Hard drive manufacturers back new disk encryption standard

Six hard drive manufacturers have joined forces behind a standard for firmware-level hard drive encryption, an important step for security interoperability.

The Trusted Computing Group (TCG) has released three final specifications for hardware-level data encryption, and virtually all the major storage manufacturers have declared that they intend to adopt the new standards in the near future. Self-encrypted disks are already available on the market— Seagate has been actively pushing its DriveTrust technology for several years—but there was no central standard for drive encryption developers to refer to. The two new encryption standards provide a blueprint for desktop, laptops, and enterprise-level protection, while the third (dubbed the Storage Interface Interactions Specification) details how self-encrypted drives should interact with various communication protocols.

These new encryption methods do not require the presence of a Trusted Platform Module (TPM), but it's hard to imagine why an OEM would bother to build a system using self-encrypting hard drives and not include one. The TCG expects self-encrypting drives (and presumably TPM modules) to become ubiquitous across the enterprise/business market over the next few years. "With 48 states and many countries enforcing data protection laws, it has become crucial for enterprises to protect all data to avoid fines, lawsuits or even being put out of business. Encryption with authentication directly in the drive or enterprise storage devices as outlined in the Trusted Computing Group specifications is one of the most effective ways to ensure data is secure against virtual and physical attacks,” noted Jon Oltsik, senior analyst, Enterprise Strategy Group.

Expect future versions of consumer hardware to eventually adopt Opal (TCG's moniker for the desktop/laptop version of the standard) as well. ""This represents interoperability commitments from every disk drive maker on the planet," Robert Thibadeau, chief technologist at Seagate Technology and chairman of the TCG, told Computer World. "We're protecting data at rest. When a USB drive is unplugged, or when a laptop is powered down, or when an administrator pulls a drive from a server, it can't be brought back up and read without first giving a cryptographically-strong password. If you don't have that, it's a brick. You can't even sell it on eBay."

Thibadeau's last comment would seem to imply that the drive can't even be formatted or otherwise wiped without the requisite password. If that's actually true, it substantially diminishes the value of a stolen laptop, provided said machine is stolen for personal use rather than data theft. Enterprise users and anyone with access to sensitive data obviously can't afford to ignore the possibility that someone might steal their system for the purposes of accessing the information it contains, but I rather think this is not the case. The TPC reports that some 12,000 notebooks are lost/stolen in US airports, and only one-third are ever recovered by the rightful owner. Unless you carry a laptop case with "BIG IMPORTANT SECRETS" embroidered on the side, the thefts are most likely aimed at the hardware, not the data on the hardware. If the would-be thief knows in advance that he won't be able to use the system, the value of the laptop drops.

Manufacturers that have announced support for the new encryption standard include Fujitsu, Hitachi, Toshiba, Samsung, Seagate, and Western Digital. Drive manufacturers will be able to choose between 128-bit and 256-bit AES encryption, which should prove adequate to protect the drive's data even in situations where a TPM module is unavailable. Combined with TPM, any data stored on the encrypted drive would be as secure as modern technology can make it.

Source: ars technica

Tags: HDDs

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

You can use a security key instead of having a code sent to your phone
Adobe says that the AI can now achieve the intended result in seconds
A new security protocol replacing the aging WPA2
Download and install at your own risk, of course
More iPhone parts likely to be produced by Samsung
Starting on Friday, video views on YouTube will start to be counted by the Official Charts Company
LG has already announced two new V-series members in 2018
The method is blocked and the hack doesn’t work, it adds
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (11)