Group Eyes Fortress-like Hard Drives

The Trusted Computing Group, the same standards body that delivered the Trusted Platform Module security chip, is cooking up a standard for hardware-based encryption for hard drives to help prevent data breaches.

Headline-making data losses may someday be a thing of the past, thanks to widespread use of data encryption, hard drive makers hope.

The Trusted Computing Groups Storage Work Group—whose membership includes representatives from hard drive, tape drive and optical drive manufacturers—is readying a hardware-based data encryption technology standard it says will allow hard drive makers to add encryption capabilities directly into their products in the future.

The TCGs standard, which has been in the works for some time, wont arrive in time to help the 26.5 million United States military veterans whose personal data was lost recently when a Veterans Administration employees laptop was stolen.

However, the TCG believes its approach might help prevent similar losses in the future by fostering broader adoption of tough encrypted schemes inside hard drives in coming years.

"I think that youll see [encrypted drives] proliferate, because the business case is kind of obvious," said Michael Willett, chairman of the Storage Work Group and senior director of security for drive maker Seagate, in Pittsburg, Penn.

"Just look at a laptop theft. Look at the reputational loss alone a company faces from that."

Given that the encryption standard can help prevent data breaches if a computer is stolen or lost, most hard drive makers are expected to adopt the standard for PC and server drives, when the TCG makes it public this fall.

/zimages/4/28571.gifClick here to read more about the TCGs work in security chips.

"The indication I have is that all the [hard] drive industry—if not the flash and the tape and the optical people—realize the value of encryption," Willett said.

"Weve got strong controls over communications of data—or data in motion. But the data at rest [on a hard drive] is the last frontier. The sense of the industry is [now] that all data at rest should be encrypted."

TCG says its approach differs from software-based encryption, such as Microsofts forthcoming Bitlocker, by piggybacking on secure communications protocols built into drive interfaces and using hardware built into drives themselves to keep tight control of cryptography keys. The standard also allows for drives to be married to a given TPM (Trusted Platform Module) security chip-equipped system.

/zimages/4/28571.gifClick here to read more about Microsofts Bitlocker.

The approach works by employing a TPM-like crypto chip, located in the drive electronics, to store an encryption key that unlocks the data stored on the drive.

Given that its stored in hardware and placed there during manufacturing, the key is nearly impossible to capture or tamper with, Willett said.

The key is unlocked by a password. The standard supports long passwords and a multimode password that uses a combination of a password, fingerprint, challenge response or certificates.

The TCG standard, which works with ATA and SCSI interfaces drives, will support multiple encryption algorithms. It expects most manufacturers to employ the AES (Advanced Decryption Standard) algorithm.

The standard will also focus on key management and making it a straightforward process to allowing multiple master and multiple user access as well as different domains on a hard drive, therefore granting IT managers the ability to limit the way some users access to their drives for example. The group also aims to offer escrowing and backup of keys.

Given that a person with a proper password can still unlock the data on a drive, it is still possible for data to fall into the wrong hands. However, the intricate password systems supported by TCG make that less likely, Willett said.

"Im not worried about the user. Its who steals the drive [and] what they have access to," he said. "The real protections are the exception cases of loss or theft or repurposing, or end of life."

The TCG is shooting to release its hard drive encryption the standard to peer review in August. Following that process, which will a take about two months, the TCG hopes to make the standard widely available in late October.

Given that hard drive makers have been working on the standard all along within the Storage Working Group, "I suspect products will soon follow," Willett said.

They "will be premium products at first…and then reduce to commodity [prices] very quickly."

Although the standard will be applied to hard drives at first, it could be used with flash memory-based drives and optical drives as well in the future, he said.

Over time, the TCGs Storage Work Group will look to make its encryption standard even more business-friendly in subsequent updates.

Although its encryption scheme will apply to drives used in NAS and SAN applications, the group believes it can simplify matters such as managing all of the encryption keys in a drive array.

"The administrator may want to have the same key on all drives, different keys, or a migration schedule or a backup schedule," Willett said. "Thats one of the things well be working on next."

/zimages/4/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis on enterprise and small business storage hardware and software.