Personal Cloud Self Protecting Self Encrypting Storage Devices

Similar documents
Storage as an IoT Device Roundtable Walt Hubis, CISSP Tom Coughlin

Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1

Seagate Secure TCG Enterprise and TCG Opal SSC Self-Encrypting Drive Common Criteria Configuration Guide

Advances in Storage Security Standards

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

Designing Secure Storage for the Cloud Jesus Molina Fujitsu Laboratories of America

Trusted Computing Group Trusted Storage Specification. Michael Willett, Seagate Technology

TRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION. Michael Willett, Seagate Technology

Enabling Advanced NVMe Features Through UEFI

Click to edit Master. Trusted Storage. title style. Master subtitle style Seagate Technology

The Intel SSD Pro 2500 Series Guide for Microsoft edrive* Activation

Toshiba Secure TCG Opal SSC and Wipe technology. Self-Encrypting Drive Series

Seagate Momentus Thin Self-Encrypting Drives TCG Opal FIPS 140 Module Security Policy

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module Security Policy

TRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION. Jason Cox, Seagate Technology

Overcoming Remote Desktop Challenges with

Welcome to the. Migrating SQL Server Databases to Azure

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module. Security Policy. Security Level 2. Rev. 0.

WHITEPAPER E-SERIES ENCRYPTION

WipeDrive Home 9. IMPORTANT! PLEASE READ CAREFULLY:... 3 General Information... 3 WipeDrive Overview... 3 System Requirements...

How Secure is your Server?

The Kerberos Authentication Service

COMPUTING FUNDAMENTALS I

Storage and Memory Infrastructure to Support 5G Applications. Tom Coughlin President, Coughlin Associates

E-BOOK / REPLACE HARD DRIVE IN WD MY BOOK DOWNLOAD

GSE/Belux Enterprise Systems Security Meeting

Xerox Product Data Overwrite Security Whitepaper

DISTRIBUTING MOBILE APPS: THE APP STORE CONUNDRUM

Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras

Forensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation

How Secured2 Uses Beyond Encryption Security to Protect Your Data

Strong Security Elements for IoT Manufacturing

Vitheia IoT Services

Mobile Hacking & Security. Ir. Arthur Donkers & Ralph Moonen, ITSX

Privacy in an Electronic World A Lost Cause?

*XLGHOLQHV IRU 0HGLD 6DQLWL]DWLRQ )URP WKH 1DWLRQDO,QVWLWXWH RI 6WDQGDUGV DQG 7HFKQRORJ\ V 11, HY 1 of 18

GOOGLE VAULT AND SPANNING BACKUP

Challenges Managing Self-Encrypting NAND Flash Devices

(Refer Slide Time: 1:26)

MU2b Authentication, Authorization and Accounting Questions Set 2

QuickSpecs. SATA (Serial ATA) Hard Drives for HP Workstations. Overview

Android Enterprise Device Management with ZENworks 2017 Update 2

Trusted Computing Group

Ps3 Hard Drive Repair Instructions Macbook. Program >>>CLICK HERE<<<

MOBILITY TRANSFORMING THE MOBILE DEVICE FROM A SECURITY LIABILITY INTO A BUSINESS ASSET E-BOOK

The Smart Grid Security Innovation Alliance. John Reynolds October 26, 2011 Cambridge, Massachusetts

Thomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017

SafeNet Authentication Client

Cloud Computing Introduction & Offerings from IBM

Endpoint Protection with DigitalPersona Pro

How to unlock my iphone se

QuickSpecs. SATA (Serial ATA) Hard Drives for HP Workstations

Trusted Optical Disc March 2008

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Establishing Trust in Disconnected Environments, page 1

I'm Andy Glover and this is the Java Technical Series of. the developerworks podcasts. My guest is Brian Jakovich. He is the

NVMe Client and Cloud Requirements, and Security 9:45 10:50

QuickSpecs. SATA (Serial ATA) Hard Drives for HP Workstations. Overview

Intelligent Provisioning 3.10 Release Notes

Education Technology Mistakes to Avoid. Locked ipad Disruptions

Secret Sharing, Key Escrow

Incident response in the energy

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module. Security Policy. Security Level 2. Rev. 1.0 May 11, 2015

Instructions Hack Ipod Touch Password Without Losing Data

IRONKEY D300S SECURE USB 3.0 FLASH DRIVE

How NOT To Get Hacked

Cybersecurity in 2016 and Lessons learned

Transforming Security Part 2: From the Device to the Data Center

This paper introduces the security policies, practices, and procedures of Lucidchart.

QuickSpecs. SATA (Serial ATA) Hard Drives for HP Workstations. Overview

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

Technology Security Failures Common security parameters neglected. Presented by: Tod Ferran

Is NVMe Right for Mil/Industrial Applications?

BeBanjo Infrastructure and Security Overview

Verified Boot: Surviving in the Internet of Insecure Things. Randall Spangler Chrome OS Firmware Lead

Who s Protecting Your Keys? August 2018

NVM Express TM Ecosystem Enabling PCIe NVMe Architectures

Sophos Central Self Service Portal help

Managing and Maintaining Windows 8

VMware, SQL Server and Encrypting Private Data Townsend Security

A Portrait of Today s Tablet User

DEALING WITH A CYBER FUTURE THAT IS ALREADY HERE. Rob Clyde, CISM, ISACA International VP, Board Member April 2015

Box Competitive Sheet January 2014

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

Managing Devices and Corporate Data on ios

A Welcome to Federated Identity Nate Klingenstein, Internet2, USA. Prepared for the Matsuyama University, December 2013

Why the cloud matters?

20533B: Implementing Microsoft Azure Infrastructure Solutions

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Who What Why

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Trusted Storage. Putting Security and Data Together. Michael Willett Seagate Technology

The Device Has Left the Building

Resilient IoT Security: The end of flat security models

Introduction to Device Trust Architecture

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Securing Your Virtual World Harri Kaikkonen Channel Manager

Storgrid Data Sheet Enterprise File Serving Software re-invented

Transcription:

Personal Cloud Self Protecting Self Encrypting Storage Devices Robert Thibadeau, Ph.D. Chairman & CEO Drive Trust Alliance Bright Plaza, Inc. & School of Computer Science Carnegie Mellon University

Takeaways This talk: Personal non volatile storage devices (in PCs, Pads, Phones, Cars, Homes, Businesses, etc etc etc) NOT Enterprise data center storage or Tutorial in TCG SEDs, see Willett s SNIA Tutorial Later Today Self Encrypting Drives fantastically successful in technology and availability, but not in Personal adoption (Coughlin Assoc., 2015, see references) Drive Trust Alliance in association with Tom Coughlin Assoc. has opened sourced TCG Opal (and Enterprise) code for clients (not devices) to facilitate personal adoption. New Other Open Source models for Self Protection, and Personal Monetization of Private Data (TCG Core, PDS, Homomorphic Encryption), from MIT.

Agenda Security Evolution OPM, etc. Personal Data System Security and Privacy TCG Core SSDs SEDs & Object Storage

The Age of Uncontrolled Data Leakage Computer Forensics / Digital Evidence / Corporate Collections Google, Yahoo, Microsoft, Amazon! NSA ANT Catalogue (USA) Ransomware (Russia) Sony (North Korea) OPM, US Office of Personnel Management hack (China) Somebody else gets paid (or worse) for YOUR stuff! Just because you are using the Internet.

Security and Privacy 101 Security ~= Access Control Security should SERVE UP Privacy Computer Security ~= IPAAAA: Integrity, Privacy, Authentication, Authorization, Audit, Availability Computer Security ~= CIA: Confidentiality (Privacy), Integrity, Availability Authorization Authentication Audit Integrity Privacy Availability

SP SED Concept Peripheral Controller Electronics Primary Host Interface Loadable Firmware Data Sink / Source Power Firmware Functions Special Hardware Functions Security Subsystem Diagnostic Ports Probe Points

TCG Core Spec TCG CORE Enterprise Opal SSC SSC Core + Scripting Core ~= Data Structures + Basic Operations Scripting ~= Amazing Use Cases Security Providers or SPs: Admin, Locking, Clock, Forensic Logging, Crypto Services, Internal Controls and others.

What is an SED? Drive Trust Alliance Definition The device uses built in hardware encryption circuits to write and read data in and out of NV storage. At least one Medium Encryption Key (MEK) is protected by at least one Key Encryption Key (KEK, usually a password ). If one or more KEKs have not decrypted the MEK, the data that the MEK protects is not available. i.e., you cannot reverse engineer a locked SED without a valid KEK input from outside of the self protecting SED.

Self Encrypting Storage Personal Storage Landscape ~100% of all SSDs are Opal Due to Data Sanitization Problem for Flash ~100% of all Enterprise Storage (SSD, HDD, etc) are TCG Enterprise For fast safe and effective repurposing/disposal 100% of all Apple ios devices are hardware self encrypting storage for user data if password is set ~100% Western Digital USB HDD Drives are SEDs Much smaller number of Personal HDDs are Opal or SED BUT MS Bitlocker supports edrive = Opal 2.0 Drives of all kinds 100% Opal Drive also supports the SATA Security Password as a KEK in addition to TCG Opal Commands. NVMe and other Personal storage devices are being handled by the TCG Storage Workgroup right now.

Drive Trust Alliance (DTA) Sole purpose to facilitate adoption of Personal SEDs to the mutual benefit of Device Makers ISVs IT Individual Use A rising tide lifts all ships GPL Open Source for TCG Opal (and Enterprise) Clients (PCs, Pads, Phones, Cars, IoT, etc.), Windows, MAC, Linux Educational Services, Open Source Custom Software services

DTA Details DTA Web Site: www.drivetrust.com Full Service Web Site Opening is Oct 15

Today 9 24 2015 Announcing First Sponsor of DTA!

SP SED Rule 1 When we talk about Cloud things, every Personal Device is actually in the cloud so

TCG SED Ranges Every partition (range of LBAs) can have a separate KEK and MEK and can be locked and unlocked independently. TCG Enterprise Drives use Ranges for VMs Bitlocker edrive 4 Ranges US Gov t uses DTA Open Source for Creating Resilient PCs using Ranges Personal: BYOD and Ransomware Protection Containers!

Personal Data Storage (PDS) All data you want to protect can be permitted to be queried under your control Classic example: You can ask if you are over 21 but not what your birthday is or how old you are, although that is what is in your PDS History: Pentland Started as cloud initiative, failed (distrusted), now Personal device initiative. MIT Media Lab, OpenPDS open source offered by the Kerberos Consortium at MIT

Homomorphic Encryption How can you do computing operations on encrypted data without ever decrypting the data? PDS: Ask questions without any possibility of getting at the data.

Homomorphic Encryption Idea around since early 80s, no idea how to do it until 1999ish General Solution was discovered but it is computationally infeasible (like Bitcoin ) Only in last few years (2011 or so) breakthrough in speed of computation Divide and conquer (CryptDB, full SQL, from MIT) Practical for SP SEDs

HE Cloud Model and SP SED Model SED prange Private Container ONLY ENCRYPTED DATA Nothing Plain Text Can only accept Authorized Queries (PDS Style) ONLY ENCRYPTED DATA Nothing Plain Text Can only accept Authorized Queries (PDS Style) Personal Client Has Keys

Solution for Homomorphic Encryption Examples Several copies of Data Encrypted Differently

SP SED Rule 2 Like the Internet cloud: If anybody can make money off an SP SED, then people get really smart really fast The TCG Core Spec was written with this in mind. PDS and Homomorphic Encryption provide a conceptual path that could be done with the TCG Core Spec.

Challenges to You The TCG Core was designed to provide services that are essentially identical to what Apple did with the App Store but in Self Protecting Storage devices. It was largely operational by 2002, but storage device Execs didn t grasp how quickly a revolution could occur (Steve Jobs proved them wrong several times over). No kidding, every Personal Storage Device should let the owner of the device make money off his private data on it. It s up to you in this audience.

Good References Sony, Inside the Hack of the Century, Fortune Magazine, 7 1 15, http://fortune.com/sony hack part 1/ SP SED Concept, R. Thibadeau, Trusted Computing for Disk Drives and Other Peripherals, IEEE Security and Privacy, 2006. http://ieeexplore.ieee.org/xpl/articledetails.jsp?arnumber=1704778&contenttype =Journals+%26+Magazines TCG Storage Workgroup, Core, Opal, and Enterprise Specifications, www.trustedcomputinggroup.org TCG SED Successes and Challenges. The 2015 Self Encrypting Drive Market and Technology Report, from Coughlin Associates http://www.tomcoughlin.com/techpapers.htm. Drive Trust Alliance, www.drivetrust.com Personal Data Service (Open PDS), http://openpds.media.mit.edu/ Homomorphic Encryption, Google Scholar shows hundreds of wonderful papers., but for a great overview see http://spectrum.ieee.org/computing/software/howto compute with data you cant see Here is a more public paper from MIT: http://dspace.mit.edu/handle/1721.1/62241

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback