Hard drive manufacturers back new disk encryption standard

Six hard drive manufacturers have joined forces behind a standard for firmware-level hard drive encryption, an important step for security interoperability.

The Trusted Computing Group (TCG) has released three final specifications for hardware-level data encryption, and virtually all the major storage manufacturers have declared that they intend to adopt the new standards in the near future. Self-encrypted disks are already available on the market— Seagate has been actively pushing its DriveTrust technology for several years—but there was no central standard for drive encryption developers to refer to. The two new encryption standards provide a blueprint for desktop, laptops, and enterprise-level protection, while the third (dubbed the Storage Interface Interactions Specification) details how self-encrypted drives should interact with various communication protocols.

These new encryption methods do not require the presence of a Trusted Platform Module (TPM), but it's hard to imagine why an OEM would bother to build a system using self-encrypting hard drives and not include one. The TCG expects self-encrypting drives (and presumably TPM modules) to become ubiquitous across the enterprise/business market over the next few years. "With 48 states and many countries enforcing data protection laws, it has become crucial for enterprises to protect all data to avoid fines, lawsuits or even being put out of business. Encryption with authentication directly in the drive or enterprise storage devices as outlined in the Trusted Computing Group specifications is one of the most effective ways to ensure data is secure against virtual and physical attacks,” noted Jon Oltsik, senior analyst, Enterprise Strategy Group.

Expect future versions of consumer hardware to eventually adopt Opal (TCG's moniker for the desktop/laptop version of the standard) as well. ""This represents interoperability commitments from every disk drive maker on the planet," Robert Thibadeau, chief technologist at Seagate Technology and chairman of the TCG, told Computer World. "We're protecting data at rest. When a USB drive is unplugged, or when a laptop is powered down, or when an administrator pulls a drive from a server, it can't be brought back up and read without first giving a cryptographically-strong password. If you don't have that, it's a brick. You can't even sell it on eBay."

Thibadeau's last comment would seem to imply that the drive can't even be formatted or otherwise wiped without the requisite password. If that's actually true, it substantially diminishes the value of a stolen laptop, provided said machine is stolen for personal use rather than data theft. Enterprise users and anyone with access to sensitive data obviously can't afford to ignore the possibility that someone might steal their system for the purposes of accessing the information it contains, but I rather think this is not the case. The TPC reports that some 12,000 notebooks are lost/stolen in US airports, and only one-third are ever recovered by the rightful owner. Unless you carry a laptop case with "BIG IMPORTANT SECRETS" embroidered on the side, the thefts are most likely aimed at the hardware, not the data on the hardware. If the would-be thief knows in advance that he won't be able to use the system, the value of the laptop drops.

Manufacturers that have announced support for the new encryption standard include Fujitsu, Hitachi, Toshiba, Samsung, Seagate, and Western Digital. Drive manufacturers will be able to choose between 128-bit and 256-bit AES encryption, which should prove adequate to protect the drive's data even in situations where a TPM module is unavailable. Combined with TPM, any data stored on the encrypted drive would be as secure as modern technology can make it.

Source: ars technica

Tags: HDDs

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Apple co-founder Steve Jobs was famously resistant to the idea of including a stylus with the iPhone
 
Is there a way to turn off the iPhone or iPad that doesn't require a button?
 
The introduction of video advertising follows Microsoft's decision to allow LinkedIn users to upload video
 
Quick test proves fast charging isn’t as fast as promised
 
Amazon has tapped Taiwan-based Makalot Industrial Co. to make apparel for its sportswear line
 
Microsoft moves the controls to the Settings app
 
 
With the head of Samsung Group facing prison time, CEO calls for company to "start anew"
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
1234567
891011121314
15161718192021
22232425262728
293031    




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)