Data Security Using TCG
Self-Encrypting Drive
Technology
Tom Coughlin, Founder, Coughlin Associates.
Tom has worked for over 20 years in the digital storage industry as an engineer and engineering manager. He has over 70 published articles, books and reports and 6 granted patents. Coughlin Associates publishes reports on digital storage and applications as well as provides various types of consulting services. Tom is an active member in IDEMA, IEEE, SMPTE, SNIA and other technical organizations.
Dr. Michael Willett, Storage Security Strategist, Samsung.
Recently, Dr. Willett was a Senior Director at Seagate Research, focusing on security functionality on hard drives, including self-encryption, related standardization, product rollout, patent development, and partner liaison. Currently, Dr. Willett serves as a consultant on the marketing of storage-based security. Presently, Dr. Willett is working with Samsung as a storage security strategist, helping to define their self-encryption strategy across Samsung’s portfolio of solid-state storage products.
Hussein Syed, Director of IT Security, Barnabas Health.
Hussein has over 18 years IT experience of which 10 years has been in IT Security. He has a thorough
understanding of health care business enablement (both clinical and business-driven) focusing on secure practice and compliance. In his role he has to remain technical and understands its impact on risk, workflow, patient care/satisfaction and physician/clinician enablement. Hussein has also participated in Gartner and NJHIMMS roundtable sessions on HIPAA/HITECH and IT Security.
•
Increasing world-wide financial and legal consequences for
data loss and data breaches
•
Safe Harbor laws in most of the US and the EU for loss of
devices with secured and encrypted data
•
Trusted Computing Group (TCG) standards for
notebook/portable computers (OPAL) and Enterprise Storage
Devices using FIPS compliant AES 128 and 256 bit encryption
•
Lower overhead encryption and decryption for SEDs than
software encryption
•
SEDs allow fast Crypto-Erase that sanitizes drive data before
drive replacement, repair, de-commissioning, re-purposing and
end of life
•
Most major storage device companies provide SEDs
•
Seagate, Western Digital, HGST (part of WD) and Toshiba offer portable
and/or enterprise TCG encrypted HDDs
•
Micron and Samsung provide TCG OPAL compliant SSDs
•
There are special advantages for TCG encrypted SSDs
•
Crypto-erase may be the most effective way to sanitize an SSD
•
The overhead penalty for software encryption vs. self-encryption is even
more significant for SSDs than HDDs
0
50
100
150
200
250
300
350
400
450
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
M
illio
n
U
nit
s S
hip
pe
d
High
Median
Low
By 2017, all hard disk drives will be SED
capable, with encryption integration into
the controller (as a reference point, over
25% were SED enabled in 2011)
0
5
10
15
20
25
2009
2010
2011
2012
2013
2014
2015
2016
M
illio
n
U
nit
s S
hip
pe
d
High Estimate
Mean Estimate
Low Estimate
By 2013, 80% of SSDs
will be SED capable and
by 2016, penetration
All Drives eventually leave the data center
•
IBM estimates 90% are still readable
Why secure data?
•
Increasing global regulations for data security
•
PCI, HIPAA regulations require data privacy
•
46+ states have breach notification laws with encryption safe harbor
•
Increasing consequences of non-compliance from privacy protection and
breach notification laws
•
Ponemon Institute estimates $194 for US company per compromised
customer record in 2011; Average total per-incident cost of $5.5 Million.
•
Privacy Rights Clearinghouse reports 607,234,229 records have been
The Problem…
Reported Data Breaches Since February 2005 to Now
0 5 10 15 20 25 30 35 40 45 Feb-05 Apr-0 5 Jun-0 5 Aug-0 5 Oct -05 Dec-0 5 Feb-06 Apr-0 6 Jun-0 6 Aug-0 6 # of r epor ted br eac hes per m ont h
Source: Privacy Rights Clearinghouse
Since 2005, over 345,124,400 records
containing sensitive personal
information have been involved in
security breaches
http://www.privacyrights.org/ar/ChronDataBreaches.htm
In 2008, the average cost of a data breach was
$6.65 million per affected corporation ($202 per
record)
The Problem…
Reported Data Breaches Since February 2005 to Now
0 5 10 15 20 25 30 35 40 45 Feb-05 Apr-0 5 Jun-0 5 Aug-0 5 Oct -05 Dec-0 5 Feb-06 Apr-0 6 Jun-0 6 Aug-0 6 # of r epor ted br eac hes per m ont h
Source: Privacy Rights Clearinghouse
Since 2005, over 345,124,400 records
containing sensitive personal
information have been involved in
security breaches
http://www.privacyrights.org/ar/ChronDataBreaches.htm
In 2008, the average cost of a data breach was
$6.65 million per affected corporation ($202 per
record)
$6.65 Million Per Incident
Legal
Financial
Reputation
•
Threat scenario: stored data leaves the owner’s
control – lost, stolen, re-purposed, repaired,
end-of-life, …
• Compliance (Breach Notification)
46+ states have data privacy laws with encryption safe harbors
New U.S. Federal and EU data breach legislation
• Data center and laptop drives are mobile (HDD, SSD)
• Exposure of data loss is expensive ($6.65 Million on
average per incident
1
)
• Obsolete, Failed, Stolen, Misplaced…
Nearly ALL drives leave the security of the data center
The vast majority of decommissioned drives are still readable
Security Subsystem Classes:
Opal (laptop)
Enterprise (data center)
Optical
•
Transparency:
SEDs come from factory with encryption
key already generated
•
Ease of management:
No encrypting key to manage
•
Life-cycle costs:
The cost of an SED is pro-rated into
the initial drive cost; software has continuing life cycle costs
•
Disposal or re-purposing cost:
With an SED,
erase on-board encryption key
•
Re-encryption:
With SED, there is no need to ever
re-encrypt the data
•
Performance:
No degradation in SED performance
•
Standardization:
Whole drive industry is building to the
TCG/SED Specs
•
No interference
with upstream processes
Encrypted
User Data
Hashed
AK
Encrypted
DEK
AK
Authentication Key
DEK
Data Encryption Key
Correct
AK?
Yes Drive does NOT respond to Read or Write Reqs NoClear Data
Hash
AK
=
decrypts
Clear AK
DEK
Unlock
HDD
decrypts User
DEK
encrypts and
Data
P
re-boot
Authentication
Stored Data Protection
•
Should equipment be lost, data is not exposed
•
All user data is always encrypted
•
Encryption function cannot be turned off
Immediate Data Erasure (Crypto-Erase)
•
When drives are to be retired, relinquished or repurposed
•
Data can be destroyed instantaneously
•
Even if drive is inoperable
•
Recommended by NIST (see SP 800-88 – Guidelines for Media Sanitization)
Not Addressed
•
Protecting data in flight
Performance
•
Each SED encrypts all data transferred to it transparently and fast.
•
As SEDs are added, the encryption performance scales linearly.
•
No re-encryption necessary when external credentials (AKs) need changing
Security
•
No back doors
•
No access without authentication – resistant to “evil maid” attack
•
All user data encrypted, always
•
Encryption cannot be turned off by user; not exposed outside drive
•
Crypto-Erase of data
Manageability
•
No OS or Master Boot Record modification
•
Standard protocol, multiple sources - All drive manufacturers support TCG standard
•
No interference with storage management functions: RAID, backup/restore, compression, de-dup, DLP
•
Organization
•
New Jersey’s largest
integrated healthcare system
•
25 functional facilities total
•
Provides treatment for >2M
patients/year
•
18,200 employees, 4,600
doctors
•
Environment
•
2380 laptops
•
Adopted SED as standard for
desktops this year,
•
used by healthcare professionals and
executives
•
distributed across 25 functional
facilities
•
Protecting PII/PHI/diagnostic
information
•
HP shop using
•
Barnabas Health
•
New Jersey’s largest integrated health delivery system
•
Implemented SEDs in 2380 laptops used by doctors, nurses,
administrators and executives across 25 facilities
•
Will be encrypting 13,000 desktops used is the hospitals, via
the asset lifecycle process in 4 years, 400 units expected to
be done this year.
•
Key Findings:
•
24 hours faster deployment on average per user over
previous software-based encryption
•
Negligible boot time versus up to 30 minutes to boot a PC
•
Identify the data protection risks/requirements
•
Regulatory requirement for data protection
•
Safe harbor exemption
•
Intellectual property/ Proprietary information protection
•
Build a business case
•
Market place analysis
•
Embed into the asset lifecycle program to manage
•
Implementation of SED drives
•
Phase in the SED into asset lifecycle
•
Configuration, setup, rollout
•
Support
•
Communication
•
Encryption
•
Drive password Management
•
Ability to provide encryption proof if the asset is lost
•
Governance
•
Ability to provide report
Encryption everywhere!
Data center/branch office to the USB drive
Standards-based
Multiple vendors; interoperability
Unified key management
Authentication key management handles all forms
of storage
Simplified key management
Encryption keys never leave the drive. No need to
track or manage.
Transparent
Transparent to OS, applications, application
developers, databases, database administrators
Automatic performance
scaling
Granular data classification not needed
USB
