Answers to the Questions posed during TCG’s Webcast on November 18, 2011, “Where is Your Data Tonight? A Lesson in Avoiding Headlines, Fines, or Worse”
Why is hardware-based encryption more secure than software encryption?
A: Software can be corrupted or negated; hardware cannot. Software runs under an operating system that is vulnerable to viruses and other attacks. An operating system, by definition, provides open access to applications and thus exposes these access points to improper use. Hardware-based security can more effectively restrict access from the outside, especially to unauthorized use. Additionally, dedicated hardware can have superior performance compared to software.
Doesn’t hardware encryption negatively impact the performance of systems?
A: Not at all. Dedicated hardware (electronic circuitry) can always out-perform software (computer programs) running on a general-purpose OS-based platform.
How do I manage a large number of systems with self-encrypting drives? Is software available to administer these drives?
A: Multiple Independent Software Vendors( ISVs), who traditionally manage encryption functions, now provide management of self-encrypting drives, both locally and remotely. These currently include Absolute Software, CryptoMill, McAfee, Secude, Softex, Sophos (1H2011), Symantec (via Guardian Edge acquisition), Wave Systems and WinMagic.
Who is supporting the TCG specifications with products? Are they available now?
A: Multiple drive companies currently provide self-encrypting drives with accompanying ISV management support, from laptops to the data center and both hard drives and solid-state drives.
Will other types of storage devices use the TCG specifications in the future?
A: Currently, the self-encryption capability is supported by hard drives (rotating media), solid-state drives, and optical drives, as well as laptop and data center drives. The Specifications are available for support by other storage types.
What is special about SED? Does it have an internal engine in it?
A: The self-encryption function has several special capabilities, among them: 1. High- performance, dedicated electronic circuitry for the cryptographic engine embedded in the drive electronics and operating at full channel speeds, 2. encryption that is transparent to the user, the OS, and applications 3. low cost, and 4. ease of maintenance.
How is the key on the drive protected?
A: The original encryption key value is generated in the factory by an on-board random number process; it never leaves the drive. When the drive is configured by the user (or I.T.), the authorization key is used to encrypt the encryption key inside the drive, so the key is never stored in the clear. The encryption key can be changed by the user administration function (IT department), which ensures that anybody who might have had possession of the drive before the user puts it into service could not have obtained any information that might give him any help in later retrieving data from the drive.
Is SED OPAL compliant?
A: OPAL is the TCG Specification for the SED function. Most/all drive vendors find great advantage in having their SED function be OPAL compliant. OPAL certification procedures are just now being defined by the TCG.
What happens to data in flight?
A: Different and proven techniques (eg, SSL/TNS) are used to protect data in flight. Self-encrypting drives are focused on data at rest.
How do you define extensive data read? Why doesn’t startup throughput vary?
A: “Extensive data read” means that a large file is being read continually, instead of inter-mixed read/writes. The start-up TIME does vary; tests have proven it much faster for a drive running hardware self encryption than software encryption.
The performance data shows the SED as faster than a non encrypting drive, is that correct?
A: That does sound counter-intuitive, since the SED function, even in hardware, suggests a longer execution path length. But, the encryption function takes so little time that it is less time than the drive model variation in performance. So, it is possible for a particular SED drive to be faster than a particular non-SED unit of the same model.
How is the access to the drive secured to allow only the Authorized user to access it? Is there a boot- up password that is entered via a BIOS dialog?
A: When the BIOS requests the Master Boot Record from the drive, the drive instead returns the pre-boot record to the user. This pre-boot record is a complete, though quite restricted OS, usually something simple like MS-DOS or LINUX. The pre-boot image requests the Authentication Credentials from the user, which are passed to and checked directly by the drive logic. If accepted, then the drive returns the MBR and the OS is loaded. Important point: This pre-boot authentication is the FIRST thing that happens and is controlled by the drive directly. This has the added advantages of not modifying the MBR, which many software encryption products do, and allowing the MBR to be encrypted like all other user accessible data.
The encryption key is generated during manufacturing, presumably at an Asian subcontractor. Why should I trust a contractor with a key that lasts the lifetime of the SED?
A: The encryption key is generated on board the drive and NEVER LEAVES THE DRIVE. The manufacturer does NOT retain or even have access to the key. Moreover, you do not have to trust it. When putting an SED into service it is considered good practice to start by directing the SED to regenerate its encryption key. Doing this before loading any software on the drive eliminates the possibility of the drive manufacturer ,or anyone else who might have had a chance to access the drive before the current owner, acquiring any secret, like the encryption key, that could be later used to break into the user data.
How does SED help in protecting data that resides with a database or its tables?
A: ALL data on the drive is encrypted, including any data stored at a higher logical level, like a database or tables.
Is Bitlocker just another type of software encryption or is it a separate class of encryption?
A: Bitlocker is simply a form of SOFTWARE-based encryption, subject to all the vulnerabilities of the platform OS.
Have SEDs been legally approved for use in restricted countries e.g. Libya, Pakistan, India and Iran, where I believe there is local legislation which outlaws encryption?
A: SEDs have gotten EXPORT licenses from the U.S. Dept/Commerce/BIS. You are asking about IMPORT restrictions, which vary greatly by country.
Keep in mind that an SED is not a general purpose encryption tool. The cipher-text is not available to the user; rather, it exists on the drive media.
The U.S. federal government does restrict shipments to five specific countries considered dangerous.
How does Toshiba provide for password recovery on an SED before it’s unlocked?
A: Some ISVs provide a one-time emergency unlock and recovery procedure.
What happens to the data if it the key gets stored on or the space it is stored on goes bad? Is there any recover ability?
A: An SED is used to protect the data stored on that one drive. Good security practice dictates that important data is backed up somewhere else for recovery. To combat an occasional bad sector, some SED drive vendors write the encrypted encrypting key to several storage locations, thus greatly minimizing the chance that all encrypted copies are lost.
The TCG OPAL specification includes transaction semantics, which requires multiple copies of the credential values.
Of course, there is no substitute for good data management practice, which starts with a regular data backup process.
Is there anything in place to account for those anomalous situations that seem to crop up, such as a corrupted key?
A: Yes. First, back up any sensitive data. Self-encrypting drives only protect that one copy of data. Note that the SED does not hinder in any way the use of storage management utilities, such as backup and recovery.
Can the AK be centrally securely stored as an element of the user’s centrally-managed credentials (via RADIUS, LDAP, or other AAA service)?
A: Yes; the authentication key can be integrated in with the user’s other means of centrally managing authentication credentials. In fact, several ISVs already employ Active Directory that way.
So, if the sector containing the DEK is corrupted, you basically lose your data?
A: No. Sensitive data should always be backed up on other storage; an SED only protects that one copy. And, the encrypted DEK is typically written to multiple locations on the drive to minimize the vulnerability to a single corruption.
How is data recovery from a crashed SED handled?
A: If the encrypted data, the encrypted Data Encryption Key, and the Authentication Key are not available, then the data is NOT recoverable from that one drive. However, good security practice encourages valuable data to be backed up. Simply retrieve the back-up copy.
Is using an SED as an external hard drive as easy as plugging it into a PC and providing the AK when prompted?
A: If the product you are using is an external drive with the SED function, then authentication to the drive is as simple as presenting the Authentication Key. But, you might not be able to simply put an SED designed as an ‘internal’ laptop drive into a USB external enclosure and expect it to work.
Can the AK be synchronized with a windows AD password?
A: Yes; several managing ISVs do just that with the Active Directory.
Are there any automated methods for changing AKs and distribution of new AKs to users? If so, what are they?
A: Yes. These tools especially exist for the SED data center drives, but some ISVs provide such automated and remote support for SED laptop drives.
Is drive sanitization now a thing of the past?
A: No, it is still needed. Drive sanitization is now much easier; just change the DEK and all data is erased!
How does the self-encrypting drive concept work for cloud- based storage?
A: For the client machine that might cache data on the local machine, all data stored on the local self-encrypting drive will be encrypted and not accessible unless the Drive is unlocked. For the cloud machine that stores the data, a self-encrypting drive can be utilized to store all data for future sanitization purposes. The data transfers between the client machine and the cloud machine will likely use some existing protocol (VPN, SSL); the data that is sent to the drive will be in clear-text across the SATA or SAS interface. The data encryption for self-encrypting drives encrypts and decrypts the data in the drive (for data at rest, either at the client or in the cloud) and does not facilitate encryption for data in flight.
Do any of the software solutions that manage SEDs also manage the TPM?
A: Yes, some of the same software vendors that manage SEDs can also manage TPMs, allowing for a single management system.
Do existing software-based FDE providers also provide SED management?
A: Many software companies that support software-based FDE also provide SED management, allowing for a heterogeneous environment of both software-based FDE machines and Opal SED-based machines managed by the same infrastructure.
Have you seen examples where a common AK is used across an organization (where the AK is kept secret from the end user)?
A: Yes. An enterprise-wide Software Management Solution may support thousands of users. Thus, the software management solution might wrap the AK with the keys of each individual user, similar to how the DEK is wrapped by the AK. Thus, any user with any machine can log in and unlock the SED.) Also, all SEDs in a RAID system, for example, could have the same AK. This is commonly used in small business systems using disk arrays of SAS drives.
How much in the terms of cost does SED technology actually add, say to a laptop or desktop?
A: The SED may add anywhere from $15 to $100, depending on the management solution utilized. As SEDs increase in volume, the cost of the SED will decrease, but management will still have some cost.
My SED is incorporated in a laptop that includes a system TPM. How does the SED interact with the system Trusted Computing software and hardware?
A: The TPM and the SED are not required to interact. However, depending on the software authentication, secrets held within the TPM could be used to authenticate or to help authenticate to the SED. Note that there is also a disadvantage to using a TPM to participate in SED authentication. Should the laptop fail and the user want to move the SED to a new model, the management software would have to support moving it from one TPM to another. Otherwise the SED could not be unlocked, as it is in part controlled by the TPM in the dead system.
Are there laptop compatibility issues to support this? It seems like no, due to the MBR/boot code.
A: Most ISV MBR/boot code is O/S independent and works with most modern PCs. The SED architecture has a significant advantage over the integration method used by many software encryption products. The latter often modify the MBR to insert the encryption function. However, other management middleware also modify the MBR, and in some cases this has caused serious conflicts. The SED and associated ISV management software does not have this issue as the MBR is not involved in the startup unlocking process. The unmodified MBR is loaded after authentication, so any other application that modifies the MBR can easily work with SEDs.
What is the time difference between sanitizing an encrypted vs non-encrypted drive?
A: The time difference depends on the size of the drive. It takes less than a second to erase/overwrite the DEK in an SED, irrespective of the capacity. It can take hours-to-days to overwrite a two-terabyte non-SED disk drive .
I did not understand how the encryption keeps information safe if the key is on the drive as well. What prevents the drive from being moved to a new PC?
A: First, there is no clear text copy of any key on the drive. Second, the SED can be moved to a new PC. However, once the SED is powered on, the drive will ask for the same credentials (the AK) to unlock the drive (decrypt the DEK) as were required on the old system. If the correct AK is not given, the DEK cannot be decrypted. Only the hash of the AK and the encrypted form of the DEK are ever stored on the drive.
Since the drives are always encrypting on SED, just changing the symmetric key in firmware would erase the drive, right?
A: Yes; exactly, and this is an important advantage. To erase the drive, you simply need to change the DEK that the drive is using and overwrite/erase the previous encrypted DEK that is stored on the drive. This entire process is accomplished by issuing a single TCG command that is usually exposed by the management software as an erase button the user simply needs to select. The software usually follows that with one or more questions, asking the user if he/she is certain that the drive should be erased.
When creating the hash, does that get stored on the drive media itself or on the dedicated IC chip? Is the hash stored in an encrypted state? How does it get read or pass the challenge-response if it is encrypted?
A: Where the hash is stored is product dependent and not specified by the TCG standard. The hash can be stored on the drive media in an area not accessible by users. The drive’s firmware knows how to read the Hash for comparison to the hash of the submitted AK. This is the standard way that passwords are protected: store only the hash and compare hashes for authentication.
When you talk about AK. Can you explain more simply? When the computer is booted does the user have to enter in credentials to unlock the hard drive and OS credentials?
A:First, the AK is in many cases simply the password the user enters to unlock his laptop. Most SED management solutions support single sign-on, which passes the credential from the pre-boot to the O/S, removing the need for entering two credentials. In other words, the password the user enters to unlock the SED will also serve to log him into the system.
Given an environment containing 30,000 desktop machines, and given our company would want to roll hardware encryption out via the lease renewal policy for said desktops, what type of cost should we expect? How long would you estimate it would take to hardware encrypt all 30,000 desktop drives?
A: Most users with whom we have had this discussion decide to incorporate SED into their normal system refresh practice. As new systems are needed, they are purchased with SEDs. This has been found to be much more practical than retrofitting SEDs into existing systems. It must be said, however, that many users have done just that, particularly upgrading drives in systems that have especially sensitive data or that are used by more frequent travelers. This is a discussion you should have with your favorite PC vendor and/or a SED management solutions provider. Volumes quite often lower the cost. But remember, when you receive a new SED machine, there is no re-encryption required. As you write new data to the SED, it is encrypted at full channel speeds.
If you have additional layers of authentication on the drives such as biometrics or smart cards how will that be handled?
A: The pre-boot authentication process can often support multiple factor authentication, such as combining support for biometrics, smart cards, or even remote passwords (using a TCP/IP stack). This capability depends on the SED management chosen. If multi-factor authentication is important, that should be made one of the selection criteria when evaluating SED management software.
Does the SED have an MBR software that can be used out of the box? I know it will not have central management?
A: Many SED Management Solutions support both single-user mode and Central Management. Some platforms may support single-user MBR software (for collecting the AK credential) Out of the Box, depending on the package bundled by the PC manufacturer.
Does the user need to enter the AK and OS credentials every time the computer is booted? Does the user have to remember two credentials with SED implemented?
A: Most SED Management Solutions support single sign-on, which passes the credential from the pre-boot to the O/S, removing the need for entering two credentials. At a minimum, the AK has to be entered each time, to unlock the drive.
What are the economic advantages of a hardware-based-based solution compared to a software-based one?
A: The TCO of SED is much lower than software-based FDE solutions. Once authenticated, encryption is transparent to the user, so the user will not disable the encryption and potentially incur lack of compliance costs. Also, since the encryption is transparent to the OS, there are fewer conflicts with the OS and other applications, which saves the IT staff time rebuilding OS images. The SED does not require a lengthy re-encryption time when the encryption is turned on; the SED is encrypting as soon as it is turned on, thus saving the IT staff time in deploying FDE. SEDs can be re-purposed without being destroyed. Also, if a user or administrator that knows AKs leaves an organization, those AKs must, of course, be changed. However, in SEDs that does not involve re-encryption of data, only replacing passwords or AKs, which can be done very quickly and easily. Avoiding this re-encryption can be a huge time savings, especially in data centers, where it would noticeably disrupt on-line operations.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.