Wave Systems Corp. (fka WAVXQ)

[Fullmoon]

Seeing is Trusting—Trust in Optical Storage
Tom Coughlin
Coughlin Associates

http://images.vertmarkets.com/crlive/files/downloads/37bb1286-65c1-4433-88f4-f978d9188a41/SeeingIsTrustingTrustInOpticalStorage.pdf

Optical discs are a major source of entertainment content and also a popular way to share,
transport and back up data files. Security of optical discs has been problematic with
inconsistent approaches to data encryption. News reports show the vulnerability of
unprotected content on optical discs being compromised when discs with sensitive data
are lost or stolen.
Putting Trust into Storage Devices
The Trusted Computing Group (TCG) is creating specifications for data storage devices
with on-board encryption. The embedding of the encryption key within the storage
device provides good data protection since the encryption key never leaves the storage
device. Several hard disc drive products from Seagate Technology, Hitachi Global
Storage Technology and Fujitsu incorporate on-board data encryption for laptops and
even PCs. Encrypted laptop hard disc drives prevent access to the data on the drive if the
laptop is lost or stolen. Efforts are underway to add such on-board data encryption to
other storage devices such as magnetic tape, flash memory and optical discs.
Device level encryption can be extended into enterprises using various key management
techniques. Key management allows central control of content access using encryption
keys located in various storage devices and systems within an enterprise. These key
management standards are being developed by members of the TCG and working with
other standards groups, particularly a subgroup of the IEEE 1619 standards group.
Management of encryption keys in various storage devices will be an important element
in enterprise encryption key management.
TCG Optical Storage Subgroup
The Optical Storage Subgroup of TCG provides a set of specifications that enable the
implementation of Trusted Optical Storage. Using standards-based encryption techniques
these optical specifications allow users to create, edit and share optical discs with
protection against theft or loss and subsequent exposure of the recorded data to
unauthorized users. As part of its charter, this group will create an authority that will be
available to ensure interoperability among device manufacturers. Participating in the
Optical Storage Subgroup are optical disc drive manufacturers, software vendors and
designers of custom integrated electronic components. Storage, security management
and storage integration vendors also participate in the subgroup.
The Trusted Computing Group Optical Storage Subgroup has created a Trusted Optical
specification. The Optical Storage Subgroup specification enables implementation of
Trusted Optical Storage. The new specification encrypts user data on standard recordable
optical discs. It provides access control to support organization security policies with
strong n-factor authentication and full disc encryption (FDE).
Trusted Optical Storage is implemented in optical drives using conventional optical
media (currently CDs and DVDs). This means that the encryption is done at the logical
data level rather than at the physical level. The TCG Optical Storage Security Subsystem
class can be implemented externally where an optical drive that doesn’t match the
specification is integrated into TCG compliant devices. It can also be implemented using
a TCG compliant ASIC. Trusted Optical Storage can also be integrated into the optical
device controller. These approaches will develop over time resulting in greater
integration of encryption inside the optical drive.
The initial Trusted Optical Storage specification compliant products will utilize a USB to
SATA bridge device where the encryption is performed on the bridge circuitry to provide
data encryption. This is an example of the external implementation described above.
These products offer 2048-bit RSA secure channel for data in-flight and use 128- and
256- bit AES encryption on the stored content.
At a recent TCG meeting, secure optical storage was demonstrated utilizing this
encryption on rewritable optical media. The bridge device can be added to any optical
disc recorder (CD or DVD) to make it a Trusted Optical Storage Device. These products
will be shown publically at the Trusted Computing Group booth at the 2009 Storage
Visions conference (www.storagevisions.com) as well as at the 2009 Consumer
Electronics Show (www.cesweb.org). The just released specification can be obtained
through the Trusted Computing Group at www.trustedcomputinggroup.com.
Applications and Extension to Blu-Ray
Optical encrypted drives are initially targeted for applications such as government
agencies, military data sharing, health records and financial service information. These
industries are driven by the need to meet data security requirements including potentially
embarrassing data security breach notifications. Extending the reach of TCG
specifications to optical disc systems allows enterprises greater flexibility in creating
compliant storage infrastructure with little or no additional storage management
complexity or cost.
As is the case with encrypted hard drives, optical disc encryption is expected to spread to
a much greater population of optical drives giving users the capability of a secure way of
backing up and protecting their data on removable optical discs. This will be easier to do
and done at lower cost as the encryption technology becomes embedded inside the optical
drives rather than implemented using an external bridge circuits.
The Optical Subgroup of TCG is also working with the Multimedia Commands working
group within the ANSI/INCITS T10 (SCSCI) standards committees to make sure that any
required specification changes are dealt with in publicly available standards.
At present, the Trusted Optical initiative and initial products only cover “red“ laser CD
and DVD products. The TCG Optical Subgroup is expected to extend this to “blue” laser
Blu-ray products in 2009. The initial products for Blu-ray write once drives will also use
a USB to SATA bridge device to perform the encryption. Blu-ray write once and
rewritable devices have recently become available. As these higher capacity optical discs
become more common with increasing volume and lower prices, encryption will provide
a better way to protect the greater amount of data and content.
About the Author
Tom Coughlin, President, Coughlin Associates is a widely respected storage analyst and
consultant. He has over 30 years in the data storage industry. Tom is also the author of
Digital Storage in Consumer Electronics: The Essential Guide, which was published by
Newnes Press in March 2008. Coughlin Associates provides market and technology
analysis (including reports on several digital storage technologies and applications and a
newsletter) as well as Data Storage Technical Consulting services. Tom is the founder
and organizer of the Annual Storage Visions Conference, a partner to the annual
Consumer Electronics Show as well as the Creative Storage Conference that was recently
held during the 2008 NAB. Tom is also a contributor to the Trusted Computing Group,
writing articles and blogs on this technology. For more information, go to
www.tomcoughlin.com.