trusted computing group trusted storage specification...storage for secrets with strong access...
TRANSCRIPT
Trusted Computing Group Trusted Storage SpecificationMichael Willett, Seagate Technology
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved. 2
SNIA Legal Notice
The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations and literature under the following conditions:
Any slide or slides used must be reproduced without modificationThe SNIA must be acknowledged as source of any material used in the body of any document containing material from these presentations.
This presentation is a project of the SNIA Education Committee.Neither the Author nor the Presenter is an attorney and nothing in this presentation is intended to be nor should be construed as legal advice or opinion. If you need legal advice or legal opinion please contact an attorney.The information presented herein represents the Author's personal opinion and current understanding of the issues involved. The Author, the Presenter, and the SNIA do not assume any responsibility or liability for damages arising out of any reliance on or use of this information.
NO WARRANTIES, EXPRESS OR IMPLIED. USE AT YOUR OWN RISK.
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Abstract
Trusted Computing Group (TCG) Trusted Storage Specification
The Trusted Computing Group (TCG) Storage Work Group recently published formal specifications for security and trust services on storage devices, including hard drives, flash, and tape drives. The majority of hard drive and other storage device manufacturers participated. Putting security directly on the storage device avoids the vulnerabilities of platform OS-based software security. The details of the Specification will be highlighted, as well as various use cases, including Full Disk Encryption with enterprise key/credential management.
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Marketing WorkgroupBrian Berger, Wave
Board of DirectorsScott Rotondo, Sun, President and Chairman
Server Specific WGLarry McMahan, HP
User Auth WGLaszlo Elteto, Safenet
TSS Work GroupDavid Challener, Lenovo
TPM Work GroupDavid Grawrock, Intel
Storage WG Robert
Thibadeau Seagate
AdministrationVTM, Inc.
Advisory Council Invited Participants
Best Practices Jeff Austin, Intel
Technical Committee Graeme Proudler, HP
Public Relations
Anne Price, PR Works
EventsMarketingSupportVTM, Inc.
Peripherals WG(dormant)
PDA WGJonathan Tourzan, Sony
PC Client WGMonty Wiseman, Intel
Mobile Phone WGPanu Markkanen, Nokia
Infrastructure WGThomas Hardjono, SignaCert
Conformance WGManny Novoa, HP
BOLD:Most Relevant to Storage Work
Key ManagementServices
Walt HubisLSI
Storage Interface Interactions
James HatfieldSeagate
Optical Storage Bill McFerrin
DataPlay
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Peripheral Controller Electronics
Primary Host Interface
Diagnostic Ports
Loadable Firmware
Data Sink / Source
Probe Points
Special Hardware Functions
Firmware FunctionsPower
Trust = systems operate as intended Objective: Exercise control over operations
that might violate trust
Needed: Trusted Storage commands
General Risk Model: Storage
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
TRUSTED SEND/IN
TRUSTED RECEIVE/OUT
T10/T13 defined the “container commands”
TCG/Storage defining the “TCG payload”
(Protocol ID = xxxx …..)
Protocol IDs assigned to TCG, T10/T13, or reserved
Joint Work –T10 (SCSI) and T13 (ATA)
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
TRUSTED STORAGE
ATA or SC
SI
Hidden StorageFirmware
Controller Storage
Firmware/hardwareenhancements for
security and cryptography
Trusted
Send and
Receive
Container Commands
• (Partitioned) Hidden Memory
• Security firmware/hardware
• Trusted Send/Receive Commands
• Assign Hidden Memory to Applications
ISVApplication
(on the Host)
Enterprise
Support
Security
Providers
Assign Hidden Memory to Applications
TRUSTED
FDE
SP
TCG/T10/T13
Implementation Overview
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Trust “Toolkit”:
Cryptographic SIGNING
CREDENTIALS (eg, signed X.509 Certificates)
Trust
System behaves as designed
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Hardware that
cannot changecan digitally sign
and therefore initiate a chain of trust
TPM (trusted platform module) is a tiny processor on the motherboard that can sign and whose firmware cannot be modified
Storage Devices can be roots of trust
Root of Trust
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Authentication/Attestation
Capability LevelLOW HIGH
Ability to interact with the Platform
TPer = Trusted Peripheral
Extending Trust to Peripherals
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Trusted Platform
TPMSecure
Communications
Trusted Storage
Life Cycle: Manufacture, Own, Enroll, PowerUp, Connect, Use, …
Root
Of
Trust
OR
Trusted
Element
Trusted Storage with Trusted Platform
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
3 Simple reasonsStorage for secrets with strong access control
• Inaccessible using traditional storage access• Arbitrarily large memory space• Gated by access control
Unobservable cryptographic processing of secrets• Processing unit “welded” to storage unit• “Closed”, controlled environment
Custom logic for faster, more secure operations• Inexpensive implementation of modern cryptographic
functions• Complex security operations are feasible
Why Security in STORAGE (hard drive)
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Forensic Logging DRM Building Blocks
DriveLocking
Full Disc Encryption
Crypto Chip
ALL Encrypted
-Laptop Loss or Theft
-Re-Purposing
-End of Life
-Rapid Erase
Personal Video Recorders
Crypto Key Management
TCG Storage Use Case Examples
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
TCG Storage Workgroup
Specification Overview and Core Architecture SpecificationSpecification Version 1.0
Revision 0.9 (DRAFT)
19 June 2007
Specification Overview
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Storage Specification Purpose
Define an architecture that:Enables application of access control over select value-add device featuresPermits configuration of these capabilities in conformance with the platform security policyIs scalable to different storage typesEncourages multi-vendor implementation
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
TCG Storage: Document StructureCore Spec Interface
PC SSC Enterprise SSC
Compliance and Security EvaluationAux
iliar
y D
ocum
ents
Spec
ific
Doc
umen
tsG
ener
al
Doc
umen
ts
SSC = Security Subsystem Class
Optical SSC
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
SPs (Security Providers)Logical Groupings of FeaturesSP = Tables + Methods + Access Controls
TablesLike “registers”, primitive storage and control
MethodsGet, Set – Commands kept simple with many possible functions
Access Control over Methods on Tables
TCG Storage WG Core Specification
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
MCTP = Multi-Component Trusted Platform
TPer = Trusted Peripheral (eg, Storage)
Core Architecture
SP = Security Provider
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Communications Infrastructure
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
- SPs have own storage, functional scope, and security domain
- Created by:
1) manufacturer (during Storage Device creation) AND/OR
2) Issuance Process
•Tables: rows = security associations, columns = related elements
•Persistent State Information: remains active through power cycles, reset conditions, and spin up/down cycles
•Methods are actions such as: table additions, table deletion, table read access, and table backup
•Authorities are authentication agents. Authorities specify passwords or cryptographic proofs required to execute the methods in the SP
•Access Control Lists (ACLs) bind methods to valid authorities
Security Provider (SP)
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
SP
Table
M
Method Name ACL
……Get User1
Set User2
MAuthorities
User1
User2
Each SP is a “sand box” exclusively controlled by its owner. SP functionality is a combination of pre-defined functionality sets called SP Templates:
BaseAdminCryptoLogClockLocking
Security Providers (SP)
Result: Comprehensive command architecture for putting selected features of storage devices under policy-driven access control
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Issuance is the act of creating a new SP (exchange/validation of credentials)
Templates define the initial tables and methods. All SPs = Base Templatetables and methods + other Templates: Admin Template, Crypto Template, and Templates for Forensic Logging and Locking/Encryption etc
Personalization is the customization of a newly created SP: modify initial table data and/or admin authority, customization of the default access control settings
Note: Admin SP manages Templates, creates other SPs under issuance control, andmaintains information about other SPs and the TPer as a whole. Admin SP cannot be deleted ordisabled.
Issuance Server
SP
SP Issuance/Personalization Overview
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
SPIssuance Server
ISV applicationREQUEST
ISSUANCE CREDENTIAL
Admin SP
(SESSION)
ISSUE SP
ISV SPPERSONALIZE SP
USE SP
Issuing an SP
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
- Cryptographic methods: utilize public and symmetric key store tables
- Credential tables + additional tables provided by Base and other Templates
- Encryption, Decryption, Signing, Verifying, Hashing, HMAC, and XOR
- AES, RSA, SHA, HMAC, Elliptic Curve, Random Numbers
01100110110010101
Crypto Template
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
ComID: allow TPer to identify caller of IF-RECV command
Secure Communications
Communications Architecture
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
ComPacket is the unit of communication transmitted asthe payload of an Interface command. A ComPacket isable to hold multiple packets in its payload.
Packet is associated with a particular session and mayhold multiple SubPackets.
SubPacket may hold multiple Tokens.
ComPacket
Packet
SubPacket
Token
Host Interface: Packetization
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Credentials: Permission “secrets”
Authentication Operation: proof of knowledge of a secret
The Authority table associates specific Credential-Operation pairs together in Authority objects
Access Control Lists (ACLs): lists of Access Control Elements (ACEs)
ACEs are Boolean combinations of Authorities.
Access Control
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Storage Architecture Core Specification
Storage
HDD SSC - Enterprise
Optical SSC (OSSC)
HDD SSC - Notebook
Security Subsystem
Class = SSC
Security Subsystem Classes
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Separatecontrol channel
ease of useunobtrusive
transparentcompatible
FDE
Optical Subsystem Class Goal
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Trusted Platform w/
Trusted Storage
- Multi-factor authentication: password, biometrics, dongles
- Secure/hardware storage of credentials, confidential financial/medical data
-Trusted life cycle management of personal information
- Integrity-checking of application software
- Cryptographic functions for storage and communications security
-Trusted/secure computation of high-value functions (protection from viruses/etc)
Home Banking (or Remote Medical, or … )
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
SPFDE
-Enterprise Server:Key generation and distribution
Key/Password archive, backup and recovery
-Laptop (Application):Master/User passwords, multi-factor authentication, TPM support
Secure log-in, “Rapid Erase”
-FDE Trusted Drive (self-encrypting):Disk or sector encryption, sensitive credential store, drive locking
Enterprise Management of Full Disc Encryption (FDE) Drives
Self-Encrypting Drive
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.32
Self-Encrypting Drives
Eventually ALL drives will be self-encrypting
• Simple
• Transparent
• Integrated
For when a drive leaves the owner's control
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.33
Storage System
No Performance DegradationEncryption engine speed The encryption
engine is in the
controller ASIC
Matches
Port’s max speed
Scales Linearly, Automatically
Storage System
All data can be encrypted, with no performance degradation Less need for data classification
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.34
The drive remains LOCKED when it is powered back ONThe drive LOCKS automatically when powered OFFAuthentication Key (Password) Unlocks the drive
34
Here is the un-encrypted
text
Here is the un-encrypted
text
P%k5t$@sg!7#x1)
#&%
Write and Read data normally while drive is unlocked
Self-Encrypting Drive Basics
Data protected from loss, disclosure
Write
Read
100% performance encryption engine
in the drive
Authentication Key
Management Service
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.35
Implement Transparent to OS, applications, databases – Automatic Scalability
May need to change OS, applications, databases
Re-key Exposed Keys
No re-encryption needed Re-encrypt all data
Recover Data Encryption keys don’t leave drives. No need to track or manage them.
Track, manage, escrow encryption keys, maintain interoperability
Retire HDD Delete encryption key Key compromised; Could make data across multiple drives unreadable
Encrypting outside the drive
Storage Systems
Self-Encrypting Drives
Storage Systems
Simplify Management
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
What Does the Future Look Like?
Encryption everywhere!Automatic performance scaling, manageability, security
Standards-basedMultiple vendors; interoperability
Unified key managementHandles all forms of storage
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
www.trustedcomputinggroup.org
Thank You!
TCG Trusted Storage Specification © 2008 Storage Networking Industry Association. All Rights Reserved.
Q&A/Feedback
Please send any questions or comments on this presentation to SNIA: [email protected]
Many thanks to the following individuals for their contributions to this tutorial.
- SNIA Education Committee
Robert Thibadeau Jason Cox
All Storage Manufacturers (contributors)