
A third implementation option pairs WinMagic’ SecureDoc software with a Hydra Privacy Card (Hydra PC) Series II Enterprise Edition. SPYRUS claims that this combination is "ideal for hardware-based secure file-sharing encryption, secure mass storage, and full disk encryption for superior protection of data at rest and data in transit."
The Hydra PC Enterprise Edition features a Secure File Sharing system that allows files to be encrypted at one location and safely transported to another location for decryption, without requiring the keys to be transported as well. The Secure File Sharing system also permits a user to encrypt data, store the data in multiple locations, and share the encrypted data with one or more user-designated recipients.
Jueneman provides an overview of the product, "It is a hardware-based file encryption system that hashes and then compresses the plain text, encrypts each file uniquely, and then digitally signs the entire file. Files can be stored on a removable miniSD card within the Hydra PC, or stored on the computer's hard drive, a network drive, sent via e-mail, or burned to CD or DVD and physically transported with complete security. Secure file sharing is supported between multiple recipients."
He adds that although Hydra PC uses the same security module as the Rosetta USB token, "It includes two additional processors for high-speed ECC P-384, as well as simultaneous AES-256 encryption and SHA-384 hashing of the ciphertext." This adds to its encrypt and decrypt efficiency.
What happens if the Hydra PC is lost or destroyed, or the user forgets his or her PIN? The scientist notes that a unique Recovery Agent mechanism can be used to decrypt encrypted files. Moreover, the product features an innovative Host Authorization Code that allows enterprises to restrict the use of a Hydra PC to a selected set of computers, preventing users from removing sensitive data or using an unauthorized computer to maliciously or inadvertently breach data security, even if the user possesses the Hydra PC and knows the PIN.
What the SPYRUS product family suggests is that there may be very different security requirements for different classes of data within the same organization. A single, on-disk, on-array, or on-tape library solution might not be appropriate for all organizations.
Your views are welcome as we head for next week’s wrap-up of this series on storage security: firstname.lastname@example.org.