By now, almost all new storage drives – whether client or enterprise – include the ability to constantly encrypt data at rest. These drives, based on standards created by the Trusted Computing Group (http://www.trustedcomputinggroup.org/work-groups/storage/), include solid state, hard disk, hybrid, enterprise and even some USB ones from almost all storage vendors.
What might be surprising is that data protection is not just limited to the typical notebook or desktop computer, data center or mobile device. Developers and designers of embedded systems, many of which are deployed to do the same tasks over and over for long periods of time, should have equally strong data protection. The need has emerged as more of these embedded systems are connected to other devices, the cloud and the wider Internet, instead of doing their traditional jobs in a vacuum.
TCG’s experts are looking at the challenge and have written on it in a two-part series in Embedded Computing Design. From that article, “…Embedded products and Internet of Things (IoT) applications require self-encrypting storage (SES). This storage may be in flash memory, so the new terminology of SES is used. As in enterprise and mobile computers, SES provides protection when the owner loses physical control of the device.
Intellectual property (IP) can be stolen if the data in an embedded product is readily accessible by the next person to possess the product. Possession can be through legal or illegal means…”
The authors note, “…Unlike software-only encryption, an SED implements the cryptographic function in hardware, directly in the drive electronics. The cryptographic key(s) that govern the operations are generated on board the drive during manufacture and never leave the drive. Therefore, the keys are protected from external detection.
For embedded systems, the activating process depends on a few system-related aspects. Products with an operating system are the most straightforward. However, embedded applications that do not have an operating system can be more complicated. The Trusted Computing Group (TCG) specifications describe how this can be done, but for users who need a little help, TCG is a great resource to star.”
Read the complete series here: http://embedded-computing.com/articles/protecting-the-iot-with-self-encrypting-storage-part-1/#
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.