back to article Encryption standards are here - but not for flash or tape

Multi-vendor standards for self-encrypting storage devices are emerging through the Trusted Computing Group. But flash and tape drives are not included in them. The new TCG specifications mean that drives which encode their contents can be interoperable with key managers and trusted platform modules and be interchangeable in …

COMMENTS

This topic is closed for new posts.
  1. amanfromMars Silver badge

    Raw Naked Code dDelivers Full Transparency Security

    "The TCG has various working groups, including mobile device and hard copy groups, but it does not have dedicated flash or tape groups."

    Then why not Create One Dedicated to Flash and Tape and Show ..... for AI Virtual Reality SAN Source Immaculate Sense.

  2. Martin Silver badge
    Coat

    this is going to work in the enterprise

    So how do I know it's really secure? Do I get to see the source code? Can I update the firmware after it gets cracked? How long till somebody discovers the backdoor passwd is 'seagate'.

    Then how do I do key management - can I assign administrator keys to each drive?

    Can I replace the PCB on a damaged drive for data recovery - if I can then why can't a thief?

    Sticking with my truecrypt drive thank you

  3. Chris C

    Trust?

    Thibadeau is quoted in the TCG press release, saying: "TCG’s approach to Trusted Storage gives vendors and users a transparent way to fully encrypt data in hardware without affecting performance so that data is safe no matter what happens to the drive."

    How are we supposed to trust someone (or something designed by someone) who lies so blatantly? Encrypting data WILL affect performance. There is literally no way around that. If you are doing extra work, which you are, then it DOES affect performance.

    I'd also be interested to see how this affects data recovery in the event of hardware failure. It would seem logical that it will make data recovery impossible. In that case, you damn well better make frequently backups.

  4. Anonymous Coward
    Alert

    Full Tape Encryption? WTF?

    Errrr... the reason there's no 'FTE' standard announced is because it would be completely pointless. The encryption can be done by the backup software. It's not like you boot your primary OS partition off an LTO drive and all your swap memory is there. You need FDE for a harddisk because otherwise something unencrypted will get written to it sooner or later, but the backup suite is probably the one and only thing that ever reads or writes the tape and it can do the encryption itself.

  5. adnim

    Oh Well

    Chris and Martin summed up what I wanted to say. In addition though, everything should be open, all hardware specs, firmware as well as software code. A dedicated encryption chip, open of course, should help with overhead. With the involvement of universities and the public as well as industry, the points Martin raised could be addressed. Within five or so years, a truly secure system could be emerge that would be worthy of the name "Trusted computing platform". If any part of this platform remains closed... Then in my opinion, it isn't a trusted platform.

  6. Anonymous Coward
    Linux

    @adnim

    Very eloquent. Trusted=open in my book. With the TCG, it sounds like the keys will be in the hands of MS, Intel, and the government, not mine. Perhaps a Linux implementation will set things right, but from what I understand, hardware will be configured not to talk to any other hardware that won't protect against piracy, so maybe a Linux implementation can never happen.

    Will there be open-source and closed-source hardware now too? I doubt China will be crazy about TGC unless they have their own set of keys.

  7. Flocke Kroes Silver badge

    Better way to brick your hard disk

    Linux can already encrypt a hard disk. The data going to and from the disk is encrypted too. Partitions can be encrypted separately. Swap partitions can use random keys so you do not need to do a mil-spec wipe on shutdown. Partitions used by several people can have a password per user to avoid the need for a shared password.

    Using a password stored in the mainboard means you disk can get bricked by mainboard failure, BIOS update and walware that modifies the BIOS (that has been done before). After all the 'secure' wifi standards and bios backdoor passwords I have no confidence in any encryption without the source code and the right to create, distribute and use variations of it.

    The trusted computing chip can work for or against you. Trusted means something that can betray you. If you store you secret keys on the chip, and the chip does not betray you, then changes in the boot sequence should make your keys inaccessible. On the other hand, such a chip can be used to brick the hardware if you try to change the operating system on your own computer. If your server has to boot up unattended, then a trusted computing module is a tolerable place to keep its secret key. If reboots can wait until you are available, then you do not need to trust someone else's chip.

    The BIOS has been getting steadily more complicated over the years. The sooner it gets replaced by something open the better. Coreboot looks excellent, but getting a supported mainboard is a pain.

  8. Henry Cobb
    Flame

    Do not reveal your data to the OS

    Why would you trust the OS with your data?

    After all we've got all these useless CPU cores sitting around with nothing to do so assign threads inside your application to encypt everything before it hits the disk. (If you compress and encypt your performance might actually improve because CPU tasks that can be run in parallel are not the bottleneck.)

    So even the system admin is going to have to put your application under the debugger in order to extract data that they have no need to know.

  9. Chris Mellor

    Sent to me by TCG

    This was sent to me by Bob Thibadeau:-

    Chris,

    The TCG specifications are designed for all non-volatile storage devices. We have something called the "core" specification, and the "security subsystem classes (SSCs)." The core provides the generic means of capturing flash and tape, just as was demonstrated by the SSCs for hard drives and removable optical drives. While recently you are correct that the flash drive and tape drive vendors have not been active, several that you mention did contribute and participate in the core specification.

    Regards,

    Bob

  10. Anonymous Coward
    Anonymous Coward

    Re: Disadvantages, Full Tape Encryption? WTF?

    You say...

    "With the LTO consortium not being in the TCG there is no guarantee that LTO4 tape drives will be compliant with the Enterprise specification, potentially putting any tiered storage system combining disks and LTO4 tape at a disadvantage"

    Well, LTO4 products have been out there for a year or so now, and so TCG is clearly late. So it's a little a*se about face to say LTO4 is at a disadvantage!

    LTO4 is also a standard agreed by several companies, following IEEE 1619.1, and using AES in a standard mode (GCM). So it's unlikely to be at any disadvantage.

    Regarding "Full Tape Encryption? WTF?":

    doing encryption in backup software will really hose performance. Most folks don't have servers lying around with nothing to do but compressing and encrypting bulk data sent for backup!

    Doing it in hardware on the tape drive makes serious good sense. Of course, hardware compression has been on tape for a long time, and since you have to encrypt *after* compressing, so that has to be done in the tape drive too.

  11. ed
    Unhappy

    uh graphics

    Could you spend 10 minutes making the user state diagram(s) in the Enterprise spec readable?

  12. Eddie Johnson
    Flame

    The omission is obviously because...

    Uhm, tape is dead and flash drives are an anti-security technology?

    Icon x2.

This topic is closed for new posts.

Other stories you might like