NEWS

Computing Now Exclusive Content — April 2009

News Archive

November 2009

Program Uses Mobile Technology to Help with Crises

More Cores Keep Power Down

White-Space Networking Goes Live

Mobile Web 2.0 Experiences Growing Pains

October 2009

More Spectrum Sought for Body Sensor Networks

Optics for Universal I/O and Speed

High-Performance Computing Adds Virtualization to the Mix

ICANN Accountability Goes Multinational

RFID Tags Chat Their Way to Energy Efficiency

September 2009

Delay-Tolerant Networks in Your Pocket

Flash Cookies Stir Privacy Concerns

Addressing the Challenge of Cloud-Computing Interoperability

Ephemeralizing the Web

August 2009

Bluetooth Speeds Up

Grids Get Closer

DCN Gets Ready for Production

The Sims Meet Science

Sexy Space Threat Comes to Mobile Phones

July 2009

WiGig Alliance Makes Push for HD Specification

New Dilemnas, Same Principles:
Changing Landscape Requires IT Ethics to Go Mainstream

Synthetic DNS Stirs Controversy:
Why Breaking Is a Good Thing

New Approach Fights Microchip Piracy

Technique Makes Strong Encryption Easier to Use

New Adobe Flash Streams Internet Directly to TVs

June 2009

Aging Satellites Spark GPS Concerns

The Changing World of Outsourcing

North American CS Enrollment Rises for First Time in Seven Years

Materials Breakthrough Could Eliminate Bootups

April 2009

Trusted Computing Shapes Self-Encrypting Drives

March 2009

Google, Publishers to Try New Advertising Methods

Siftables Offer New Interaction Model for Serious Games

Hulu Boxed In by Media Conglomerates

February 2009

Chips on Verge of Reaching 32 nm Nodes

Hathaway to Lead Cybersecurity Review

A Match Made in Heaven: Gaming Enters the Cloud

January 2009

Government Support Could Spell Big Year for Open Source

25 Reasons For Better Programming

Web Guide Turns Playstation 3 Consoles into Supercomputing Cluster

Flagbearers for Technology: Contemporary Techniques Showcase US Artifact and European Treasures

December 2008

.Tel TLD Debuts As New Way to Network

Science Exchange

November 2008

The Future is Reconfigurable

Trusted Computing Shapes Self-Encrypting Drives

by James Figueroa

Earlier this year, the Trusted Computing Group (TCG) released new standards for self-encrypting storage (SES), specifications that many large drive manufacturers anticipated as an improved model of hardware security. Drives featuring the new full-disk encryption began appearing in March, eliciting acclaim from many observers but prompting a slew of questions ranging from user accessibility to key management.

According to TCG's official blog, the most practical use for SES is to protect data when a laptop is stolen or drives are recycled. The hardware encryption is specified within the drive and not in any other part of the PC, including RAM, making the technology invulnerable to tactics such as cold boot attacks, which have been proven effective against other forms of full-disk encryption.

"For this use case, the trusted storage specifications define the concept of self-encrypting storage (SES), in which the hardware circuitry for encryption and decryption is integrated directly into the onboard storage electronics," said Seagate Technologies senior director of research Michael Willett. "Everything written to storage is encrypted and everything read from storage is decrypted at full channel speeds."

TCG claims that self-encrypting drives don't interfere with performance, a key issue compared to other forms of hardware security. The drives also include a lockdown feature that administrators can use to immediately wipe any data, and with the user-level authentication password the drives are considered impossible to crack.

"We're protecting data at rest," said TCG chair Robert Thibadeau. "When a USB drive is unplugged, or when a laptop is powered down, or when an administrator pulls a drive from a server, it can't be brought back up and read without first giving a cryptographically strong password. If you don't have that, it's a brick. You can't even sell it on eBay."

Several manufacturers have introduced new drives with SES technology or are planning launches, including Fujitsu, Hitachi, and Seagate. TCG released its three new specifications in January—a data center storage specification called Enterprise SSC, the Storage Interface Interactions Specification (SIIF) for common storage interfaces such as SCSI and ATA, and Opal, the specification for individual laptops that’s getting the most attention from the industry.

Weighing the Benefits

Reaction to the standards has mostly been positive. "If you're not already a fan of the Trusted Computing Group, you should be," said InfoWorld blogger Roger A. Grimes, who gave a glowing review of the Opal specification. "It is one of the few groups coming up with open-standard, long-term, real security solutions. Anything it does has my full support."

CNet correspondent Jon Oltsik, a senior analyst with the Enterprise Strategy Group, sees self-encrypting drives as the eventual replacement for software encryption utilities. "To me, this conversion is inevitable since hardware-based cryptographic processing tends to lead to superior security and performance while eliminating the muss and fuss around software procurement, installation, and maintenance," he said.

Oltsik called for the US federal government to lead the way in transitioning its systems to the new drives, envisioning them as a fitting solution for aging equipment with lots of vulnerabilities. 

However, not everyone is enthusiastic. Noted security expert Bruce Schneier, who has often criticized trusted computing, dismissed the standard as unnecessary next to software solutions such as PGP's Whole Disk Encryption, a product Schneier has a personal stake in as a member of the software maker's technical advisory board. The most salient problem, Schneier says, isn't at the security level but at the human level.

"You're not secure against someone snatching your laptop out of your hands as you're typing away at the local coffee shop," he explained. "And you're not secure against the authorities telling you to decrypt your data for them. The latter threat is becoming more real. I have long been worried that someday, at a border crossing, a customs official will open my laptop and ask me to type in my password. Of course I could refuse, but the consequences might be severe—and permanent."

A similar situation formed during a March court case in Vermont. Sebastien Boucher, a Canadian citizen who was stopped while traveling across the border to his home in Vermont, was arrested for child pornography after he gave inspectors access to his laptop encrypted by PGP software. Boucher later refused to divulge his password in court, citing the Fifth Amendment, and initially won a judge's support before the ruling was overturned on appeal.

To avoid those sorts of legal problems, Schneier recommends keeping as little data as possible on laptops, advice that many users could have difficulty following. In Boucher's case, the offending images were stored in temporary Internet files that might have appeared as Boucher browsed anime pornography. Protecting against theft while the machine is running is another matter; Schneier's solution is to keep important documents on an encrypted virtual drive, so thieves would only be able to access a limited number of files.

Matter of Trust

TCG is still regarded as a controversial organization in some circles because of concern about digital rights management, vendor lock-in, and third-party management. Other organizations such as the Free Software Foundation and the Electronic Frontier Foundation were among the most vocal critics when TCG formed in 2003, expressing fears that the technology would promote anti-competitiveness. Most of those concerns quieted by the time TCG released the specifications for Trusted Platform Module, a cryptoprocessor that appears in most new chipsets, although few systems make use of it.

The release of the self-encrypted drives standards renewed some of those fears, such as the possibility that manufacturers can install backdoors. Schneier's blog featured a hotbed of debate about the drives, which included participation from TCG critics and proponents.

Dmitry Obukhov, a Samsung project manager who has experience with SES technology, denied any possibility that it would accommodate manufacturer backdoors and emphasized that key generation is entirely random, with the keys never leaving the drive.

InfoWorld's Grimes, a TCG supporter, acknowledged that there might be too much ambiguity in key management, which is left up the manufacturer and left unaddressed in the specifications.

"The encryption storage device spec may not be broad enough or perfect, but it's a step in the right direction," he said.

Share this article


Suggestions