Author: Tom Coughlin
The Trusted Computing Group (TCG) session at the RSA Conference in San Francisco brought together proponents of standardized security technology with interested technology developers and end users. In the introductory talk by Dr. Joerg Borchert, President of the TCG, he pointed out that according to the Privacy Rights Clearinghouse 536,508,478 records have been breached from unencrypted drives that were lost, stolen or hacked. Today computer security is a key feature in protecting privacy since pervasive connectivity exposes every node in a modern network.
The TCG feels that by having standardized interfaces with a clearly defined security target, evaluations and certifications, that the resulting products will be less vulnerable to security attacks. 135 companies are members of the TCG including commercial, liaison and invited expert participants.
Products built with the TCG specifications are increasing in number and include PCs, embedded products and networking products. Devices protected by the TCG technology have a microcontroller circuit called a Trusted Platform Module (TPM) that stores encryption keys, passwords and digital certificates.
This hardware based security system is safer than storing this information in software since the hardware is much more difficult to hack—especially from afar. Access to data and secrets in a platform equipped with a TPM can be denied by policy settings, making critical applications and capabilities such as secure email, secure web access and local protection of data much more secure. The chart shows a total of over 1 billion new devices using this technology in 2013.
Although TCG standards also deal with data in flight, our interest here will be data at rest where the data is protected with an encryption key maintained within the digital storage device. This encryption key is kept in a TPM built into the hardware of the storage device. Today HDDs and SSDs are available with this technology. Such products are referred to as Self Encrypting Drives (SEDs). SED storage devices for both client and enterprise applications are available.
All the major HDD and SSD storage manufacturers offer SEDs. In addition to providing security during regular use of the drives SEDs offer a rapid way to make the data on the device inaccessible. Data on the storage device can be made inaccessible by erasing (or overwriting) the encryption key in the SED. With the encryption key gone, the encrypted data on the device cannot be decrypted. This crypto-erase is much faster and reliable than overwriting all the data on the storage device, particularly for many solid-state drives and high capacity HDDs.
The general growth in TCG hardware based encryption, combined with improved network access and verification security, could help both individual users and enterprises protect their data from external attacks. We live in an age where our private data and financial security are increasingly at risk. Technologies such as those of the TCG can help us maintain our privacy and security. System designers and integrators need to look at how they can incorporate TCG technology into their systems to increase overall data security. We need all the help we can get!
To read the original article, click here.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.