Implementation of Security Functions in Storage Devices, Schemes and Mind Maps of Technology

Download Implementation of Security Functions in Storage Devices and more Schemes and Mind Maps Technology in PDF only on Docsity! SP EC IA L RE PO RT 1 SPECIAL REPORT TOSHIBA REVIEW | Vol.69 No.1(2014) ■YAMAKAWA Teruji ■ARAMAKI Yasuto ■UMESAWA Kentaro With the growing importance of information security, demand has been increasing for the implementation of appropriate security functions in storage devices such as hard disk drives (HDDs) and solid-state drives (SSDs) according to their applications. In the field of storage products for personal mobile devices, it is necessary to prevent unauthorized leakage of data in the event of loss or theft of a mobile device. In the field of storage products for enterprise use such as data center servers, on the other hand, it is necessary to provide quick and secure data erasing in the event of failure or at the time of disposal of HDDs and SSDs at low cost. To fulfill these diverse requirements, Toshiba has been developing firmware common to both personal and enterprise storage products using libraries with the necessary security functions, and has also been making efforts to obtain third-party certifications based on a security validation program to certify the design and implementation of these security functions. 1. Introduction The importance of information security is increasing. To address the needs for information security, the IT industry has continuous- ly explored and developed new technologies. These technologies are crucial in protecting information stored in storage devices. Previously, security technologies were primarily used to prevent information leakage in the event of loss or theft of Universal Serial Bus (USB) memory sticks or PCs. However, with the prevalence of cloud storage, protecting personal information stored in data cen- ters is also becoming increasingly important. This article outlines the information security required for diverse storage products as well as Toshiba’s initiatives to fulfill such requirements. 2. Current Self-Encrypting Drives (SEDs) 2.1 SED Market Sectors and Market Demands The HDD/SSD market is broadly divided into two sectors: mobile storage primarily for personal use and enterprise storage mainly for data center and other business servers. These market sectors have different requirements for cryptographic technologies. In the field of mobile devices, internal and external HDDs and SSDs for notebook PCs are the major concern for information Implementation of Security Functions in Storage Devices protection. It is necessary to prevent data leakage in the event of loss or theft of a mobile device. To prevent unauthorized access to the stored data, mobile devices need password-based user authentication and data encryption mechanisms. In contrast, storage products for enterprise use do not need any robust protection against loss or theft because they are general- ly placed in secure rooms in data centers and elsewhere. Rather, the market for enterprise storage products places higher priority on low-cost data protection solutions in the event of hardware failure or at the time of disposal of HDDs and SSDs. Therefore, enterprise storage products must provide a data encryption mechanism and a capability to cryptographically lock up and invalidate data by means of key zeroization. Conventionally, users had no choice but to rely on lengthy data overwrite operations or physical destruction of a drive in order to prevent data leakage when disposing of HDDs and SSDs. However, data cannot be overwritten in the event of a drive failure. Additionally, the ever increasing storage capacity is pos- ing an issue in terms of the time, and therefore the cost, taken to overwrite the entire data. Storage products incorporating cryptographic technology deliver several advantages in terms of data security. Encryption allows data to be securely protected in the event of any hardware failure. Furthermore, the entire data (pp.18-21 in original) TOSHIBA REVIEW | Vol.69 No.1(2014)2 in HDDs and SSDs can be invalidated instantaneously just by changing the encryption key (Crypto Erase); this is a secure and low-cost means of disposing of the entire data on drives. The data invalidation capability makes it possible for data centers offering cloud storage services to quickly reallocate sanitized storage spaces to new customers. Under these circumstances, market demand is increasing for SEDs that automatically encrypt data as it is written to the drive. 2.2 Security Standards for SEDs Table 1 lists the security standards with which SEDs should comply in order to address security concerns, and the functions of these security standards. Key features of the Trusted Computing Group (TCG) standard include data encryption and a capability for creating multiple storage ranges with each having its own access control (range management). Additionally, the TCG Opal Security Subsystem Class (SSC) standardizes pre-boot authentication(1). HDD and SSD controllers must incorporate a cryptographic circuit to encrypt data as it is written and decrypt it as it is read out. The TCG standard relies on the XTS and CBC modes of the Advanced Encryption Standard (AES). Although the TCG stan- dard only requires the use of a 128-bit or longer key, Toshiba’s SEDs use a 256-bit key to ensure long-term data security. The range management feature of the TCG standard divides the disk space of an HDD or SSD into several address ranges for the purpose of security control. Each range is protected by its own encryption key, allowing only the authorized users to man- age the associated range (Fig. 1). Although the Institute of Elec- trical and Electronics Engineers (IEEE) 1667 standard stipulates the use of the eDrive specification adopted by the Microsoft® BitLocker® (*1), it is incompatible with the TCG Opal SSC pro- vided by independent software vendors (ISVs). It is still unclear which security standard will prevail in HDDs and SSDs. 2.3 Toshiba’s SED Implementation Toshiba has consolidated its storage security design & develop- ment departments. The newly established division develops enterprise and mobile storage products compliant with various security standards described in Section 2.2. It is responsible for perusing these security standards to cre- ate libraries that implement basic functionality common to them such as password authentication, access control, random number generation and key management. These libraries are designed for common use by multiple HDDs and SSDs. They are utilized to create range locking/unlocking and other higher- level security functions required by the security standards. The new division is also creating common firmware for enterprise or mobile storage products, which is designed to process the TCG Trusted Send/Receive and Security Protocol In/Out com- mands for both T10 and T13. This firmware helps improve the HDD/SSD development efficiency. Furthermore, it makes the behaviors of security-related commands on all storage products look identical from the host as long as they support the same security standard; this simplifies replacing HDDs with SSDs and vice versa. Fig. 2 shows the structures of HDDs/SSDs and the password (PIN) authentication sequence. For example, in the TCG Opal SSC sequence, a PIN is sent as a parameter to the Trusted Send command, decoded by the TCG processor and then acknowl- edged by the basic security processor during the PIN authen- tication process. Once the PIN is authenticated, the associated range is unlocked for both read and write accesses. 2.4 Certification of Toshiba’s Security Functions by Third-Party Organizations Conformance to TCG and other security standards is neces- sary but insufficient to proclaim that a given storage product OS range: All users are authorized to unlock the range. Range A User range A: All users who regularly use the PC and the supervisor are authorized to unlock the range. Range B User range B: Users who temporarily use the PC and the supervisor are authorized to unlock the range. Range C Supervisor range: Only the supervisor is authorized to unlock the range. Range D Disk space Fig. 1 Example of use of logical block address (LBA) ranges in disk space — Only the authorized users can access the associated LBA ranges unless they are unlocked. Range locking protects user’s information. Table 1 Security standards for self-encrypting drives (SEDs) Field Security Standard Function Mobile ATA Security Feature Set Password authentication Data encryption Range management TCG Opal SSC IEEE 1667 Enterprise TCG Enterprise SSC Range management Crypto Erase T10 & T13 Sanitize Crypto Erase ATA: Advanced Technology Attachment (*1) Microsoft and BitLocker are registered trademarks of Microsoft Corporation in the U.S. and other countries.