Print 13 comment(s) - last by ViroMan.. on Apr 18 at 12:55 AM

Drives using technology to ship in Q1 2010

Toshiba has announced its latest self-encrypting drive technology [PDF] at the RSA conference in San Francisco. The technology is slated to be introduced early in 2010 and supports the Trusted Computing Group Storage Architecture Core Specification along with the Storage Security Subsystem Class Opal Specification.

The technology is built around NIST-certified AES encryption technology that is fully integrated with the drive controller chip. That means that the encryption process takes place at full I/O speeds to deliver performance and maintain typical power consumption figures.

Toshiba's Scott Wright said in a statement, "We believe the key to delivering robust data security lies in the creation of technology standards that advance a secure client storage platform the entire PC ecosystem can support. The TCG Storage specifications provide a standards-based framework enabling storage device makers to work with leading ISVs such as Wave Systems to create very robust client security solutions that are more secure, easier to manage and easier to deploy. “

“To help customers realize these benefits, Toshiba is focused on delivering a full array of hardware-embedded security features to security management solutions providers as evidenced in this first demonstration at the RSA Conference," Wright continued.

Drives supporting the new self-encryption specification with TCG-Opal SSC support will be available in Q1 2010 and Toshiba says that the technology was developed in cooperation with Wave Systems.

Lark Allen from Wave Systems said, "Self-encrypting drives provide a great defense against the growing problem of data breaches today, offering performance and security advantages over aftermarket software encryption solutions. Toshiba is at the forefront of the movement to bring an integrated, hardware-based solution to today’s enterprise. Because Toshiba drives are based on the TCG’s Opal Storage Specification, they’re ideal for deploying across heterogeneous environments."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Locking yourself out
By Etern205 on 4/16/2009 2:33:33 PM , Rating: 4
Never really like hardware based encryption and here's why

Let say you got a laptop, you went to the bios, and set a hard drive password. Now when ever you want to access your drive during the POST, bios will ask for the password and then it will let you through. One day your laptop stopped working and you took it to a shop and the technican told you the board is dead and it's too expensive to replace it.

Since the laptop is so old you thought fixing is a waste and getting a new one will be better off, but one this really imporant is your data on the HDD.

The tech took the HDD out, plug it to a desktop and guess what, it does not work because it's encrypted (HDD will cannot be deteced during post, tried USB adapter and comes out as a drive with no storage size).

So now you got a laptop that does not work as well as data that you cannot access. Sure it's a good way of protecting from unwanted eyes, but to lock yourself out is something no one wants to experience.

Tried Vista Bitlocker before and during the encrytion Vista tells you to plug in a USB flash drive (this will be your startup key) and then a notepad with random generated key will appear(write the number down and keep it in a safe place). This key is used just in case if your "start-up key" fails.

So I've tried with the USB key it works and then tried it wihtout the key. Without the key Vista ask for the random number and all I need to do is type that in and viola I'm still able to get in.

Have not tried it by taking my hdd to a different system though, but still Toshiba HDD encryption is good only if there is a secure backdoor to let the authorized person get access to it.

RE: Locking yourself out
By Azsen on 4/16/2009 8:24:40 PM , Rating: 3
I don't approve of -any- backdoor in encryption programs. Who wants the government or anyone else to have the chance to decrypt your files?

However I agree with you about the disk hardware encryption. You should be able to decrypt it with some software as well as a last resort (if the mainboard died) and have a backup key on maybe a flash disk that you can use. Ideally if the encryption was password based, then you wouldn't need the key at all.

RE: Locking yourself out
By WackyDan on 4/16/2009 10:48:52 PM , Rating: 3
Neither of you get the point. A backdoor means the solution isn't really secure.. so what is the point?

Furthermore, you know nothing about these FDE drives. The drive can be read in any system provided the HD password is populated again. A bad planar does not mean you lose access to your data.

These drives are targeted at corp IT shops, not consumers. Companies will invest in a infrastructure solution that still allows them access to the drive should the user die, win the lottery, etc.

RE: Locking yourself out
By Etern205 on 4/17/2009 1:26:40 AM , Rating: 2

Aren't all back doors insecure?
And what does it have to with with a user being dead, win the lottery or so on? Yes the Corp can hire someone to break the code and get in, but that is not the point.

The point of having one is to allow the rightful owner get access in case of a major hardware failure (bad motherboard).

As for these FDE drives, I doubt they store the password right onto the drive itself. It's most likely stored on the motherboard bios or a TPM module.

Looks like you lack the knowledge about hardware based encryption.

I wonder...
By ViroMan on 4/16/2009 10:21:24 PM , Rating: 2
if the drives literally encrypt the entire contents of the drive partition table and all. If they don't, it provides a way to decrypt the drive. Knowing that windows has dll files that are the same through many patches, all they have to do is an analysis between the encrypted dll and the unencrypted dll to determine a way to break the lock.

RE: I wonder...
By MrPoletski on 4/17/2009 6:43:20 AM , Rating: 2
you actually have to lift the data off the disk though, so that would involved transporting the platters to a new drive.

RE: I wonder...
By ViroMan on 4/18/2009 12:55:30 AM , Rating: 2
not very difficult really.

I wonder...
By Moishe on 4/16/2009 11:22:05 AM , Rating: 2
How long it will be before these are cracked on a general basis? What about a virus can can live on the bios?

There are several questions I have about how this works too.
How do you enter the key/reset the password, etc. Are we talking about bios level?

I would think the logical answer would be that you have to enter a password when the hard drive is first accessed. All of the encryption software (password set, change, etc) would need to be on the drive's bios.

RE: I wonder...
By SlyNine on 4/16/2009 9:16:14 PM , Rating: 2
I've never heard of someone cracking AES and its been around along time. Sure brutforce atacks work given quantum computers and a few thousand years perhaps.

But then agian if it was cracked I'm not sure anyone would be telling.

I'll still with truecrypt that way I can get the data if the something happens to the rest of the computer.

I Hope
By dever on 4/16/2009 2:22:20 PM , Rating: 2
..that demand is high enough for hard drive vendors to eventually include this in all hard drives as the price of the chips become insignificant.

As the inventor of PGP asked, can a free society survive an omniscient government? Since computer speeds far outstrip population growth, governments will have the ability to retain more and more info about individuals. This technology will be one less area in which the corruption of government can breed.

RE: I Hope
By BailoutBenny on 4/16/2009 3:42:08 PM , Rating: 2
Except the whole idea behind trusted computing was so that the government and software companies would have secure access to your computer and could lock you out instead of the other way around.

By InsanityIdeas on 4/17/2009 8:54:23 AM , Rating: 3
All the posters thus far have misunderstood what this technology does. The drive manufacturers are providing a chip which encrypts and decrypts data on the drive using the AES algorithm, it replaces the work currently done by the CPU to encrypt and decrypt data on the drive.

Software encryption will still work in the same way as it does currently, but software designed/upgraded to make use of these drives will perform their encrypt/decrypt on the drive rather than the CPU.

As such end users will have access to software product specific features like recovery keys, tokens and passwords to access and protect their data.

The only hardware dependancy is likely to exist within the drive, where the drive must be accessed by its own electronics... and this is not an issue as a drive is treated as one unit, a broken drive is a broken drive.

The only unanswered question is if you use a disk backup program to copy all the hard disk data in its encrypted form onto another disk. Would this disk need to have this new technology? Or would the existing encryption software fall back to using the CPU to do encrypt/decrypt in software rather than hardware. My expectation would be that it falls back to the CPU, as that makes sense and is important to data safety and backup.

All this new technology offers is hardware acceleration for existing encryption software, which will speed up all disk operations on encrypted drives. Like any other type of hardware acceleration (e.g. 3D graphics cards) you can do it in software on the main CPU but you wouldn't want to as it slows down the whole computer.

By InsanityIdeas on 4/17/2009 9:10:11 AM , Rating: 2
On investigating a bit further I realised my own understanding!!!!

This is protection for data at rest and requires no additional software to function. Once enabled one of these drives will present a username/password screen upon boot, once the user is authenticated the disk is unlocked for access until the computer is turned off again. Data on the drive is fully encrypted and this encryption/decryption takes place in hardware transparently to the user and OS.

The usefull thing about this technology is it is a standard supported by all major drive manufacturers so there won't be any compatibility issues, and it appears to be self contained to the drive, so it won't depend on external hardware which might fail.

I am not sure if it will be able to interact with external software, or provide a hardware acceleration feature to encrypt files rather than the whole drive, but I doubt it given that full disk encryption is the most desirable feature in the corporate world.

It is also unclear how this will function in a multi drive system, but it will function that way as its also designed for use in servers and RAID arrays. And it will support administration software to control its function.

All of this is good news for everyone, as if everyone implemented this on home PC's and Laptops it would make them less desirable to thieves as they would only work as spare parts not complete units and would therefore be very difficult for your average thief to sell on.

"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki