This article can also be found in the Premium Editorial Download "Storage magazine: Comparing EMC Symmetrix DMX-3 vs. Hitachi Data Systems USP1100."
Download it now to read this article plus other related content.
Coming to disk drives in 2007
A trust-based architecture depends on a chain where multiple systems, apps and devices are bound by formal and tamperproof trust relationships. To that end, TCG will publish its Storage Work Group specs in early 2007, which can be viewed as an extension of the existing TPM model.
The Storage Work Group specifications provide three main security/operational benefits:
- Introduce the concept of trust relationships between storage devices and hosts. Through mutual identity, authentication, and the trust of hosts and storage devices, the trust environment is extended beyond the TPM and into storage devices. This limits who can read or write to a device.
- Enable secure control over storage device features. TCG-enabled storage can place storage devices in a "trusted state," enabling specific configurations or security features. In this way, TCG-enabled storage provides protected storage for specific users, systems or apps, and also allows exclusive control over data-at-rest encryption on storage devices.
- Create secure communications between storage devices and hosts. Secure storage provides session-oriented security commands on top of general host-to-storage communications through security extensions of SCSI (ANSI/INCITS T10) and ATA (ANSI/INCITS T13).
Like the PC implementation, TCG-enabled storage hard-codes security functionality into device-resident security processors and firmware, and thus can't be moved or altered. TCG-enabled storage devices contain cryptographic engines and enable different trust-based apps for protected storage. Security services are called through specific APIs, which isolate storage functions behind a "trust boundary." Only trusted entities with access and authorization to the API can see and use the TCG trusted storage functionality.
This was first published in January 2007