Trusted Computing Group Trusted Storage Specification. Michael Willett, Seagate Technology

Transcription

1 Trusted Computing Group Trusted Storage Specification Michael Willett, Seagate Technology

2 SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations and literature under the following conditions: Any slide or slides used must be reproduced without modification The SNIA must be acknowledged as source of any material used in the body of any document containing material from these presentations. This presentation is a project of the SNIA Education Committee. Neither the Author nor the Presenter is an attorney and nothing in this presentation is intended to be nor should be construed as legal advice or opinion. If you need legal advice or legal opinion please contact an attorney. The information presented herein represents the Author's personal opinion and current understanding of the issues involved. The Author, the Presenter, and the SNIA do not assume any responsibility or liability for damages arising out of any reliance on or use of this information. NO WARRANTIES, EXPRESS OR IMPLIED. USE AT YOUR OWN RISK. 2

3 Abstract Trusted Computing Group (TCG) Trusted Storage Specification The Trusted Computing Group (TCG) Storage Work Group recently published formal specifications for security and trust services on storage devices, including hard drives, flash, and tape drives. The majority of hard drive and other storage device manufacturers participated. Putting security directly on the storage device avoids the vulnerabilities of platform OS-based software security. The details of the Specification will be highlighted, as well as various use cases, including Full Disk Encryption with enterprise key/credential management.

4 Board of Directors Scott Rotondo, Sun, President and Chairman Marketing Workgroup Brian Berger, Wave Technical Committee Graeme Proudler, HP Best Practices Jeff Austin, Intel Advisory Council Invited Participants Administration VTM, Inc. Public Relations Anne Price, PR Works TPM Work Group David Grawrock, Intel TSS Work Group David Challener, Lenovo Conformance WG Manny Novoa, HP PC Client WG Monty Wiseman, Intel Events Marketing Support VTM, Inc. Mobile Phone WG Panu Markkanen, Nokia Peripherals WG (dormant) Infrastructure WG Thomas Hardjono, SignaCert PDA WG Jonathan Tourzan, Sony Server Specific WG Larry McMahan, HP User Auth WG Laszlo Elteto, Safenet BOLD: Most Relevant to Storage Work Storage WG Robert Thibadeau Seagate Key Management Services Walt Hubis LSI Storage Interface Interactions James Hatfield Seagate Optical Storage Bill McFerrin DataPlay

5 General Risk Model: Storage Peripheral Controller Electronics Primary Host Interface Power Loadable Firmware Firmware Functions Data Sink / Source Special Hardware Functions Diagnostic Ports Probe Points Trust = systems operate as intended Objective: Exercise control over operations that might violate trust Needed: Trusted Storage commands

6 Joint Work T10 (SCSI) and T13 (ATA) TRUSTED SEND/IN (Protocol ID = xxxx..) TRUSTED RECEIVE/OUT T10/T13 defined the container commands TCG/Storage defining the TCG payload Protocol IDs assigned to TCG, T10/T13, or reserved

7 Enterprise Support ISV Application (on the Host) Implementation Overview TCG/T10/T13 Trusted Send and Receive Container Commands (Partitioned) Hidden Memory Security firmware/hardware ATA or SCSI Trusted Send/Receive Commands Assign Hidden Memory to Applications TRUSTED STORAGE Firmware/hardware enhancements for security and cryptography Firmware Hidden Storage Security Providers TRUSTED Assign Hidden Memory to Applications SP FDE Controller Storage

8 Trust System behaves as designed Trust Toolkit : Cryptographic SIGNING CREDENTIALS (eg, signed X.509 Certificates)

9 Root of Trust Hardware that cannot change can digitally sign and therefore initiate a chain of trust TPM (trusted platform module) is a tiny processor on the motherboard that can sign and whose firmware cannot be modified Storage Devices can be roots of trust

10 Extending Trust to Peripherals TPer = Trusted Peripheral Ability to interact with the Platform LOW Authentication/Attestation Capability Level HIGH

11 Trusted Storage with Trusted Platform Trusted Storage Secure Communications Root Of Trust Trusted Platform TPM OR Trusted Element Life Cycle: Manufacture, Own, Enroll, PowerUp, Connect, Use,

12 Why Security in STORAGE (hard drive) 3 Simple reasons Storage for secrets with strong access control Inaccessible using traditional storage access Arbitrarily large memory space Gated by access control Unobservable cryptographic processing of secrets Processing unit welded to storage unit Closed, controlled environment Custom logic for faster, more secure operations Inexpensive implementation of modern cryptographic functions Complex security operations are feasible

13 TCG Storage Use Case Examples Full Disc Encryption -Laptop Loss or Theft -Re-Purposing -End of Life -Rapid Erase DriveLocking ALL Encrypted Crypto Key Management Crypto Chip Personal Video Recorders Forensic Logging DRM Building Blocks

14 Specification Overview TCG Storage Workgroup Specification Overview and Core Architecture Specification Specification Version 1.0 Revision 19 June (DRAFT)

15 Storage Specification Purpose Define an architecture that: Enables application of access control over select value-add device features Permits configuration of these capabilities in conformance with the platform security policy Is scalable to different storage types Encourages multi-vendor implementation

16 TCG Storage: Document Structure General Documents Core Spec Interface Specific Documents PC SSC Optical SSC Enterprise SSC Auxiliary Documents Compliance and Security Evaluation SSC = Security Subsystem Class

17 TCG Storage WG Core Specification SPs (Security Providers) Logical Groupings of Features SP = Tables + Methods + Access Controls Tables Like registers, primitive storage and control Methods Get, Set Commands kept simple with many possible functions Access Control over Methods on Tables

18 Core Architecture SP = Security Provider MCTP = Multi-Component Trusted Platform TPer = Trusted Peripheral (eg, Storage)

19 Communications Infrastructure

20 - SPs have own storage, functional scope, and security domain - Created by: Security Provider (SP) 1) manufacturer (during Storage Device creation) AND/OR 2) Issuance Process Tables: rows = security associations, columns = related elements Persistent State Information: remains active through power cycles, reset conditions, and spin up/down cycles Methods are actions such as: table additions, table deletion, table read access, and table backup Authorities are authentication agents. Authorities specify passwords or cryptographic proofs required to execute the methods in the SP Access Control Lists (ACLs) bind methods to valid authorities

21 Security Providers (SP) SP Method Name ACL Each SP is a sand box exclusively controlled by its owner. SP functionality is a combination of pre-defined functionality sets called SP Templates: Table Authorities User1 User2 M Get Set User1 User2 M Base Admin Crypto Log Clock Locking Result: Comprehensive command architecture for putting selected features of storage devices under policy-driven access control

22 SP Issuance/Personalization Overview Issuance Server SP Issuance is the act of creating a new SP (exchange/validation of credentials) Templates define the initial tables and methods. All SPs = Base Template tables and methods + other Templates: Admin Template, Crypto Template, and Templates for Forensic Logging and Locking/Encryption etc Personalization is the customization of a newly created SP: modify initial table data and/or admin authority, customization of the default access control settings Note: Admin SP manages Templates, creates other SPs under issuance control, and maintains information about other SPs and the TPerasawhole.AdminSPcannotbedeletedor disabled.

23 Issuing an SP Issuance Server SP REQUEST ISV application ISSUANCE CREDENTIAL (SESSION) ISSUE SP PERSONALIZE SP USE SP Admin SP ISV SP

24 Crypto Template Cryptographic methods: utilize public and symmetric key store tables - Credential tables + additional tables provided by Base and other Templates - Encryption, Decryption, Signing, Verifying, Hashing, HMAC, and XOR - AES, RSA, SHA, HMAC, Elliptic Curve, Random Numbers

25 Communications Architecture Secure Communications ComID: allow TPer to identify caller of IF-RECV command

26 Host Interface: Packetization ComPacket Packet SubPacket Token ComPacket is the unit of communication transmitted as the payload of an Interface command. A ComPacket is able to hold multiple packets in its payload. Packet is associated with a particular session and may hold multiple SubPackets. SubPacket may hold multiple Tokens.

27 Access Control Credentials: Permission secrets Authentication Operation: proof of knowledge of a secret The Authority table associates specific Credential-Operation pairs together in Authority objects Access Control Lists (ACLs): lists of Access Control Elements (ACEs) ACEs are Boolean combinations of Authorities.

28 Security Subsystem Classes Storage Security Subsystem Class = SSC Storage Architecture Core Specification HDD SSC - Notebook HDD SSC - Enterprise Optical SSC (OSSC)

29 Optical Subsystem Class Goal transparent compatible Separate control channel ease of use unobtrusive FDE

30 Home Banking (or Remote Medical, or ) Trusted Platform w/ Trusted Storage - Multi-factor authentication: password, biometrics, dongles - Secure/hardware storage of credentials, confidential financial/medical data -Trusted life cycle management of personal information - Integrity-checking of application software - Cryptographic functions for storage and communications security -Trusted/secure computation of high-value functions (protection from viruses/etc)

31 Enterprise Management of Full Disc Encryption (FDE) Drives SP FDE -Enterprise Server: Key generation and distribution Key/Password archive, backup and recovery -Laptop (Application): Master/User passwords, multi-factor authentication, TPM support Secure log-in, Rapid Erase -FDE Trusted Drive (self-encrypting): Disk or sector encryption, sensitive credential store, drive locking Self-Encrypting Drive

32 Self-Encrypting Drives For when a drive leaves the owner's control Simple Transparent Integrated Eventually ALL drives will be self-encrypting 32

33 No Performance Degradation Encryption engine speed Matches Port s max speed The encryption engine is in the controller ASIC Scales Linearly, Automatically Storage System Storage System All data can be encrypted, with no performance degradation Less need for data classification 33

34 Self-Encrypting Drive Basics Write Authentication The drive and LOCKS remains Read Key data automatically LOCKED (Password) normally when while Unlocks when it drive is powered the is unlocked drive OFF back ON Authentication Key Management Service Here is the un-encrypted text Write Read Here is the P%k5t$ text #&% 100% performance encryption engine in the drive Data protected from loss, disclosure 34 34

35 Simplify Management Self-Encrypting Drives Encrypting outside the drive Storage Systems Storage Systems Implement Re-key Exposed Keys Recover Data Retire HDD Transparent to OS, applications, databases Automatic Scalability No re-encryption needed Encryption keys don t leave drives. No need to track or manage them. Delete encryption key May need to change OS, applications, databases Re-encrypt all data Track, manage, escrow encryption keys, maintain interoperability Key compromised; Could make data across multiple drives unreadable 35

36 What Does the Future Look Like? Encryption everywhere! Automatic performance scaling, manageability, security Standards-based Multiple vendors; interoperability Unified key management Handles all forms of storage

37 Thank You!

38 Q&A/Feedback Please send any questions or comments on this presentation to SNIA: Many thanks to the following individuals for their contributions to this tutorial. - SNIA Education Committee Robert Thibadeau Jason Cox All Storage Manufacturers (contributors)