Making Data at Rest Encryption Easy
Jason Cox
Client Security Products Lead Seagate Technology
What is “SED”?
Self Encrypting Drive Basics
– The storage device LOCKS when it powers OFF.
• The storage device remains LOCKED when it is powered back ON. • Authentication UNLOCKS the storage device.
– The storage device Reads and Writes data normally while drive is unlocked
• The plaintext data sent to the device is encrypted before being written
• The encrypted data read from the device is decrypted before being returned – Benefits
• Always encrypting at line speed (no performance impact) • Auto locking on power off
• Retirement, disposal, end of life
2
Here is the un-encrypted text P%k5t$
@sg!7#x1) #&%
Write
Read
100% performance encryption engine in the drive
Authentication Key
Management Service
Needs & Solutions
Security Foundation
Customer Needs SED Solutions
Instant Secure Erase
Quick & Simple
Data Encryption Key Erasure Crypto-Erase & Sanitize Features
Easy Disposal & Repurposing
TCG-Compliant Security
Requires TCG Host Controller & Key Management System
SED Drives Data-At-Rest Protection FIPS 140-2 Certified SED FIPS Drives Government-Grade Security
Why SEDs?
• There’s “stuff” on your laptop that has value, and
makes loss/theft costly to you or your company.
– It costs you or your company
• time or money to replace• time or money to do damage control.
– Your company could lose
business.
– You could lose your job,
or have your identity stolen.
• PLUS, regulatory compliance requirements!
– ie HIPAA, other new data privacy and breach notification
legislation in the US and abroad
Types of Information
• What is this “stuff”?
– Personal (important to you): Identifying info, banking info,
browser histories (banks, social networking sites, etc.), cookies, cached account names/passwords, other auto-fill form info,
personal email
– Corporate (important to your company): product road maps, product schematics, design documents, customer and supplier info, email, employee records, consumer data, source code
• What about on a drive in a data center?
Cost
• Is this really something to worry about?
– IBM estimates that
• 50,000 drives are retired from data centers daily1
• 90% of drives returned for warranty contain readable data1
• Companies are generating more data
– Accessed by or stored on more devices
• Data Loss is expensive
– Data breaches cost more than $6M on average per incident2
– Lost/stolen laptops and mobile
data-bearing devices cost $258 per record2
• (20% more per record than a “general” data breach)
– Average consumer out-of-pocket cost due to identity fraud increased to $631 per incident3
1http://www.redbooks.ibm.com/abstracts/tips0761.html
22010 Annual Cost of a Data Breach: US Study, Ponemon Institute (sponsored by Symantec), March 2011 3http://bucks.blogs.nytimes.com/2011/02/09/the-rising-cost-of-identity-theft-for-consumers/
End of Life – Cryptographic Erase
• What do you do about the “stuff” when
you’re done with it?
– Overwrite
– Degauss
– Physical destruction
• SEDs provide for near-instantaneous cryptographic
erase
– Destroying the media encryption key makes the encrypted data unrecoverable
– Near instantaneous
– Can affect retired or otherwise unreachable portions of the storage device
The Information on
Eight 3.0TB Hard Drives
8
Could Have Been
Cryptographically Erased
In The Time It Takes To Process This
Slide…
Standards
Storage Interfaces:
•Incits Technical Committees
• T10 – SCSI Storage Interfaces •T13 – AT Attachment (ATA)
Security Subsystem Management:
•Trusted Computing Group Specifications •Trusted Storage Core Specification •Storage Interface Interactions •Opal SSC
•Enterprise SSC Security Assurance:
•Federal Information Processing Standards (FIPS) •FIPS 197 Advanced Encryption Standard
Benefits of Standards
• Simplifies Procurement
– Cross-vendor compatibility
– Standard interface
• Simplifies Software Development
– Common capabilities
– Common interface
• Assurance of security capabilities
– NIST/FIPS validated security functionality
10
Standardization is the process of developing and implementing technical standards. The goals of standardization can be to help with compatibility, interoperability, safety, repeatability, or quality. -Wikipedia, “Standardization”
TCG Storage Specifications
Core Spec SIIS
Opal SSC Enterprise SSC Spe ci fic Do cum en ts Ge ne ra l Do cum en ts T10 (ATA) T10 (SCSI) Opal
App Note Enterprise App Note
Suppo rt ing Do cum en ts
SSC Overviews
• Opal
– Main Motivation
• Provide a solution to address current market needs:
– Stolen/lost laptop data leakage. – End of life / disposal.
• Features
– Simple PIN-based authentication. – Provide encryption and locking.
– Pre-OS boot authentication mechanisms.
• Enterprise
– Main Motivation
• Provide a solution to address current market needs:
– Minimize the time to bring devices online in a data center environment.
– Protect confidentiality of stored user data after device leaves owner’s control – End of life / disposal
• Features
– Simple PIN-based authentication. – Provide encryption and locking
FIPS 140-2 – Government Grade Security
• Joint Effort Between NIST & CSEC
• FIPS 140-2 is the Current Standard
– Segmented Into 4 Levels (Level 2 is Tamper Evident Physical Security)
• Accepted by Federal Agencies for the Protection of
Sensitive Information
• Cryptography
– Must Be FIPS Validated
– Unvalidated Cryptography Viewed as No Protection “Plain Text” by Federal Agencies
What are the Benefits of FIPS?
• Generates New Business Opportunity /
Expanded Markets
– Government, Health Care, Finance, etc.
• Product Testing Conducted in a Rigorous &
Standard Manner
• Accepted / Validated Cryptographic Algorithms &
Best Security Practices
Benefits of Standards (Revisited)
• Simplifies Procurement
– Cross-vendor compatibility
– Standard interface
• Simplifies Software Development
– Common capabilities
– Common interface
• Assurance of security capabilities
– NIST/FIPS validated security functionality
Standardization is the process of developing and implementing technical standards. The goals of standardization can be to help with compatibility, interoperability, safety, repeatability, or quality. -Wikipedia, “Standardization”
IT Deployment
16
Drive is Manufactured (and encrypting from the factory)
Ships to OEM OEM configures system Ships to end user IT installs corporate OS image IT installs security management software* Software detects Opal SED Software installs MBR shadow (pre-OS boot authentication) Software installation activates SED functionality Software configures authentication and locking ranges
*This could be part of the OS, rather than a separate software application
SECURITY IS NOW ENABLED DRIVE WILL LOCK ON POWER LOSS
IF THE DRIVE IS STOLEN, THE DATA IS
PROTECTED AT END OF LIFE, DRIVE CAN BE REPURPOSED WITH SECURE ERASE Including SW-managed TPM integration
In the Data Center
Drive is Manufactured (and encrypting from the factory)
Ships to
OEM OEM integrates
into SED management storage system Ships to customer SysAdmin installs new volume / storage system in data center SysAdmin initializes new system (authentication key, locking configurations) SECURITY IS NOW ENABLED DRIVE WILL LOCK
ON POWER LOSS
IF THE DRIVE IS LOST OR STOLEN, THE DATA IS PROTECTED AT END OF LIFE, DRIVE CAN BE REPURPOSED WITH SECURE ERASE
End of Life (Revisited)
Need to Easily Refurbish / Repurpose Drives?
Solution – Cryptographic Erase
Performs Instant Secure Erase
Authentication Keys Return to Default Settings
Benefits
Instantaneous Erase For Secure Disposal
Instantaneous Global Reset to Repurpose Drive to Default Settings
