Wave Systems Corp. (fka WAVXQ)

[Fullmoon]

Securing Data with a Combination of PC Tools and Trusted Storage

This is a great article from Michael Willet of Seagate

http://www.wwpi.com/top-stories/6337-securing-critical-business-data-with-a-combination-of-pc-tools-and-trusted-storage

Establishing Trust in Data Security

To implement increased security throughout the enterprise, the Trusted Computing Group (TCG) takes advantage of the expertise of over 130 member companies involved in hardware, components, software, services, networking, mobile phones, and storage devices. TCG’s efforts have already resulted in standards for many diverse, but linked areas, in the enterprise. The foundation for establishing trust is a hardware component called the Trusted Platform Module (TPM).

The TPM is typically a microcontroller, but the same capability can be implemented in an application-specific integrated circuit (ASIC) such as an Ethernet controller. To provide improved security, over 70 million enterprise-level desktop and PC computers already have a TPM. This number is expected to grow to over 200 million in 2009.

TCG specifications use the TPM as a hardware foundation for establishing trust. By design, the TPM will reliably behave in the expected manner as designed, a basic definition of trust. The TCG specifications build trust upwards from this hardware-based root of trust. An end product built around the use of the TPM for security is called a Trusted Platform.

For a Trusted Platform, three conditions must exist. First, all software and hardware components must be known and identifiable. Second, the expected operation of the platform must be established. Finally, consistent behavior must be verified or attested to at every level. The TPM provides the basis to satisfy all three of these criteria.

In addition to protected storage for cryptographic keys and certificates, the TPM provides unambiguous identity as well as shielded locations for operations that are free from external interference, as well as a means for reporting its status. To enable secure storage of data and digital secrets, the TPM includes asymmetrical key-pair generation using a hardware random number generator (RNG), public key signature, and decryption. Keyed-Hashing for Message Authentication (Hash Message Authentication Code), Secure Hash Algorithm, an execution engine, and cryptographic processor are elements of the TPM. The latest version of the TPM, called TCG 1.2 or TPM version 1.2, has added functions including transport sessions, a real-time clock, locality, save and restore context, direct anonymous attestation, volatile store, and delegation. The initial and added functions make the TPM a highly useful tool for increasing security in many enterprise applications.

Unlike proprietary hardware security systems, TCG’s open-standards-based TPM has flexibility and strong security support from third party certification. The security can be quantifiably measured using, for example, Common Criteria Evaluation Assurance Levels (EAL) 3+, 4+, and even 5+. Based on internal firmware that does not require programming, the TPM provides a turnkey solution.

Trusted Computing

With the TPM in its computers, corporations have been able to implement higher security for password management, single sign on, email security, data protection and other applications.

The philosophy behind secure sign-on and email security involves the TPM. Companies with distributed locations can safely use computers with built-in TPMs and appropriate application software designed to access and control the TPM’s operation, called the TCG Software Stack or TSS. Using the TSS, communications with the TPM can occur either locally or remotely, allowing application vendors to write programs that employ the TPM’s security features.

Using this capability and available third-party software, corporate personnel at remote company locations, such as stores, can transmit to and manage the TPM and their credentials. With the right server software, employees can create and verify their own digital certificates and securely encode and decode messages as well as safely save and encrypt files. Working with the TPM, additional software applications isolate contact information, passwords, bank access codes, and credit card numbers. Multi-factor authentication can allow some users a single-step authentication process, while others with different classifications may require at least a dual-factor authentication.

Trusted Storage

With the re lease of TCG Storage Architecture Core Specification Version 1.0 Revision 0.9, TCG’s Storage Work Group (SWG) extended TCG’s trust-establishing standards into storage. To develop the specification, the SWG considered the common use cases of enrollment, connection, protected storage, locking and encryption, logging, cryptographic service, and firmware downloads. A key management application note developed by the SWG’s Key Management Services Subgroup provides an essential process to simplify how keys are handled for self-encrypting drives. In addition, the SWG is defining a Security Subsystem Class (SSC) for laptop storage, data center drives, and optical storage.

The core specification can optionally use the capability of the platform TPM and the insight of industry experts from leading storage companies to implement self-encrypting drives (SED), solving the major problems that have plagued previous (software) encryption efforts, such as complexity, interoperability, scalability, decreased system performance, and fear of lost keys. Figure 1 shows how data centers can reduce the complexity of encryption by handling the encryption inside the storage units. In this situation, four encryption keys are eliminated from the data center by using self-encrypting drives.
Trusted Mobility

In addition to portable computers, today’s highly mobile workforce has handheld, wireless products capable of sending and receiving email and storing sensitive data as well as interfacing to the corporate network. These devices have, or will soon have, the ability to make transactions for numerous use cases. Because of their small size, these highly portable products are even more susceptible to loss or theft than a portable PC.

To take into account the unique requirements of mobile units with wireless connectivity, TCG announced the Mobile Trusted Module (MTM) specification in September 2006. Based on existing and anticipated applications for mobile security, this open-industry specification provides integrity, authentication, identity, and security functions. The security for these functions is cost-effective, reasonably implemented, interoperable, and transparent to users.

Wireless products operate in a mobile infrastructure that involves stakeholders, including the user/owner, the device manufacturer, the network service provider, and others, such as enterprises and third parties. To address the needs of these groups as well as the regulations and restrictions regarding cellular products, developers of the MTM specification considered several use cases. These involved security enhancements in the areas of platform integrity, device authentication, SIMLock/device personalization, secure software downloads, mobile ticketing and payment, user data protection and privacy, and more.

As cell phones become smarter, these portable wireless devices take on more of the characteristics of the PC and, as a result, eventually will be targets of attacks and malware similar to those for PCs. TCG’s MTM specification uses trusted engines to manipulate data and relies on software and TPM commands to provide increased protection against these attacks. The specification defines how roots of trust can be established for measurement, reporting, storage, and verification functions. The security also protects the data in the event that the device is lost or stolen.

A Trusted Network

With a highly mobile workforce and different levels of network users, network access is another aspect that administrators must consider in their overall effort to protect the enterprise. Without the appropriate protection, any entry point becomes a potential weak link for unauthorized access. TCG’s Trusted Network Connect (TNC) provides standards-based network access control (NAC) and another example of hardware-based security.

The highly mobile worker can become a victim of a software attack and unknowingly pass a virus or other malware to the network. An authorized network user with an infected computer can create a deceptive or lying end-point. Using software to avoid a lying end-point poses a serious challenge, since software can be attacked by the same viruses it is designed to thwart. With the TPM, critical software and firmware components, including the BIOS, are checked during the boot process. Making these measurements before the software runs and storing information on the TPM isolates the measurements from modification efforts for improved security. When the user connects the PC to the network, the stored measurements are sent to the TNC server where they are checked against the server’s list of acceptable configurations. If the sent data does not match the network requirements, the computer is quarantined as an infected end-point.

The TNC specification also provides options for network administrators to configure different levels of network access. Unlike proprietary NAC approaches, the standards-based access is interoperable.

The Trusted Enterprise

With TCG’s industry-developed and approved specifications, the entire enterprise can be protected. This is TCG’s goal. Figure 2 shows the linkage that exists between the diversified entities within and external to the enterprise.