Storage Trend :: Self Encrypting Hard Disks

21 Dec 2008
Posted by Laptop Junction

Unsecured data on laptopsSecured data storage

With more and more stories in the newspapers of sensitive information being lost or stolen on unsecured laptops and USB sticks , the pressure on finding practical solutions to secure data is ever increasing.

Strangely having computer data secured it's not really an unique selling point in the consumer market right now. It seems like there's something wrong or a story untold - secured data storage is not taking off big-time, although most people buying a laptop seem to be aware of the risk of unsecured personal info.
 

Software based encryption

Software based encryption to secure data is already available for many years, however the solution is far from being a killer application and never got really far in terms of use for many reasons. One is it's complexity for the end user, specially in case of problems. Second is reduction of performance specially in high performance systems. With software based encryption, the access keys are hidden on the encrypted disk.
 

Hardware based encryption

Next is hardware based encryption, also with several initiatives since several years. Now with media pressure building up, security solutions are moving closer towards the storage location such as hard disk, usb sticks etc. A market is now emerging for Self Encrypting Hard disks, where the full disk (FDE - Full Disk Encryption) is being secured using encryption techniques embedded in the harddisk itself. Here the access keys are not stored on the disk itself, which creates the problem where to store the encryption keys. Definitely not with the poor end user, who on average is not really interested in being bothered with memorising 256 bit encryption keys.

TPM Encryption Chip - Infineon-SLD-9630 The Encryption Chip - Fritz Chip

Before Self Encrypting Hard disks, hardware based Encrypting technology already was there. The Encryption Chip - called the Fritz Chip - was released somewhere in 2005. This chip is based on TPM, the "Trusted Platform Module" with it's 'brainy' specification originating from the Trusted Computing Group.

TPM technology is already released in several computer product lines using ordinary hard disks. All data is encrypted before it reaches the harddisk, in fact also a flavor of software base encryption. The TPM chip is part of the computer and, among other functions, is the safe to store the encryption keys. Still, with this technology spreading since 2007, it's not a straight hit. In many cases the TPM chip sits there unused and sensitive information is still being lost. The September 2008 press release of the Trusted Computing Group is a sign on the wall. The technology is there, why isn't it being used?
 

Unused encryption technology

As an illustration, below the Panasonic explanation of TPM. It points out that storing the Encryption Keys on the disk is unsafe. However reality is that the majority of computer users have no encryption in place at all!. Secondly a software based Encryption system like SafeBoot is pretty safe, even with encryption keys stored on the disk. With this the Panasonic explanation seems to totally miss the spot!

TPM Security

 
Now with Self Encrypting Hard disks, the harddisk itself has encryption technology on-board, combining storage and encryption. The solution will most likely have better performance, since all encryption is done by the hard disk. Still the encryption key has to be stored on the PC, where the 'TPM' chip is most likely the password safe.

Will this be the ultimate solution? Maybe if government enforcement comes into place. All incidents in 2008 together apparently haven't been enough to really make TPM take off.

Still, encryption technology isn't easy stuff. And for the end-user the worry is simple - secure my data - , while the solution is not simple at all. Most likely the industry will have to go through a few cycles to mature the solutions. This with the inevitable data breaches and 'I've lost my key' storage casualties.

 

Tags: