Security Is Hot Topic at Flash Memory Summit as Trusted Computing Group (TCG) Members Speak on Secure Flash and NVMe Devices and Discuss New SED Specifications
PORTLAND, Ore.–Trusted Computing Group today announced it has added important new functionality to its specifications for self-encrypting drives, or SEDs. Members will speak about SEDs and demonstrate them at the Flash Memory Summit Aug. 11-13 at the Santa Clara Convention Center.
“The TCG StorageWork Group specifications are a new and unique solution for storage security. ULINK provides tools for our customers to test their products. With the help of the ULINK tool, our customers can quickly and effectively develop their TCG SWG features”
TCG’s standards for self-encrypting drives, or SEDs, are embedded into widely available enterprise and client hard disk, hybrid and solid state drives and provide instant and continuous hardware-based encryption for data at rest. SEDs perform the same or better than non-encrypting drives, and instant crypto-erasure, a new NIST standard, ensures that drives can be efficiently and quickly erased and repurposed. SEDs also support many data breach and compliance regulations worldwide.
Updates to the family of SED specifications include:
- Definition of a physical presence-based mechanism, called PSID, which can be used by IT, OEMs, or drive manufacturers for data destructive drive recovery, repurpose, and end of life scenarios. This mechanism, commonly embodied in a credential printed on the device label, is particularly useful for IT, OEMs, and storage device vendors for situations where the Opal password is not known or the Opal SED is in an indeterminate state. The credential on the drive label can be used to cryptographically erase user data on the device, while restoring other Opal configurations to a known state.
- Definition of a subset of Opal functionality for devices that may or may not support encryption, to enable a broader set of target uses. The Opalite SSC can serve simpler use cases, where fewer features and less configuration options are more appropriate than what is provided by Opal SSC. The Pyrite SSC is a subset of Opalite SSC. Unlike Opal SSC and Opalite SSC, Pyrite SSC does not specify support for media encryption, in order to meet requirements in markets where encryption is prohibited.
- New mechanisms to provide confidentiality and integrity to Opal SSC/Enterprise SSC management channel operations, by mapping the Transport Layer Security (TLS) 1.2 protocol for use with the TCG Storage protocol. This allows for the use of Pre-Shared Keys (PSKs) to be used to set up a secure management channel between a host application and the Opal subsystem, in order to provide protection against snooping of credentials or other information being sent to the Opal subsystem, for both remote and local applications.
TCG Members Support SEDs, New Specs
“Standards-based self-encrypting HDDs and SSDs offer users one of the most secure ways to protect data at rest and to achieve compliance with many regulations,” said Ulrich Hansen, vice president of product marketing, HGST. “We look forward to providing this new functionality based on the updates to the TCG SED specifications for our customers worldwide.”
“The TCG StorageWork Group specifications are a new and unique solution for storage security. ULINK provides tools for our customers to test their products. With the help of the ULINK tool, our customers can quickly and effectively develop their TCG SWG features,” said ULINK vice president of engineering, Joseph Chen.
Updated and new specifications and FAQs are available at https://www.trustedcomputinggroup.org/developers/storage.
FMS Session Tracks Address SED Concepts, New Specifications and NVMe
TCG members will participate in a number of sessions at the summit. “Storage Security: Back to the Future” will address key concepts of SEDs, the current state of adoption and management with experts, including TCG Invited Experts Michael Willett and Robert Thibadeau.
“Advancements in Storage Security Standards” will look at new TCG SED specifications and capabilities to support new interfaces and technologies. Another session, “Security in a Flash!” will examine how and why data can be secured on SEDs and available solutions including software, with TCG members Jason Cox, TCG Storage Work Group chair and Intel Corporation; Jon Tanguy, Micron Technology; Monty Forehand, Seagate Technology; and Willett and Thibadeau.
In the NVMe track, “Security for NVMe,” Cox will present on why Opal and the “Opal Family” specifications align with NVMe’s strategy for security management.
TCG and NVMe have released a white paper available at http://www.trustedcomputinggroup.org/resources/tcg_storage_opal_and_nvme.
TCG will host three demonstrations in Booth #550. ULINK will show its DriveMaster test software for implementations of the TCG Opal and Enterprise specifications. The test suites can be used on SATA, SAS, and NVMe devices. The second demo shows the TCG Opal specification with Microsoft’s BitLocker for data security. TCG members also will demonstrate SED client open-source management software that works with multiple vendor SEDs. The demonstration will show how to initialize and provision a TCG OPAL self-encrypting drive.
Companies wishing to join TCG in its standards development efforts can find more information on membership at https://www.trustedcomputinggroup.org/join_now.