Computer drive makers today published the final specifications for a single, full-disk encryption standard that can be used across all hard disk drives, solid state drives (SSD) and encryption key management applications.
Called "Opal Security Subsystem Class" (Opal SSC), the new storage security standard was announced on January 27, by the Trusted Computing Group (TCG), an international organization involved in setting security standards for computing environments. The TCG includes Fujitsu, Hitachi GST, Seagate Technology, Samsung, Toshiba, Western Digital, Wave Systems, LSI Logic, ULink Technology and IBM.
Once enabled, any disk that uses the specification will be locked without a password -- and the password will be needed even before a computer boots.
Said Robert Thibadeau, chair, Trusted Computing Group Storage Work Group, "Lost and stolen data costs industry and consumers hundreds of millions of dollars, not to mention loss of credibility, legal
issues and lost productivity. TCG?s approach to Trusted Storage gives vendors and users a transparent
way to fully encrypt data in hardware without affecting performance so that data is safe no matter what
happens to the drive."
TCG?s Storage Work Group has been working on specifications to add security to PC and data
center storage devices. These final specs now are
available at https://www.trustedcomputinggroup.org/groups/storage/
with an additional specification, the Storage Interface Interactions Specification, that focuses on nteractions between these storage devices and underlying SCSI/ATA protocols. For example, the specification supports a number of transports, including ATA parallel and serial, SCSI SAS, Fibre Channel and ATAPI. It enables interoperability of trusted drives in legacy environments.
The Storage Work Group also has addressed trusted optical storage with a specification that was
released in late 2008. This specification, which will enable trusted storage in standard recordable optical
discs, is targeted for applications in governmental agencies, financial services, healthcare, insurance, and military. Eventually, the functionality will be available for all optical consumer applications, giving all users a secure way of protecting their data on removable optical discs.
Storage device specifications give vendors a blueprint for developing self-encrypting storage devices (e.g., hard drives) that lock data, can be immediately and completely erased, and can be optionally combined with the Trusted Platform Module, or TPM, for safekeeping of security credentials.
Fujitsu has already announced the development of a HDD security technology based on Opal SSC standards.
The technology will be applied to the company's 2.5-inch hard disk drives, the company said.
The newly developed HDD security technology, when used in combination with application software supporting Opal SSC, will enable advanced security features such as pre-boot authentication and secure partition.
Pre-boot authentication performs user authentication when starting up the computer. Using an HDD that supports the Opal SSC standard allows for the use of advanced authentication techniques, such as biometric authentication or smart-card authentication, even before starting up Windows or other operating systems, making it possible to build an environment more secure than existing ones, which rely on password input via keyboard.
Secure partition is a technology enabling the HDD?s storage to be partitioned into a number of secure storage regions. Each partition can be protected under its own encryption key, giving access to only the valid owner of partition and users given access by the owner. This allows, for example, for content and its licensing data to be stored and protected in separate partitions, so that different partitions can be used depending on the nature of the data stored, enabling more secure data management.