TPM, part 2

[Leichter, Jerry]

All your data belong to us.  From Computerworld.

 							-- Jerry


Trusted Computing Group turns attention to storage
Chris Mellor


June 24, 2007 (TechWorld.com) The Trusted Computing Group has announced
a draft specification aimed at helping block unauthorized access to
sensitive data on hard drives, flash drives, tape cartridges and optical
disks. These devices won't release data unless the access request is
validated by their own on-drive security function.

David Hill, a principal in the Mesabi Group, said: "The public media
blares the loss of confidential information on large numbers of
individuals on what seems a daily basis, and that is only the tip of the
data breach iceberg for not having trusted storage. Trusted storage will
soon be seen as a necessity --not just a nice to have -- by all
organizations."

The Trusted Computing Group (TCG) is a not-for-profit industry-standards
organization with the aim of enhancing the security of computers
operating in disparate platforms. Its draft, developed by more than 60
of the TCG's 2175 member companies, specifies an architecture which
defines how accessing devices could interact with storage devices to
prevent unwanted access.

Storage devices would interact with a trusted element in host systems,
generally a Trusted Platform Module (TPM), which is embedded into most
enterprise PCs. The trust and security functions from the specification
could be implemented by a combination of firmware and hardware on the
storage device. Platform-based applications can then utilize these
functions through a trusted command interface negotiated with the SCSI
and ATA standards committees.

Thus a server or PC application could issue access requests to a disk
drive and provide a key, random number or hash value. The drive hardware
and/or firmware checks that this is valid and then supplies the data,
decrypting it if necessary. Future versions of the SATA, SCSI and SAS
storage interfaces would be extended to support the commands and
parameters needed for such access validity checking.

Mark Re, Seagate Research SVP, said: "Putting trust and security
functions directly in the storage device is a novel idea, but that is
where the sensitive data resides. Implementing open, standards-based
security solutions for storage devices will help ensure that system
interoperability and manageability are greatly improved, from the
individual laptop to the corporate data center." Seagate already has an
encrypting drive.

Marcia Bencala, Hitachi GST's marketing and strategy VP, said:
"Hitachi's Travelstar mobile hard drives support bulk data encryption
today and we intend to incorporate the final Trusted Storage
Specification as a vital part of our future-generation products."

The TCG has formed a Key Management Services subgroup, to provide a
method to manage cryptographic keys.

Final TCG specifications will be published soon but companies could go
ahead and implement based on the draft spec.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com