Use case documents are now available on the TCG Web site outlining the new trusted storage specification, which was unveiled at the RSA Conference in San Jose, Calif., on Feb. 13.
The use case documents include: Enrollment and Collection to define host-to-storage device and storage-device-to-host mating; Protected Storage; Locking and Encryption, which can store data at rest; Logging, as forensic capabilities and time-stamping activity; Cryptographic Services; Authorizing Storage Device Feature Sets to Hosts for secure and exclusive use; and Secure Download of Firmware.
The use cases fall into three broad categories: They feature the trusted attachment of storage devices to their hosts, policy-driven secure control over storage device features such as storage locations and storage encryption, and secure session-oriented messaging of those types of controls toward storage devices.
In addition, the new documents go into detail about TCGs proposed T10 SCSI and T13 ATA commands. The commands are designed to support storage device security control interfaces, said Michael Willett, senior director of Research and Security for Seagate Technology, and co-chair of the TCG Storage Work Group, based in Portland, Ore.
Willett said SCSI and ATA protocols were chosen to serve as the trusted send and trusted receive command interfaces because they are the predominant command-sets interfaces to hard drives and can share the same HD architecture.
The TCG Trusted Storage specification will be finished in March and should be available by mid-2006. A whos who of large HD manufacturers, tape drive manufacturers, and flash drive manufacturers are helping to co-develop the fledgling storage specification.
TCG TPMs (Trusted Platform Modules) are a key part of the TCG Storage Workgroups push to extend the trust boundary from permanent peripheral storage units or hard drives into trusted computing host platforms. These small, dedicated processor flash storage devices, which ship in hosts today, provide a root of trust for their hosts.
By utilizing the TPM hidden memory in storage devices, Willett said, the TCG is able to set up separate security partitions to construct multiple security partitions within a drive.
Each of these partitions will feature its own functional definition which can be assigned to an external host application and assign a secure protocol between the two. For instance, this could be used to secure an in-house health care or financial application to outside partners and hosts, he said.