Lost or stolen data is probably the IT manager’s worst nightmare. The problems are real, the consequences are extremely serious, and if you do nothing about it, the likelihood of this happening to your company is increasing. Software-based approaches cannot provide the security required for a totally reliable protection. Hardware-based solutions used to establish a strong digital identity for both computer systems and users take security to a higher level.
Disclosing confidential information has costly consequences. If the information involves company secrets, such as proprietary process information or market strategy including pricing or customers, future business could be greatly jeopardized. If the information is confidential data entrusted to the company, state and national laws require a disclosure process that includes stiff monetary penalties and even potential jail time. If a company has used existing technology, specifically self-encrypting drives (SED), on lost or stolen computers or data storage devices, the data is inaccessible to others. As a result, using SEDs avoids the need for costly disclosures as long as the data was encrypted.
Administrators who think that their company has adequate security with software-based protection have probably been lucky so far. Consider that portable computers and other portable products with sensitive data are easily lost or stolen when they are in transit and, in fact, over 50,000 hard drives, thought to be extremely safe within the data center, are decommissioned and leave the data center daily. For returned drives with suspected problems, an IBM study indicates that 90 percent are still readable, allowing unauthorized personnel easy access to confidential data. Classifying the data on any decommissioned drive as secure without taking the proper security steps could lead to a data breach situation.
In contrast, on-drive encryption using SED protects the data on hard drives when they are inside and outside of the data center. Industry-developed open standards for securing hard drives as well as portable computers, desktop PCs, servers, cell phones and even the network itself now exist. An organization composed of leading technology companies is dedicated to creating this security.
Establishing Trust in Data Security
To implement increased security throughout the enterprise, the Trusted Computing Group (TCG) takes advantage of the expertise of over 130 member companies involved in hardware, components, software, services, networking, mobile phones, and storage devices. TCG’s efforts have already resulted in standards for many diverse, but linked areas, in the enterprise. The foundation for establishing trust is a hardware component called the Trusted Platform Module (TPM).
The TPM is typically a microcontroller, but the same capability can be implemented in an application-specific integrated circuit (ASIC) such as an Ethernet controller. To provide improved security, over 70 million enterprise-level desktop and PC computers already have a TPM. This number is expected to grow to over 200 million in 2009.
TCG specifications use the TPM as a hardware foundation for establishing trust. By design, the TPM will reliably behave in the expected manner as designed, a basic definition of trust. The TCG specifications build trust upwards from this hardware-based root of trust. An end product built around the use of the TPM for security is called a Trusted Platform.
For a Trusted Platform, three conditions must exist. First, all software and hardware components must be known and identifiable. Second, the expected operation of the platform must be established. Finally, consistent behavior must be verified or attested to at every level. The TPM provides the basis to satisfy all three of these criteria.
In addition to protected storage for cryptographic keys and certificates, the TPM provides unambiguous identity as well as shielded locations for operations that are free from external interference, as well as a means for reporting its status. To enable secure storage of data and digital secrets, the TPM includes asymmetrical key-pair generation using a hardware random number generator (RNG), public key signature, and decryption. Keyed-Hashing for Message Authentication (Hash Message Authentication Code), Secure Hash Algorithm, an execution engine, and cryptographic processor are elements of the TPM. The latest version of the TPM, called TCG 1.2 or TPM version 1.2, has added functions including transport sessions, a real-time clock, locality, save and restore context, direct anonymous attestation, volatile store, and delegation. The initial and added functions make the TPM a highly useful tool for increasing security in many enterprise applications.
Unlike proprietary hardware security systems, TCG’s open-standards-based TPM has flexibility and strong security support from third party certification. The security can be quantifiably measured using, for example, Common Criteria Evaluation Assurance Levels (EAL) 3+, 4+, and even 5+. Based on internal firmware that does not require programming, the TPM provides a turnkey solution.
Trusted Computing
With the TPM in its computers, corporations have been able to implement higher security for password management, single sign on, email security, data protection and other applications.
The philosophy behind secure sign-on and email security involves the TPM. Companies with distributed locations can safely use computers with built-in TPMs and appropriate application software designed to access and control the TPM’s operation, called the TCG Software Stack or TSS. Using the TSS, communications with the TPM can occur either locally or remotely, allowing application vendors to write programs that employ the TPM’s security features.
Using this capability and available third-party software, corporate personnel at remote company locations, such as stores, can transmit to and manage the TPM and their credentials. With the right server software, employees can create and verify their own digital certificates and securely encode and decode messages as well as safely save and encrypt files. Working with the TPM, additional software applications isolate contact information, passwords, bank access codes, and credit card numbers. Multi-factor authentication can allow some users a single-step authentication process, while others with different classifications may require at least a dual-factor authentication.
Trusted Storage
With the re lease of TCG Storage Architecture Core Specification Version 1.0 Revision 0.9, TCG’s Storage Work Group (SWG) extended TCG’s trust-establishing standards into storage. To develop the specification, the SWG considered the common use cases of enrollment, connection, protected storage, locking and encryption, logging, cryptographic service, and firmware downloads. A key management application note developed by the SWG’s Key Management Services Subgroup provides an essential process to simplify how keys are handled for self-encrypting drives. In addition, the SWG is defining a Security Subsystem Class (SSC) for laptop storage, data center drives, and optical storage.
The core specification can optionally use the capability of the platform TPM and the insight of industry experts from leading storage companies to implement self-encrypting drives (SED), solving the major problems that have plagued previous (software) encryption efforts, such as complexity, interoperability, scalability, decreased system performance, and fear of lost keys. Figure 1 shows how data centers can reduce the complexity of encryption by handling the encryption inside the storage units. In this situation, four encryption keys are eliminated from the data center by using self-encrypting drives.
Figure 1. Instead of key management involved for authentication keys (A keys) and encryption keys (E keys) that result when encryption is performed prior (upstream) to the storage devices (a), automatic encryption in hard drives eliminates the management of encryption keys (b). Source: IBM, LSI and Seagate partnership.
With encryption implemented at the drive, data de-duplication and data compression can be used upstream. Otherwise, these techniques that rely on either redundancy or re-occurrence of plain text cannot deal effectively with encrypted, random data and as a result, network performance metrics suffer.
Managing the authentication keys (or passwords) is one of the more important aspects of TCG’s specification, since the authentication key unlocks the self-encrypting drives. The encryption keys for the SED are established in the factory by on-board random number generators and the drive only stores the hash value of the authentication key for comparison during authentication. The encryption key is encrypted under the authentication key and stored on the drive. It never leaves the drive. To enable the operation, the encryption key is decrypted every time the drive is unlocked.
Trusted Mobility
In addition to portable computers, today’s highly mobile workforce has handheld, wireless products capable of sending and receiving email and storing sensitive data as well as interfacing to the corporate network. These devices have, or will soon have, the ability to make transactions for numerous use cases. Because of their small size, these highly portable products are even more susceptible to loss or theft than a portable PC.
To take into account the unique requirements of mobile units with wireless connectivity, TCG announced the Mobile Trusted Module (MTM) specification in September 2006. Based on existing and anticipated applications for mobile security, this open-industry specification provides integrity, authentication, identity, and security functions. The security for these functions is cost-effective, reasonably implemented, interoperable, and transparent to users.
Wireless products operate in a mobile infrastructure that involves stakeholders, including the user/owner, the device manufacturer, the network service provider, and others, such as enterprises and third parties. To address the needs of these groups as well as the regulations and restrictions regarding cellular products, developers of the MTM specification considered several use cases. These involved security enhancements in the areas of platform integrity, device authentication, SIMLock/device personalization, secure software downloads, mobile ticketing and payment, user data protection and privacy, and more.
As cell phones become smarter, these portable wireless devices take on more of the characteristics of the PC and, as a result, eventually will be targets of attacks and malware similar to those for PCs. TCG’s MTM specification uses trusted engines to manipulate data and relies on software and TPM commands to provide increased protection against these attacks. The specification defines how roots of trust can be established for measurement, reporting, storage, and verification functions. The security also protects the data in the event that the device is lost or stolen.
A Trusted Network
With a highly mobile workforce and different levels of network users, network access is another aspect that administrators must consider in their overall effort to protect the enterprise. Without the appropriate protection, any entry point becomes a potential weak link for unauthorized access. TCG’s Trusted Network Connect (TNC) provides standards-based network access control (NAC) and another example of hardware-based security.
The highly mobile worker can become a victim of a software attack and unknowingly pass a virus or other malware to the network. An authorized network user with an infected computer can create a deceptive or lying end-point. Using software to avoid a lying end-point poses a serious challenge, since software can be attacked by the same viruses it is designed to thwart. With the TPM, critical software and firmware components, including the BIOS, are checked during the boot process. Making these measurements before the software runs and storing information on the TPM isolates the measurements from modification efforts for improved security. When the user connects the PC to the network, the stored measurements are sent to the TNC server where they are checked against the server’s list of acceptable configurations. If the sent data does not match the network requirements, the computer is quarantined as an infected end-point.
The TNC specification also provides options for network administrators to configure different levels of network access. Unlike proprietary NAC approaches, the standards-based access is interoperable.
The Trusted Enterprise
With TCG’s industry-developed and approved specifications, the entire enterprise can be protected. This is TCG’s goal. Figure 2 shows the linkage that exists between the diversified entities within and external to the enterprise.
Figure 2. Using hardware-based trust as a foundation, TCG specifications provide enterprise-wide protection by considering how people use technology today and experts’ expectations for the future.
When overall enterprise security is being planned, administrators should take into account a number of points that industry specification developers considered to create specifications for PCs, servers, storage devices, mobile phones, and networks. These tips are summarized below.
Ten Tips for Securing Data
1. Start with standards as the foundation, avoid proprietary solutions
2. Use a hardware-based, not strictly software-based, solution
3. Make sure the chosen approach is scalable
4. Don’t leave unsecured gaps - protect the entire enterprise
5. Ensure that security is transparent to users
6. Make simple-to-implement and ease-of-use the priorities
7. Ensure interoperability throughout the enterprise
8. Opt for automatic over other alternatives
9. Look for an integrated solution
10. Start now
Michael Willett is co-chair for the Trusted Computing Group Storage Work Group and Seagate Research
I wish we could get some announcements from Michigan State (or was it U of M?) or Chicago Bridge and Iron. I'm surprised nobody but internet mentioned the fact that SKS referenced Archer-Daniels-Midland during the conference call.
News 
Market Data 
Discover 
AI
